Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Admin Ssl - Help, Please


joecritch

Recommended Posts

Posted

I'm trying to secure several osCommerce admin sections, which each have an associated SSL certificate on the domains. The sites are on 1&1 Linux servers.

 

When you enter http://www.example.com/catalog/admin, the site does not direct to the https:// protocol, and therefore does not show the padlock on the admin homepage.

 

I've tried changing the line in the admin index.php from // if (getenv('HTTPS') == 'on') { to if (getenv('HTTPS') == '1') {

... no luck.

 

I've also tried changing the top lines in the admin config to force an HTTPS://, instead of the normal HTTP://, but that still doesn't help.

 

Here's the /shop/includes/configure.php

 

define('HTTP_SERVER', 'http://www.domain.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.domain.co.uk'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.domain.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'www.domain.co.uk');

define('HTTP_COOKIE_PATH', '/shop/');

define('HTTPS_COOKIE_PATH', '/shop/');

define('DIR_WS_HTTP_CATALOG', '/shop/');

define('DIR_WS_HTTPS_CATALOG', '/shop/');

 

Here's the /shop/admin/includes/configure.php

 

define('HTTP_SERVER', 'https://www.domain.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'https://www.domain.co.uk/shop/');

define('HTTPS_CATALOG_SERVER', 'https://www.domain.co.uk/shop/');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

Posted
When you enter http://www.example.com/catalog/admin, the site does not direct to the https:// protocol, and therefore does not show the padlock on the admin homepage.

If you want SSL in the Admin area, you have to do it as such:

 

https://www.example.com/catalog/admin

 

You don't get SSL without asking for it....

:thumbsup:

 

One of these days they'll invent a computer that does what you WANT it to do, not what you TELL it to do...

:huh:

 

At least that's my fervent hope, anyway....

:D

 

And believe me, I'm a master at telling it all the wrong things...

:blush:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...