Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL on All Pages


Ramsay

Recommended Posts

I remember a while ago I found something about SSL and NONSSL and how to find out how your server likes to be told that something is SSL. No idea though where that was.

 

Did you make any changes to catalog/includes/functions/html_output.php, especially to the tep_href_link function? Maybe post this function here so that we can see if there is something wrong.

The First Law of E-Commerce: If the user can't find the product, the user can't buy the product.

 

Feedback and suggestions on my shop welcome.

 

Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong.

Link to comment
Share on other sites

Another idea: check in your header.php or wherever your link to login.php is, how it is called. Ie for account.php:

<a href="' . tep_href_link(FILENAME_ACCOUNT, '', 'SSL') . '">

, check that it really says 'SSL'. If nothing is mentioned, the default is 'NONSSL'.

 

abra

The First Law of E-Commerce: If the user can't find the product, the user can't buy the product.

 

Feedback and suggestions on my shop welcome.

 

Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong.

Link to comment
Share on other sites

I remember a while ago I found something about SSL and NONSSL and how to find out how your server likes to be told that something is SSL. No idea though where that was.

 

Did you make any changes to catalog/includes/functions/html_output.php, especially to the tep_href_link function? Maybe post this function here so that we can see if there is something wrong.

 

nope abra didn't change that here it is anyway

 

  function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
global $request_type, $session_started, $SID;

if (!tep_not_null($page)) {
  die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>');
}

if ($connection == 'NONSSL') {
  $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
} elseif ($connection == 'SSL') {
  if (ENABLE_SSL == true) {
	$link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
  } else {
	$link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
  }
} else {
  die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL</b><br><br>');
}

Contributions Installed: STSv43 (Simple Template System), Protx Direct v3.0a, Secure Admin Login - Logout 1.5, UK Royal Mail & Overseas Shipping v 1.2 (FULL), Order Editor v2.8.2 With some Bug Fix - New, Ultimate SEO URLs v2.2.1, Easy Populate 2.76d-MS2 (with attributes)

Link to comment
Share on other sites

That looks as it should. My last guess would be how the SSL pages are called as mentioned above.

 

abra

The First Law of E-Commerce: If the user can't find the product, the user can't buy the product.

 

Feedback and suggestions on my shop welcome.

 

Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong.

Link to comment
Share on other sites

That looks as it should. My last guess would be how the SSL pages are called as mentioned above.

 

abra

 

the problem might be in (application_top.php):

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

you could try :

 

$request_type = ($_SERVER['SERVER_PORT']==443) ? 'SSL' : 'NONSSL';

Treasurer MFC

Link to comment
Share on other sites

boxtel,

 

that's what I was thinking about but couldn't remember where it was or how exactly I found it before :-)

 

abra

The First Law of E-Commerce: If the user can't find the product, the user can't buy the product.

 

Feedback and suggestions on my shop welcome.

 

Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong.

Link to comment
Share on other sites

the problem might be in (application_top.php):

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

you could try :

 

$request_type = ($_SERVER['SERVER_PORT']==443) ? 'SSL' : 'NONSSL';

 

(w00t) holy <insert swear word of choice> that worked :thumbsup:

 

Just need to figure out the admin area issue.

 

Site seems to be taking a long time to connect on each page change. Seems like it is reconnecting to the database server each time a user changes a page :S It takes ages then suddenly loads the page - regardless if the page is SSL or unsecure.

Contributions Installed: STSv43 (Simple Template System), Protx Direct v3.0a, Secure Admin Login - Logout 1.5, UK Royal Mail & Overseas Shipping v 1.2 (FULL), Order Editor v2.8.2 With some Bug Fix - New, Ultimate SEO URLs v2.2.1, Easy Populate 2.76d-MS2 (with attributes)

Link to comment
Share on other sites

It's an external link that is causing it. You need to find that link.

 

Jack

 

I tried removing the only external link I have on the admin panel to a website - nothing happened. All links to images are secure and the secure padlock is displayed fine in the browser. It is just that message on the admin panel once logged in. Could it be one of my contributions effecting it?

 

As for the slow down speeds on the catalog area that seems to be ok now.

Contributions Installed: STSv43 (Simple Template System), Protx Direct v3.0a, Secure Admin Login - Logout 1.5, UK Royal Mail & Overseas Shipping v 1.2 (FULL), Order Editor v2.8.2 With some Bug Fix - New, Ultimate SEO URLs v2.2.1, Easy Populate 2.76d-MS2 (with attributes)

Link to comment
Share on other sites

I think there is some confusion, at least on my part, as to what the problem is. If the error is saying that the admin section is partially encrypted, then it is probably a link problem. But if it is saying it is not protected, then it is probably a setup problem. Which problem are you having?

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

I think there is some confusion, at least on my part, as to what the problem is. If the error is saying that the admin section is partially encrypted, then it is probably a link problem. But if it is saying it is not protected, then it is probably a setup problem. Which problem are you having?

 

Jack

 

The browser says the admin area is fully encrypted - full padlock (not broken). But the oscommerce page tells me I am not protected by SSL. As shown below:

 

oscommercesslissue2ma3.gif

 

-Ramsay

Contributions Installed: STSv43 (Simple Template System), Protx Direct v3.0a, Secure Admin Login - Logout 1.5, UK Royal Mail & Overseas Shipping v 1.2 (FULL), Order Editor v2.8.2 With some Bug Fix - New, Ultimate SEO URLs v2.2.1, Easy Populate 2.76d-MS2 (with attributes)

Link to comment
Share on other sites

OK. Then it is a link of the code your version uses (since that is not standard oscommerce code) is faulty. I think the only solution you have at this point, assuming your configure file is correct and the ssl works fine on the shop side, is to look at the code to see why that message is being generated.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

OK. Then it is a link of the code your version uses (since that is not standard oscommerce code) is faulty. I think the only solution you have at this point, assuming your configure file is correct and the ssl works fine on the shop side, is to look at the code to see why that message is being generated.

 

Jack

 

I just edited the 'You are not secured by SSL box' ... because it is clear that it is protected

Contributions Installed: STSv43 (Simple Template System), Protx Direct v3.0a, Secure Admin Login - Logout 1.5, UK Royal Mail & Overseas Shipping v 1.2 (FULL), Order Editor v2.8.2 With some Bug Fix - New, Ultimate SEO URLs v2.2.1, Easy Populate 2.76d-MS2 (with attributes)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...