Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HTTP/HTTPS


BaileyBoy

Recommended Posts

Hi:

 

I'm a PHP novice, but I'm not helpless, I've been able to work out some pretty sticky challenges in the past using forums searches, but this one's got me beat cold. There are loads of posts on this subject and I've been through them all, believe me - my situation remains the same. On checkout a user sees a broken padlock in the browser (in FF anyway). I know my secure cert is properly installed.

 

You'll find my browse(once catalog)/includes/configure.php below

 

<?php
/*
 $Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 [url="http://www.oscommerce.com"]http://www.oscommerce.com[/url]

 Copyright © 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.mysite.com'); // eg, [url="http://localhost"]http://localhost[/url] - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.mysite.com'); // eg, [url="https://localhost"]https://localhost[/url] - should not be empty for productive servers
//  define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', '.mysite.com');
 define('HTTPS_COOKIE_DOMAIN', '');
 define('HTTP_COOKIE_PATH', '');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/browse/');
 define('DIR_WS_HTTPS_CATALOG', '/browse/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

etc.

 

Most forum posts suggest revising the application_top.php around line 40 (I commented out the old line)

 

// set the type of request (secure or not)
//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
 $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

My store has been active since 2005, and I really need to fix this once and for all. Obviously it doesn't boost customer confidence to see a broken padlock, or receive an "Unsecure" alert.

 

I humbly thank you in advance for any pointers.

 

BaileyBoy

Link to comment
Share on other sites

What exactly are your customers seeing?

 

That last portion of your post has me wondering...are they seeing a popup box regarding both Secure and Non-Secure items being displayed on certain webpages?

 

If that's the case...something you have on your pages was not coded to accomodate both http and https mode.

 

Are you able to duplicate this problem when navigating your site?

Link to comment
Share on other sites

What exactly are your customers seeing?

 

That last portion of your post has me wondering...are they seeing a popup box regarding both Secure and Non-Secure items being displayed on certain webpages?

 

If that's the case...something you have on your pages was not coded to accomodate both http and https mode.

 

Are you able to duplicate this problem when navigating your site?

 

Hi Puggybelle -

 

I just tested on a IE, and I (as do my customers) get the "some items on this page are not secure - go anyway?" alert - this is the problem. If I add the 's' to the end of http anywhere on my site I get this alert. I've done a hard-target search and can't find any outside element that may cause this alert to be triggered. Can you think of any other possible culprits?

 

B

Link to comment
Share on other sites

It doesn't have to be a visible link. You will need to look in the code too. A common reason is the google analytics code.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

It doesn't have to be a visible link. You will need to look in the code too. A common reason is the google analytics code.

 

That makes sense, however, I did try killing the Google Analytics code - no change. Thanks for the suggestion anyhow.

Link to comment
Share on other sites

Then there is some other link causing the problem. You will have to isolate sections of the code until it is found. There's no other way, at least that I know of.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Did you add anything to your right or left columns?

 

For example, I hard-coded in some images below where the infoboxes end. I also have some images that I inserted in the header of my site and on the index page.

 

Instead of coding them as, for example:

 

<img src="http://www.yourwebsite.com/images/picture.gif">

 

You need to use a path that does not reference http at all. You'd take the same example above and call it from the folder the image is in, like this:

 

<img src="../images/picture.gif">

 

If your images are sitting in a folder called Bob and the filepath to that folder is catalog>images>Bob...you'd code the image to appear like this:

 

<img src="../images/Bob/picture.gif">

 

That way, all images will appear normally, whether you're on secure pages or not. But, if you're using something like I described in the first example; a direct path with http in it...that warning box will appear when they hit a secure page.

Link to comment
Share on other sites

Try this, too. I'm not sure if it will be of help or not, but...I'm thinking it might.

 

Go in your website and get to a secure area, like Create Account or something.

 

When you see the popup warning about Secure & NonSecure items, click NO.

 

Does something on the page not load? See any red x's where there should be images?

 

I'm thinking that if you click No on the popup box, whatever is causing the trouble will not load and you'll know where to go from there.

Link to comment
Share on other sites

When you see the popup warning about Secure & NonSecure items, click NO. Does something on the page not load? See any red x's where there should be images?

 

PROBLEM SOLVED!!!!!!!! It turns out it was a combination of bad syntax, I omitted one "}" in a spot, and Google Analytics code was not secure, although I thought it was. For future readers of this post - use: https://ssl.google-analytics.com/urchin.js NOT https://www.google-analytics.com/urchin.js

 

THANK YOU

PUGGYBELLE!!!

JACK_MCS!!!

 

 

Now we Dance!!!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...