Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Ssl For Conact Us Page?


Jaide

Recommended Posts

Do you guys thing SSL should be enabled for the Contact Page? On mine, they enter name, email, order ID, enquiry. Just a thought if I should enable it :). Thanks!

Link to comment
Share on other sites

Do you guys thing SSL should be enabled for the Contact Page? On mine, they enter name, email, order ID, enquiry. Just a thought if I should enable it :). Thanks!

Yes you should. SSL should include all pages in general once the customer logs in.

Link to comment
Share on other sites

Do you mean after the customer logs in all pages should be in SSL

yes, because private info can be trasmitted with every page request once they log in.

Link to comment
Share on other sites

yes, because private info can be trasmitted with every page request once they log in.

 

Okay. How do I do this the easy way (if there is one). Currently just the input pages are secured.

Link to comment
Share on other sites

Okay. How do I do this the easy way (if there is one). Currently just the input pages are secured.

 

 

Enabling SSL for the entire site will slow it down big time! OSC already takes care of providing SSL coverage for the sensitive parts of the site which display the order-related info and customer data which is being tracked by a separate cookie. If you want to enable ssl for your contact_us.php, simply change the link to it from http:// to https://

 

e.g. "<a class="leftmenu" href="' . tep_href_link(FILENAME_CONTACT_US, "", "SSL") . '">' . ........"

Link to comment
Share on other sites

Enabling SSL for the entire site will slow it down big time! OSC already takes care of providing SSL coverage for the sensitive parts of the site which display the order-related info and customer data which is being tracked by a separate cookie. If you want to enable ssl for your contact_us.php, simply change the link to it from http:// to https://

 

e.g. "<a class="leftmenu" href="' . tep_href_link(FILENAME_CONTACT_US, "", "SSL") . '">' . ........"

and what are the sensitive parts of the site once a user logs-in?

 

How do you know if a store owner hasn't got a shipping estimator (which now shows the delivery address on every page) or some other box/content that shows personal info for logged-in customers? You may endup in NON-SSL pages with the customer's info displayed.

Link to comment
Share on other sites

one way is to change the tep_href_link function.

 

so after the function definition...

// The HTML href link wrapper function
 function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
global $request_type, $session_started, $SID;

 

you do

	if( tep_session_is_registered('customer_id') ) {
  $connection = 'SSL';
}

This way too simplistic, it will work with the stock osc but you need to take into account features of the store. For example if I have a forum integrated I don't want my customers to spend ages downloading secure pages all over the forum. In such cases I would have to customize it like using separate accounts one for the forum the other for the regular registrations.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...