i4media Posted November 4, 2002 Posted November 4, 2002 i initaly used what Ajeh posted then i replaced the files with the originals and then i used what you posted. both times i have the same result. currently we have a generic certificate installed on the server for testing only but the message still pop's up.
msaunders Posted November 4, 2002 Author Posted November 4, 2002 Do you want me to send you my login.php and my application_top.php that I know are working with my shop ?
hucke Posted November 4, 2002 Posted November 4, 2002 For my "login.php" the first described fix worked well. but oscommerce has this problem also on "address book" adding an address... maybe this should be posted to bugfix list if not already done...? fixed site is: www.golfdiscount.de michael hucke --- !oscommmerce is really nice!
i4media Posted November 4, 2002 Posted November 4, 2002 after recieveing the files i installed them and still get no joy with the page has secure and non-secure files on. if anyone has anymore ideas on this matter i would be greatful.
msaunders Posted November 4, 2002 Author Posted November 4, 2002 Thats a pity . It must be another file its accessing so because those mods work for me . Maybe some of our more experienced users can help. martin
jeana Posted November 6, 2002 Posted November 6, 2002 do you have the box-ad mod installed? i was just going thru the same issue with my site and i tried clicking no on showing the non-secure items and the only thing it didn't show were the banner images that were being shown through that block...does this help you more knowledgable guys at all?
jeana Posted November 6, 2002 Posted November 6, 2002 as an add-on, I too have applied linda's fix but am still getting the error. my site is at www.jeana.com - please any more ideas? I really think it has to do with the ad block....
jeana Posted November 6, 2002 Posted November 6, 2002 yep - if I take out the box-ad block and teh banners at the bottom, the errors go away .. Is there any way to fix this so that I can use the banners and box-as though? Of course I'll leave them off for now because my customers' feeling of security means more to me than the ads, but its a shame I can't have them on there... Jeana
Ajeh Posted November 6, 2002 Posted November 6, 2002 What you can do is setup an IF statement around the images in your footer that are causing there error, so they do not show on secure pages. An example: <?php IF ( $HTTPS !='on' ) { ?> <tr height="75"><td colspan="3" align="center"><SCRIPT LANGUAGE="javascript" src="http://www.qksz.net/1e-5brd"></SCRIPT></td></tr> <tr height="75"><td colspan="3" align="center"><?php echo BCENTRAL97 ?></td></tr> <?php } ?> These things only show on non-secure pages and no more error msg :D
jeana Posted November 6, 2002 Posted November 6, 2002 Thank you Linda, but I'm not *that* familiar with PHP...can you please elaborate a little more? For instance, for the box-ad code below, how or where would I insert your code? <!-- banner-ad-in-a-box //--> <?php if ($banner = tep_banner_exists('dynamic', BOX_AD_BANNER_TYPE)) { ?> <tr> <td> <?php $bannerstring = tep_display_banner('static', $banner); $info_box_contents = array(); $info_box_contents[] = array('align' => 'left', 'text' => BOX_AD_BANNER_HEADING ); new infoBoxHeading($info_box_contents, false, false); $info_box_contents = array(); $info_box_contents[] = array('align' => 'center', 'text' => $bannerstring ); new infoBox($info_box_contents); ?> </td> </tr> <?php } ?> <!-- banner-ad-in-a-box_eof //-->
Ajeh Posted November 7, 2002 Posted November 7, 2002 Actually I made a banner manager add-on to handle that. Rather than shut off all banners, the Banner Manager now has options that let you set the banners as secure page, open new window etc. But for a quick fix, you would surround that whole if with the if I gave you. Something along the lines of: <!-- banner-ad-in-a-box //--> <?php if ( $HTTPS !='on' ) { if ($banner = tep_banner_exists('dynamic', BOX_AD_BANNER_TYPE)) { ?> <tr> <td> <?php $bannerstring = tep_display_banner('static', $banner); $info_box_contents = array(); $info_box_contents[] = array('align' => 'left', 'text' => BOX_AD_BANNER_HEADING ); new infoBoxHeading($info_box_contents, false, false); $info_box_contents = array(); $info_box_contents[] = array('align' => 'center', 'text' => $bannerstring ); new infoBox($info_box_contents); ?> </td> </tr> <?php } } ?> <!-- banner-ad-in-a-box_eof //-->
livefooduk Posted November 8, 2002 Posted November 8, 2002 after recieveing the files i installed them and still get no joy with the page has secure and non-secure files on. if anyone has anymore ideas on this matter i would be greatful. I have been battling with this one for ages too, I have found a kind of fix for the problem, a bit messy though but it works, see : http://www.www.oscommerce.com/forums/viewtopic...5853&highlight= Best wishes Steve
Val Posted December 8, 2002 Posted December 8, 2002 Hi, I have an interesting problem. I have made the edits suggested by Linda, and all is fine so long as I have 'search engine friendly url's' enabled. As soon as I turn them off, I get the alert back again at checkout confirmation! I am using a snapshot from 12th Nov and have edited html_output with some search engine code for removing sid's. Any ideas? Val
