Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Ssl - This Page Contains Secure And Non Secure Items


drone

Recommended Posts

Hey guys,

 

I was wondering if anyone could help me fix my SSL issue that I have on the new online shop i've been working on. Im have a 'SSL - This page contains secure and non secure items' problem, but Im unsure what's causing the issue.

 

My config is:

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.baroquerecords.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.baroquerecords.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.baroquerecords.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.baroquerecords.com');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/kunden/homepages/15/XXXXXXXXXX/htdocs/catalog/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'XXXXXXXXXXX'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', 'XXXXXXXXXXX');
 define('DB_SERVER_PASSWORD', 'XXXXXXXXX');
 define('DB_DATABASE', 'XXXXXXXXX');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

 

The live site is here: http://www.baroquerecords.com/catalog

Link to comment
Share on other sites

No warnings when I just checked?

 

 

What browser are you using? I have checked in IE and Mozilla, If you click the padlock do you get any messages there?

Link to comment
Share on other sites

IE

 

Sorry just looked again and first time around only glanced at the address bar and saw https and assumed on the secure page but now I look again there is no padlock.......

 

Is this a dedicated SSL or shared?

Link to comment
Share on other sites

IE

 

Sorry just looked again and first time around only glanced at the address bar and saw https and assumed on the secure page but now I look again there is no padlock.......

 

Is this a dedicated SSL or shared?

 

It's dedicated

Link to comment
Share on other sites

Looks like all your images are pulled unencrypted. Check /catalog/create_account.php for the following line:

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

This code determines whether to use the http or the https path to the folders with images etc.

 

abra

The First Law of E-Commerce: If the user can't find the product, the user can't buy the product.

 

Feedback and suggestions on my shop welcome.

 

Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong.

Link to comment
Share on other sites

Thanks for your reply, it seems that

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

is featured on many pages, does this need to changed?, if so to what?

 

Thanks.

Link to comment
Share on other sites

Your https path is directing me to the www. address. If I take out this in my address bar then yes I see the warning that there is a problem with the certifcate.

 

Shouldn't your https path without the www. ? Also your cookie domain and paths set?

Link to comment
Share on other sites

Your https path is directing me to the www. address. If I take out this in my address bar then yes I see the warning that there is a problem with the certifcate.

 

Shouldn't your https path without the www. ? Also your cookie domain and paths set?

 

Cookie domains have now been changed to:

 

define('HTTP_COOKIE_DOMAIN', 'baroquerecords.com');
define('HTTPS_COOKIE_DOMAIN', 'baroquerecords.com');

 

The SSL certificate is setup for www.baroquerecords.com (inc 'WWW')

Link to comment
Share on other sites

Sorry no expert just answering as noone else is lol

 

Anyway I now see

 

Warning: I am able to write to the configuration file :-"

 

 

But shouldn't the cookie domain https be an https address........

Link to comment
Share on other sites

Thanks for your reply, it seems that

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

is featured on many pages, does this need to changed?, if so to what?

 

Thanks.

 

Your https path with www in your config file is ok.

 

The base href line should exist in all catalog pages. If your version is exactly the same as my quoted on, then it might be that your server needs to be addressed in a different way.

 

 

In /catalog/includes/application_top.php find (around line 43):

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

and change it to:

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

If this works for your create_account page, then you need to search for the same code in

includes/functions/general.php and admin/index.php.

 

abra

The First Law of E-Commerce: If the user can't find the product, the user can't buy the product.

 

Feedback and suggestions on my shop welcome.

 

Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong.

Link to comment
Share on other sites

the cookiedomain should be

define('HTTP_COOKIE_DOMAIN', '.baroquerecords.com');
define('HTTPS_COOKIE_DOMAIN', '.baroquerecords.com');

 

abra

The First Law of E-Commerce: If the user can't find the product, the user can't buy the product.

 

Feedback and suggestions on my shop welcome.

 

Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong.

Link to comment
Share on other sites

If this works for your create_account page, then you need to search for the same code in

includes/functions/general.php and admin/index.php.

 

Everything seems to be working now, although I cannot find the same code in the above files.

 

includes/functions/general.php has:

 

// Redirect to another page or site
 function tep_redirect($url) {
if ( (strstr($url, "\n") != false) || (strstr($url, "\r") != false) ) { 
  tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
}

if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page
  if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url
	$url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL
  }
}

header('Location: ' . $url);

tep_exit();
 }

 

and admin/index.php has no SSL related code except:

 

 if (getenv('HTTPS') == 'on') {
$size = ((getenv('SSL_CIPHER_ALGKEYSIZE')) ? getenv('SSL_CIPHER_ALGKEYSIZE') . '-bit' : '<i>' . BOX_CONNECTION_UNKNOWN . '</i>');

 

Many thanks to everyone for their swift help with this matter... Cyber Beers for everyone!!!!

Link to comment
Share on other sites

sorry, had to do some other things first.

 

Yes, just change it to 1.

 

abra

The First Law of E-Commerce: If the user can't find the product, the user can't buy the product.

 

Feedback and suggestions on my shop welcome.

 

Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...