drone Posted May 31, 2007 Share Posted May 31, 2007 Hey guys, I was wondering if anyone could help me fix my SSL issue that I have on the new online shop i've been working on. Im have a 'SSL - This page contains secure and non secure items' problem, but Im unsure what's causing the issue. My config is: <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.baroquerecords.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.baroquerecords.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.baroquerecords.com'); define('HTTPS_COOKIE_DOMAIN', 'www.baroquerecords.com'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/kunden/homepages/15/XXXXXXXXXX/htdocs/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', 'XXXXXXXXXXX'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'XXXXXXXXXXX'); define('DB_SERVER_PASSWORD', 'XXXXXXXXX'); define('DB_DATABASE', 'XXXXXXXXX'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> The live site is here: http://www.baroquerecords.com/catalog Link to comment Share on other sites More sharing options...
madcrazygirl Posted May 31, 2007 Share Posted May 31, 2007 No warnings when I just checked? Link to comment Share on other sites More sharing options...
drone Posted May 31, 2007 Author Share Posted May 31, 2007 No warnings when I just checked? What browser are you using? I have checked in IE and Mozilla, If you click the padlock do you get any messages there? Link to comment Share on other sites More sharing options...
madcrazygirl Posted May 31, 2007 Share Posted May 31, 2007 IE Sorry just looked again and first time around only glanced at the address bar and saw https and assumed on the secure page but now I look again there is no padlock....... Is this a dedicated SSL or shared? Link to comment Share on other sites More sharing options...
drone Posted May 31, 2007 Author Share Posted May 31, 2007 IE Sorry just looked again and first time around only glanced at the address bar and saw https and assumed on the secure page but now I look again there is no padlock....... Is this a dedicated SSL or shared? It's dedicated Link to comment Share on other sites More sharing options...
abra123cadabra Posted May 31, 2007 Share Posted May 31, 2007 Looks like all your images are pulled unencrypted. Check /catalog/create_account.php for the following line: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> This code determines whether to use the http or the https path to the folders with images etc. abra The First Law of E-Commerce: If the user can't find the product, the user can't buy the product. Feedback and suggestions on my shop welcome. Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong. Link to comment Share on other sites More sharing options...
drone Posted May 31, 2007 Author Share Posted May 31, 2007 Thanks for your reply, it seems that <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> is featured on many pages, does this need to changed?, if so to what? Thanks. Link to comment Share on other sites More sharing options...
madcrazygirl Posted May 31, 2007 Share Posted May 31, 2007 Your https path is directing me to the www. address. If I take out this in my address bar then yes I see the warning that there is a problem with the certifcate. Shouldn't your https path without the www. ? Also your cookie domain and paths set? Link to comment Share on other sites More sharing options...
drone Posted May 31, 2007 Author Share Posted May 31, 2007 Your https path is directing me to the www. address. If I take out this in my address bar then yes I see the warning that there is a problem with the certifcate. Shouldn't your https path without the www. ? Also your cookie domain and paths set? Cookie domains have now been changed to: define('HTTP_COOKIE_DOMAIN', 'baroquerecords.com'); define('HTTPS_COOKIE_DOMAIN', 'baroquerecords.com'); The SSL certificate is setup for www.baroquerecords.com (inc 'WWW') Link to comment Share on other sites More sharing options...
madcrazygirl Posted May 31, 2007 Share Posted May 31, 2007 Sorry no expert just answering as noone else is lol Anyway I now see Warning: I am able to write to the configuration file :-" But shouldn't the cookie domain https be an https address........ Link to comment Share on other sites More sharing options...
abra123cadabra Posted May 31, 2007 Share Posted May 31, 2007 Thanks for your reply, it seems that <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> is featured on many pages, does this need to changed?, if so to what? Thanks. Your https path with www in your config file is ok. The base href line should exist in all catalog pages. If your version is exactly the same as my quoted on, then it might be that your server needs to be addressed in a different way. In /catalog/includes/application_top.php find (around line 43): // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; and change it to: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; If this works for your create_account page, then you need to search for the same code in includes/functions/general.php and admin/index.php. abra The First Law of E-Commerce: If the user can't find the product, the user can't buy the product. Feedback and suggestions on my shop welcome. Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong. Link to comment Share on other sites More sharing options...
madcrazygirl Posted May 31, 2007 Share Posted May 31, 2007 Oh and still have never seen a padlock? Link to comment Share on other sites More sharing options...
abra123cadabra Posted May 31, 2007 Share Posted May 31, 2007 the cookiedomain should be define('HTTP_COOKIE_DOMAIN', '.baroquerecords.com'); define('HTTPS_COOKIE_DOMAIN', '.baroquerecords.com'); abra The First Law of E-Commerce: If the user can't find the product, the user can't buy the product. Feedback and suggestions on my shop welcome. Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong. Link to comment Share on other sites More sharing options...
drone Posted May 31, 2007 Author Share Posted May 31, 2007 If this works for your create_account page, then you need to search for the same code in includes/functions/general.php and admin/index.php. Everything seems to be working now, although I cannot find the same code in the above files. includes/functions/general.php has: // Redirect to another page or site function tep_redirect($url) { if ( (strstr($url, "\n") != false) || (strstr($url, "\r") != false) ) { tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); } if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url $url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL } } header('Location: ' . $url); tep_exit(); } and admin/index.php has no SSL related code except: if (getenv('HTTPS') == 'on') { $size = ((getenv('SSL_CIPHER_ALGKEYSIZE')) ? getenv('SSL_CIPHER_ALGKEYSIZE') . '-bit' : '<i>' . BOX_CONNECTION_UNKNOWN . '</i>'); Many thanks to everyone for their swift help with this matter... Cyber Beers for everyone!!!! Link to comment Share on other sites More sharing options...
drone Posted May 31, 2007 Author Share Posted May 31, 2007 Do i just need to change 'on' to '1'? Link to comment Share on other sites More sharing options...
abra123cadabra Posted May 31, 2007 Share Posted May 31, 2007 sorry, had to do some other things first. Yes, just change it to 1. abra The First Law of E-Commerce: If the user can't find the product, the user can't buy the product. Feedback and suggestions on my shop welcome. Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.