sheikyerbouti Posted December 9, 2002 Posted December 9, 2002 I went to the pages you mentioned to make the edits and i didn't see that text. Does that mean that i have to add all of that text to each respective page? And where do i put that info? I'm having the same darn problem. Thanks, pete
vikkic Posted December 9, 2002 Posted December 9, 2002 Could you tell me WHERE to put this in the catalog/login.php??? I need to get this fixed..... Thanks tond for any help - you're the only solution in all the messages I haven't tried yet. Vikki This is due to the images on the site and that you are switching from secure to non-secure. To correct this, edit in /catalog/login.php // BOF: WebMakers.com Added: Removed Security Alert Message // add 'SSL' to both links if (sizeof($navigation->snapshot) > 0) { $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), 'SSL'); $navigation->clear_snapshot(); tep_redirect($origin_href); } else { tep_redirect(tep_href_link(FILENAME_DEFAULT,'','SSL')); } // EOF: WebMakers.com Added: Removed Security Alert Message Then edit in /catalog/includes/application_top.php in the case 'notify': // BOF: WebMakers.com Added: Fix redirect on security alert tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'SSL')); // EOF: WebMakers.com Added: Fix redirect on security alert This should correct the Security Alert in most browsers.
Ajeh Posted December 9, 2002 Posted December 9, 2002 If you take a peice of the code and search for it then it is easier to find ... :D Try around line 56 in login.php In application_top.php under the case statement for: case 'notify' : if (tep_session_is_registered('customer_id')) { if ($HTTP_GET_VARS['products_id']) { $notify = array($HTTP_GET_VARS['products_id']); } elseif ($HTTP_POST_VARS['notify']) { $notify = $HTTP_POST_VARS['notify']; } else { tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'NONSSL')); } for ($i=0; $i<sizeof($notify); $i++) { $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $notify[$i] . "' and customers_id = '" . $customer_id . "'"); $check = tep_db_fetch_array($check_query); if ($check['count'] < 1) { tep_db_query("insert into " . TABLE_PRODUCTS_NOTIFICATIONS . " (products_id, customers_id, date_added) values ('" . $notify[$i] . "', '" . $customer_id . "', now())"); } } tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'NONSSL')); } else { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } break;
mondala Posted December 10, 2002 Posted December 10, 2002 these changes fix the secure, non secure for me. thank you
vikkic Posted December 12, 2002 Posted December 12, 2002 All right - I did add this exact code where you said and it still didn't fix the security alert in IE. Vikki
jor_g0 Posted December 18, 2002 Posted December 18, 2002 I tried everything you guys have write and nothing works, i still getting the warning with the Secure and nonsecure server... If someone knows how to fix that please let me know, i need to fix this issue asap
mattice Posted December 18, 2002 Posted December 18, 2002 I tried everything you guys have write and nothing works, i still getting the warning with the Secure and nonsecure server... If someone knows how to fix that please let me know, i need to fix this issue asap have a look at this thread too: http://www.oscommerce.com/forums/viewtopic.php?t=29627 "Politics is the art of preventing people from taking part in affairs which properly concern them"
Ajeh Posted December 19, 2002 Posted December 19, 2002 Also check you are not pulling in additional images from non-secure locations.
dreamscape Posted December 19, 2002 Posted December 19, 2002 i4media, when loading your login.php page, I get this security alert: Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate. ! The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. ! The security certificate has expired or is not yet valid. ! The name on the security certificate is invalid or does not match the name of the site the 1st error is just because I choose to not set plesk.com as a trusted company (I have trust issues, ok). the 2nd error, when looking at the info, this security certifiate expired on November 10th... well over a month ago... (one more reason to not trust plesk.com). and the 3rd error, well I get that one on my site sometimes too so I dunno what thats about. then the error about secure/non secure items after I make that other error happy (but still don't trust plesk.com)... the problem here is you base HREF isn't SSL... it is: <base href="http://www.linzishoes.com/"> and should be <base href="https://www.linzishoes.com/"> The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke
dreamscape Posted December 19, 2002 Posted December 19, 2002 the base href code in my PHP files looks like this: <base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> I dunno it that helps or not The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke
Ajeh Posted December 19, 2002 Posted December 19, 2002 That has to do with the certificate authentication. Sounds like it is not configured correctly for your domain, or it is a shared one and I forget all the ins and outs of it but it needs to match your site to not receive that error. Something about generate this that and the other thing ... which I am sure one of the bright bulbs here on Secure Certificates can much better explain than I ... 8)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.