Jaide Posted June 25, 2007 Share Posted June 25, 2007 Do you guys thing SSL should be enabled for the Contact Page? On mine, they enter name, email, order ID, enquiry. Just a thought if I should enable it :). Thanks! Link to comment Share on other sites More sharing options...
Guest Posted June 25, 2007 Share Posted June 25, 2007 Do you guys thing SSL should be enabled for the Contact Page? On mine, they enter name, email, order ID, enquiry. Just a thought if I should enable it :). Thanks! Yes you should. SSL should include all pages in general once the customer logs in. Link to comment Share on other sites More sharing options...
Jaide Posted June 26, 2007 Author Share Posted June 26, 2007 Do you mean after the customer logs in all pages should be in SSL or just ones that require input? Thanks for your reply. Link to comment Share on other sites More sharing options...
Guest Posted June 26, 2007 Share Posted June 26, 2007 Do you mean after the customer logs in all pages should be in SSL yes, because private info can be trasmitted with every page request once they log in. Link to comment Share on other sites More sharing options...
Jaide Posted June 26, 2007 Author Share Posted June 26, 2007 yes, because private info can be trasmitted with every page request once they log in. Okay. How do I do this the easy way (if there is one). Currently just the input pages are secured. Link to comment Share on other sites More sharing options...
georgec Posted June 26, 2007 Share Posted June 26, 2007 Okay. How do I do this the easy way (if there is one). Currently just the input pages are secured. Enabling SSL for the entire site will slow it down big time! OSC already takes care of providing SSL coverage for the sensitive parts of the site which display the order-related info and customer data which is being tracked by a separate cookie. If you want to enable ssl for your contact_us.php, simply change the link to it from http:// to https:// e.g. "<a class="leftmenu" href="' . tep_href_link(FILENAME_CONTACT_US, "", "SSL") . '">' . ........" Link to comment Share on other sites More sharing options...
Jaide Posted June 26, 2007 Author Share Posted June 26, 2007 Thanks. Link to comment Share on other sites More sharing options...
Guest Posted June 26, 2007 Share Posted June 26, 2007 Enabling SSL for the entire site will slow it down big time! OSC already takes care of providing SSL coverage for the sensitive parts of the site which display the order-related info and customer data which is being tracked by a separate cookie. If you want to enable ssl for your contact_us.php, simply change the link to it from http:// to https:// e.g. "<a class="leftmenu" href="' . tep_href_link(FILENAME_CONTACT_US, "", "SSL") . '">' . ........" and what are the sensitive parts of the site once a user logs-in? How do you know if a store owner hasn't got a shipping estimator (which now shows the delivery address on every page) or some other box/content that shows personal info for logged-in customers? You may endup in NON-SSL pages with the customer's info displayed. Link to comment Share on other sites More sharing options...
Jaide Posted June 27, 2007 Author Share Posted June 27, 2007 Mark, what is an easy way to make all pages SSL once the user is logged in? Link to comment Share on other sites More sharing options...
Guest Posted June 27, 2007 Share Posted June 27, 2007 one way is to change the tep_href_link function. so after the function definition... // The HTML href link wrapper function function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) { global $request_type, $session_started, $SID; you do if( tep_session_is_registered('customer_id') ) { $connection = 'SSL'; } This way too simplistic, it will work with the stock osc but you need to take into account features of the store. For example if I have a forum integrated I don't want my customers to spend ages downloading secure pages all over the forum. In such cases I would have to customize it like using separate accounts one for the forum the other for the regular registrations. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.