Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Dedicated Ssl Assign To Certain Pages


d4funky1

Recommended Posts

Posted

Hi,

 

I have a dedicated SSL cert that runs completely through my site.

 

I would now like to change this so that only the checkout pages are secured by it.

 

Is there a way in which I can assign the particular pages i want securing and leave the others unsecure?

 

Many Thanks.

D4

Posted

okay,

 

having spoke to my host it appears that they can only apply the cert to the domain name.

 

They mentioned however, the possibility of a script that can be used to enable the sert to only come into affect on certain pages

 

ie: all checkout_ and login pages

 

Does anyone know of such a script that can be used?

 

Many Thanks

D4

Posted

Unless you changed the script, osCommerce only does use SSL for these pages.

 

Maybe you did something in your configure.php file? Did you put https for the non-ssl reference?

Posted

not sure here it is:

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.fancydressretail.co.uk'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.fancydressretail.co.uk'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.fancydressretail.co.uk/');
 define('HTTPS_COOKIE_DOMAIN', 'www.fancydressretail.co.uk/');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 if ($request_type = 'SSL'){
 define('DIR_WS_IMAGES', 'images/');
 } else {
 define('DIR_WS_IMAGES', 'images/');
 }


//Added for BTS1.0
 define('DIR_WS_TEMPLATES', 'templates/');
 define('DIR_WS_CONTENT', DIR_WS_TEMPLATES . 'content/');
 define('DIR_WS_JAVASCRIPT', DIR_WS_INCLUDES . 'www.fancydressretail.co.uk/javascript/');
//End BTS1.0
 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/kunden/homepages/26/d198638006/htdocs/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'db837.oneandone.co.uk'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', 'dbo198681683');
 define('DB_SERVER_PASSWORD', 'AsjVZMgA');
 define('DB_DATABASE', 'db198681683');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

 

Can you shed any light on this for me?

Posted

You should not have posted all that detail as you have given the world your database access details.

 

If you have time, edit the post. If not change your database password.

Posted

If I try and go to http:// it forces me to https://

 

so do you have a redirect in your .htaccess file?

 

If I click on a traditional non-ssl page, it is not ssl.

Posted

shit shit shit shit shit

 

be right back

 

here's the .htaccess file it's the last three lines i was told to put in

 

# $Id: .htaccess,v 3.0 2005/02/02 13:57:00 wilt Exp $
# Author: Michael R. Bryant [email protected]
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
#   AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)

# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers

<IfModule mod_setenvif.c>
 <IfDefine SSL>
SetEnvIf User-Agent ".*MSIE.*" \
		 nokeepalive ssl-unclean-shutdown \
		 downgrade-1.0 force-response-1.0
 </IfDefine>
</IfModule>

# Fix certain PHP values
# (commented out by default to prevent errors occuring on certain
# servers)

<IfModule mod_php4.c>
 php_value session.use_trans_sid 0
 php_value register_globals 1
 php_flag display_errors On
 php_flag track_errors On
</IfModule>

#CRE_SEO Install Begin
DirectoryIndex index.php default.php
Options +FollowSymLinks
RewriteEngine on
RewriteBase /

#cre SEO check for images and skip all the other rules for performance reasons only
RewriteRule ^.*\.gif|\.jpg|\.png|\.css|\.php$ - [L]

# cre SEO reformats for product_info.html pages
RewriteRule ^m([0-9]+_?[0-9]*)/?(.*)/p([0-9]+_?[0-9]*)/(.*)/product_info\.html$ product_info.php?manufacturers_id=$1&products_id=$3 [QSA,L]
RewriteRule ^p([0-9]+_?[0-9]*)/(.*)/product_info\.html$ product_info.php?products_id=$1 [QSA,L]
RewriteRule ^(.*)/c([^/]*)/p([0-9]+_?[0-9]*)/(.*)/product_info\.html$ product_info.php?cPath=$2&products_id=$3 [QSA,L]

# cre SEO reformat for index.html pages
RewriteRule ^m([0-9]+_?[0-9]*)/?(.*)/p([0-9]+_?[0-9]*)/(.*)/index\.html$ index.php?manufacturers_id=$1&products_id=$3 [QSA,L]
RewriteRule ^m([0-9]+_?[0-9]*)/(.*)/index\.html$ index.php?manufacturers_id=$1 [QSA,L]
RewriteRule ^(.*)/c([^/]*)/p([0-9]+_?[0-9]*)/(.*)/index\.html$ index.php?cPath=$2&products_id=$3 [QSA,L]
RewriteRule ^(.*)/c([^/]*)/index\.html$ index.php?cPath=$2 [QSA,L]

