Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

osC does not recognize SSL


Sc00ter_ep

Recommended Posts

  define('HTTP_SERVER', 'http://www.pwnedpcs.com');

define('HTTPS_SERVER', 'https://www.pwnedpcs.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.pwnedpcs.com');

define('HTTPS_COOKIE_DOMAIN', 'www.pwnedpcs.com');

define('HTTP_COOKIE_PATH', '/pwned/');

define('HTTPS_COOKIE_PATH', '/pwned/');

define('DIR_WS_HTTP_CATALOG', '/pwned/');

define('DIR_WS_HTTPS_CATALOG', '/pwned/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

Listed is my current config from the includes folder.

 

I have hosting through Hostmonster with a dedicated IP and a RapidSSL cert.

site is: www.pwnedpcs.com

 

I think I have everything changed the way it's supposed to be in the config, but I still get no joy when I click on "My Account". or "Create Account". Aren't these pages supposed to be encrypted?

 

I don't see an "https" anywhere in ANY page! Is there something else I need to configure?

Link to comment
Share on other sites

Oops, sorry, that was the wrong link. Try this one. The answer to your problem and your question should be there.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

http://www.pwnedpcs.com/pwned/myenv.php

HTTP HOST: 
Server Port: 80
SSL Status: 
Fowarded Server: 
Fowarded Host: 
Fowarded By:

 

https://www.pwnedpcs.com/pwned/myenv.php

HTTP HOST: 
Server Port: 443
SSL Status: on
Fowarded Server: 
Fowarded Host: 
Fowarded By:

 

So it seems to be that my SSL is working at least. It just doesn't show up as padlock, or when I click on pages that should be ssl.

 

I'm pretty sure my application_top is correct. I'll keep going through the post and see if there's a fix I haven't tried yet.

Link to comment
Share on other sites

Look in your index.php file in your root folder.

 

In the <head> section, post the code it uses to determine your <base href="...">

 

It's probably just one line.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Here is the <head> section:

<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>

 

 

and from the actual page:

 

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Pwned PCs</title>
<base href="http://www.pwnedpcs.com/pwned/">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>

 

After looking back at my configure.php, I don't have a define property of "DIR_WS_CATALOG". Should I? It looks like that's what it's referencing in the index.php <head> section.

Link to comment
Share on other sites

The PHP code looks OK.

 

I know you've been trying different things in application_top for this code:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

What do you have there now?

:unsure:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

// set the type of request (secure or not)
//$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

I've tried both lines to no avail.

Link to comment
Share on other sites

See if you have this file on your site:

 

/includes/local/configure.php

 

If you have it, be sure the definitions in it are correct.

 

It also may have a line like this:

 

  define('ENABLE_SSL', 0);

If so, change it to this:

 

  define('ENABLE_SSL', 1);

Let me know what you find.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

So far so good (I think).

 

We're just eliminating possibilities one at a time.

 

Post the code from this file:

 

/pwned/includes/header.php

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

LOL, I was just looking at that page!

 

<?php
/*
 $Id: header.php 1739 2007-12-20 00:52:16Z hpdl $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// check if the 'install' directory exists, and warn of its existence
 if (WARN_INSTALL_EXISTENCE == 'true') {
if (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/install')) {
  $messageStack->add('header', WARNING_INSTALL_DIRECTORY_EXISTS, 'warning');
}
 }

// check if the configure.php file is writeable
 if (WARN_CONFIG_WRITEABLE == 'true') {
if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {
  $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');
}
 }

// check if the session folder is writeable
 if (WARN_SESSION_DIRECTORY_NOT_WRITEABLE == 'true') {
if (STORE_SESSIONS == '') {
  if (!is_dir(tep_session_save_path())) {
	$messageStack->add('header', WARNING_SESSION_DIRECTORY_NON_EXISTENT, 'warning');
  } elseif (!is_writeable(tep_session_save_path())) {
	$messageStack->add('header', WARNING_SESSION_DIRECTORY_NOT_WRITEABLE, 'warning');
  }
}
 }

