Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

how can I use a secure connection in the admin panel


j9ine

Recommended Posts

Posted

I have a SSL certificate installed on my server and it's working fine for the shopping cart. But I would like to use the secure connection in the admin panel as well. I can manually type https:// before a url in the admin panel to use the secure connection, but it will revert to http:// as soon as I click on a link. Is there a setting in the database that I can change that will automatically change all links in the admin panel to start with https?

Posted

there is a configure.php for your admin that needs your https path configured. You will find it in the admin/includes folder.

 

There is also a bug in the admin index that will say you are not protected by ssl even when you are, so just pay attention to the padlock for your browser as to whether you are or are not protected.

Posted

I have followed up about all this, i have changed all the settings in the config file for both the catalog dic and the admin dic, when i still log in the admin control panel it still says i am not protected, but if your in my site and you right click and go to properties it does say you are protected. How can i make sure it shows up so customers don't have to right click on my page to see if i am protected. I know that some sites show the little lock in the bottom corner? Any suggestions

 

Thanks

Posted

No, it dosent show up,

 

This is the admin settings:

 

define('HTTP_SERVER', 'http://dragndriftus.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://dragndriftus.com');
 define('HTTPS_CATALOG_SERVER', 'https://dragndriftus.com');
 define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/kunden/homepages/42/d173009486/htdocs/catalog/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/kunden/homepages/42/d173009486/htdocs/catalog/admin/'); // absolute pate required
 define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

 

This is the catalog settings:

 

 define('HTTP_SERVER', 'http://www.dragndriftus.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://dragndriftus.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'http://dragndriftus.com');
 define('HTTPS_COOKIE_DOMAIN', 'dragndriftus.com');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/')

 

What i have up there is from another post were someone expained how to put it in the config file

 

Thanks for your responce, every little bit helps

 

Scott

Posted

Both configure.php files are configured for https.

 

/catalog/includes/configure.php

/admin/includes/configure.php

 

The problem I'm having is that all of the links in the admin panel still show http. I use the following url to access my administation panel.

 

https://www.mysite.com/catalog/admin/

 

When using that url the admin panel displays a picture of a lock and says 'You are protected by a unknown secure SSL connection.' I'm not too concerned with it saying unknown since I'm using a 256-bit certificate which is probably the reason it can't determine the encryption. Most browsers only support 128-bit encryption anyway.

 

The problem I'm having is that all of the links on the page begin with http even though I logged in on a secure connection. So if I'm in the admin panel and I want to manage my inventory I click on the 'content' link under the 'catalog' section and I'm directed to a http link instead of https.

 

http://www.mysite.com/catalog/admin/catego...ted_box=catalog

 

I'm just looking for a way to make all of the links in the admin panel to always show up as https. And I'm hoping that there's an easier way than going through each .php file and manually changing them.

Posted

This will force the admin interface to use your secure certificate so that potentially sensitive customer data is encrypted between the web server and your browser.

 

Add the following code to the bottom of /catalog/admin/includes/application_top.php just before the final closing "?>"

 

if($_SERVER['SERVER_PORT'] == 80) {

Header("Location: " . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN);

exit;

}

 

Make sure you back up first.

Posted

Usernamenone, thanks for the response. However the code you posted is not entirely what I'm looking for. It has proved valuable though and I've included it in the application_top.php file as you've suggested as a backup solution just in case I accidentally submit info to a non-secure connection.

 

My main concern was modifying all of the links to https. To this point the only way that I've been able to successfully change the links to secure urls is by adding the code below in the /admin/includes/header.php file.

 

<script type="text/javascript">
window.onload = function() {
	var url;
	var links = document.links;
	for (var i=0; i<links.length; ++i) {
		url = links[i].href.split('://');
		if (url[1] && url[0]=='http') {
			links[i].setAttribute('href','https://'+url[1]);
		}
	}

	var forms = document.forms;
	for (var i=0; i<forms.length; ++i) {
		url = forms[i].action.split('://');
		if (url[1] && url[0]=='http') {
			forms[i].setAttribute('action','https://'+url[1]);
		}
	}
}
</script>

That code will successfully change all of the links and forms on each admin page to secure connections. I have a feeling there is probably a better way to solve this issue, but for now at least it's working. The one last problem that I'm experiencing is that after submitting information from a form in the admin area, even though it's sent to a secure url (action='https://') it will always redirect me to a non-secure connection (http://). Each time that occurs the code you posted above is activated which brings me back to the admin/index.php page. The information submitted by the form gets saved successfully, but I never get redirected back to the correct page since it sends me to port 80 instead of port 443. Any suggestions? Many thanks for your help.

Posted

Please disregard my last post. :D I seem to have complicated this issue when there was a really simple solution. >_< As stated in your first post this can be solved in the admin/includes/configure.php file. Instead of changing the protocol for each property below I just assumed that enabling the ENABLE_SSL_CATALOG property would do the trick. But as it turns out I needed to change the HTTP_SERVER and the HTTP_CATALOG_SERVER properties to the https protocol as well. After modifying each of the properties below all is working well. Thanks again.

 

define('HTTP_SERVER', 'https://www.mysite.com');
define('HTTP_CATALOG_SERVER', 'https://www.mysite.com');
define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com');
define('ENABLE_SSL_CATALOG', 'true');

Posted

Are you aware that the search engines will not search a https area of your site so by changing your entire site to https will mean that your products will not be searchable and it will give you poor ratings.

 

 

define('HTTP_SERVER', 'https://www.mysite.com');

define('HTTP_CATALOG_SERVER', 'https://www.mysite.com');

define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com');

define('ENABLE_SSL_CATALOG', 'true');

Posted

I didn't change the catalog configure.php file, only the admin file. All of the admin pages are now secure while the catalog is the standard http protocol. The rest of the website should still be accessible to the web spiders.

catalog/includes/configure.php

define('HTTP_SERVER', 'http://www.mysite.com');
define('HTTPS_SERVER', 'https://www.mysite.com');
define('ENABLE_SSL', true);

catalog/admin/includes/configure.php

define('HTTP_SERVER', 'https://www.mysite.com');
define('HTTP_CATALOG_SERVER', 'https://www.mysite.com');
define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com');
define('ENABLE_SSL_CATALOG', 'true');

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...