# cre SEO reformat for information.html pages
RewriteRule ^i([0-9]+_?[0-9]*)/(.*)/information\.html$ information.php?info_id=$1 [QSA,L]

# cre SEO reformat for pages.html pages
RewriteRule ^p([0-9]+_?[0-9]*)/(.*)/pages\.html$ pages.php?pID=$1 [QSA,L]
RewriteRule ^(.*)/c([^/]*)/p([0-9]+_?[0-9]*)/(.*)/pages\.html$ pages.php?cID=$2&pID=$3 [QSA,L]
RewriteRule ^(.*)/c([^/]*)/pages\.html$ pages.php?cID=$2 [QSA,L]

# cre SEO reformat for articles.html pages
RewriteRule ^(.*)/t([^/]*)/a([0-9]+_?[0-9]*)/(.*)/articles\.html$ articles.php?tPath=$2&articles_id=$3 [QSA,L]
RewriteRule ^(.*)/t([^/]*)/articles\.html$ articles.php?tPath=$2 [QSA,L]

# cre SEO reformat for article_info.html pages
RewriteRule ^a([0-9]+_?[0-9]*)/(.*)/article_info\.html$ article_info.php?articles_id=$1 [QSA,L]
RewriteRule ^(.*)/t([^/]*)/article_info\.html$ article_info.php?tPath=$2 [QSA,L]

# cre SEO reformats for product_reviews.html pages
RewriteRule ^p([0-9]+_?[0-9]*)/(.*)/product_reviews\.html$ product_reviews.php?products_id=$1 [QSA,L]
RewriteRule ^(.*)/c([^/]*)/p([0-9]+_?[0-9]*)/(.*)/product_reviews\.html$ product_reviews.php?products_id=$3 [QSA,L]

# cre SEO reformats for product_reviews_info.html pages
RewriteRule ^p([0-9]+_?[0-9]*)/(.*)/review([0-9]+_?[0-9]*)/product_reviews_info\.html$ product_reviews_info.php?products_id=$1&reviews_id=$3 [QSA,L]

#cre SEO catch all in case other rules did not match
RewriteRule ^(product_info|index|information|pages|articles|article_info|product_reviews|p
roduct_reviews_info)\.html$ $1.php [QSA,L]

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.fancydressretail.co.uk/$1 [R]

Posted

I have never seen that kind of rewrite instruction targetting SSL like that.

 

Who told you to add it? Did you try and just remove it and see what it does.

Posted

not yet this was advised by my host 1and1 and i was directed to there faq which states:

 

How to set up a website that is only accessible using SSL. (https://)

 

 

You should first have a SSL certificate installed on your domain.

 

Create a file named .htaccess in the directory your domain is pointing to and place

the following code:

 

 

RewriteEngine On

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^(.*)$ https://www.domaim.com/$1 [R]

 

 

(substitute www.domain.com with your domain)

 

 

Tip

Domains can have SSL certificates installed on www.domain.com or just domain.com. Please check what you have and then substitute it accordingly. (https://www.domaim.com/$1 [R] or https://domaim.com/$1 [R])

 

Would you suggest it?

 

Many Thanks

Posted

remove it and see if your standard SSL works.

 

if not, and, it may not given this is 1and1 hosting, there is a patch to fix it for 1and1 hosted sites somewhere here on the forum.

Posted

BINGO

 

Exactly what i wanted to achieve

 

Many Thanks for all your help

 

The reason for this: get my google pagerank back.

 

D4

Posted

Ahhh!

 

Maybe not,

 

The site seems to work well but when i click to login or checkout i am presented with a 404 error?

 

Any ideas?

 

Many Thanks

D4

  • 4 weeks later...
Posted
not yet this was advised by my host 1and1 and i was directed to there faq which states:

Would you suggest it?

 

Many Thanks

 

I am having this same issue with 1and1 - did you get this resolved? If so, how? Those 3 lines of code for the htaccess make my store functionality broken (can't sign up new user, can't do other things properly).

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...