// check session.auto_start is disabled
 if ( (function_exists('ini_get')) && (WARN_SESSION_AUTO_START == 'true') ) {
if (ini_get('session.auto_start') == '1') {
  $messageStack->add('header', WARNING_SESSION_AUTO_START, 'warning');
}
 }

 if ( (WARN_DOWNLOAD_DIRECTORY_NOT_READABLE == 'true') && (DOWNLOAD_ENABLED == 'true') ) {
if (!is_dir(DIR_FS_DOWNLOAD)) {
  $messageStack->add('header', WARNING_DOWNLOAD_DIRECTORY_NON_EXISTENT, 'warning');
}
 }

 if ($messageStack->size('header') > 0) {
echo $messageStack->output('header');
 }
?>
<div class="fixcenter">
<table border="0" width="100%" cellspacing="0" cellpadding="0">
 <tr class="header">
<td valign="middle"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image(DIR_WS_IMAGES . 'store_logo.png', STORE_NAME) . '</a>'; ?></td>
<td align="right" valign="bottom"><?php echo '<a href="' . tep_href_link(FILENAME_ACCOUNT, '', 'SSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_account.gif', HEADER_TITLE_MY_ACCOUNT) . '</a>  <a href="' . tep_href_link(FILENAME_SHOPPING_CART) . '">' . tep_image(DIR_WS_IMAGES . 'header_cart.gif', HEADER_TITLE_CART_CONTENTS) . '</a>  <a href="' . tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_checkout.gif', HEADER_TITLE_CHECKOUT) . '</a>'; ?>  </td>
 </tr>
</table>
<table border="0" width="100%" cellspacing="0" cellpadding="1">
 <tr class="headerNavigation">
<td class="headerNavigation">  <?php echo $breadcrumb->trail(' » '); ?></td>
<td align="right" class="headerNavigation"><?php if (tep_session_is_registered('customer_id')) { ?><a href="<?php echo tep_href_link(FILENAME_LOGOFF, '', 'SSL'); ?>" class="headerNavigation"><?php echo HEADER_TITLE_LOGOFF; ?></a>  |  <?php } ?><a href="<?php echo tep_href_link(FILENAME_ACCOUNT, '', 'SSL'); ?>" class="headerNavigation"><?php echo HEADER_TITLE_MY_ACCOUNT; ?></a>  |  <a href="<?php echo tep_href_link(FILENAME_SHOPPING_CART); ?>" class="headerNavigation"><?php echo HEADER_TITLE_CART_CONTENTS; ?></a>  |  <a href="<?php echo tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'); ?>" class="headerNavigation"><?php echo HEADER_TITLE_CHECKOUT; ?></a>   </td>
 </tr>
</table>
<?php
 if (isset($HTTP_GET_VARS['error_message']) && tep_not_null($HTTP_GET_VARS['error_message'])) {
?>
<table border="0" width="100%" cellspacing="0" cellpadding="2">
 <tr class="headerError">
<td class="headerError"><?php echo htmlspecialchars(stripslashes(urldecode($HTTP_GET_VARS['error_message']))); ?></td>
 </tr>
</table>
<?php
 }

 if (isset($HTTP_GET_VARS['info_message']) && tep_not_null($HTTP_GET_VARS['info_message'])) {
?>
<table border="0" width="100%" cellspacing="0" cellpadding="2">
 <tr class="headerInfo">
<td class="headerInfo"><?php echo htmlspecialchars(stripslashes(urldecode($HTTP_GET_VARS['info_message']))); ?></td>
 </tr>
</table>
<?php
 }
?>

 

I also have persistent connections set to true. I'm on a static IP.

Link to comment
Share on other sites

That looks OK.

 

I asked you to look in the wrong place earlier.

 

Do you have this file on your site:

 

/pwned/includes/local/configure.php

 

:unsure:

 

What I posted earlier was just:

 

/includes/local/configure.php

 

That is incorrect.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

That looks OK.

I asked you to look in the wrong place earlier.

Do you have this file on your site:

/pwned/includes/local/configure.php



What I posted earlier was just:

/includes/local/configure.php

That is incorrect.

 

No problem, I knew where you were going. The only thing in that "Local" folder is a README file.

Link to comment
Share on other sites

OK.

 

This just doesn't add up....

:blink:

 

MAKE A BACKUP OF YOUR INDEX.PHP FILE.

 

As a test, change the <head> code in your index.php to this:

 

<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<?php
// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
?>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>

After you do that, access it with your "secure' URL:

 

https://www.pwnedpcs.com/pwned/index.php

 

How does that work?

:unsure:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

It's always looked like that. You just didn't realize it.

 

The SSL problem is still this:

 

<base href="http://www.pwnedpcs.com/pwned/">

Now, if you put that PHP code in as I instructed, the question is: Why doesn't it work?

:unsure:

 

It does the same thing as your https://www.pwnedpcs.com/pwned/myenv.php code....

 

Maybe it's staring me right in the face and I'm too blind to see.

 

I'll have to think about this for a while.

 

Maybe someone else has an explantion why the getenv() seems to work outside of osC, but not within it's hallowed confines...

:huh:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

germ, thank you so much for all you help!!!!

 

I didn't get it figured out, but I did a clean re-install (4th times the charm :) ) and everything is working perfectly.

 

I just need to put the addons back in one at a time, and check them with scrutiny.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...