Sc00ter_ep Posted March 4, 2008 Posted March 4, 2008 define('HTTP_SERVER', 'http://www.pwnedpcs.com'); define('HTTPS_SERVER', 'https://www.pwnedpcs.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.pwnedpcs.com'); define('HTTPS_COOKIE_DOMAIN', 'www.pwnedpcs.com'); define('HTTP_COOKIE_PATH', '/pwned/'); define('HTTPS_COOKIE_PATH', '/pwned/'); define('DIR_WS_HTTP_CATALOG', '/pwned/'); define('DIR_WS_HTTPS_CATALOG', '/pwned/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); Listed is my current config from the includes folder. I have hosting through Hostmonster with a dedicated IP and a RapidSSL cert.site is: www.pwnedpcs.com I think I have everything changed the way it's supposed to be in the config, but I still get no joy when I click on "My Account". or "Create Account". Aren't these pages supposed to be encrypted? I don't see an "https" anywhere in ANY page! Is there something else I need to configure?
Jack_mcs Posted March 4, 2008 Posted March 4, 2008 Your host probably uses non-standard checking for the ssl. This thread may help. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Sc00ter_ep Posted March 4, 2008 Author Posted March 4, 2008 I think this is the 3rd time I've read that post. LOL What do you mean by "non-standard"?
Jack_mcs Posted March 4, 2008 Posted March 4, 2008 Oops, sorry, that was the wrong link. Try this one. The answer to your problem and your question should be there. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Sc00ter_ep Posted March 4, 2008 Author Posted March 4, 2008 http://www.pwnedpcs.com/pwned/myenv.php HTTP HOST: Server Port: 80 SSL Status: Fowarded Server: Fowarded Host: Fowarded By: https://www.pwnedpcs.com/pwned/myenv.php HTTP HOST: Server Port: 443 SSL Status: on Fowarded Server: Fowarded Host: Fowarded By: So it seems to be that my SSL is working at least. It just doesn't show up as padlock, or when I click on pages that should be ssl. I'm pretty sure my application_top is correct. I'll keep going through the post and see if there's a fix I haven't tried yet.
germ Posted March 4, 2008 Posted March 4, 2008 Look in your index.php file in your root folder. In the <head> section, post the code it uses to determine your <base href="..."> It's probably just one line. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Sc00ter_ep Posted March 4, 2008 Author Posted March 4, 2008 Here is the <head> section: <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> </head> and from the actual page: <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Pwned PCs</title> <base href="http://www.pwnedpcs.com/pwned/"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> </head> After looking back at my configure.php, I don't have a define property of "DIR_WS_CATALOG". Should I? It looks like that's what it's referencing in the index.php <head> section.
germ Posted March 4, 2008 Posted March 4, 2008 The PHP code looks OK. I know you've been trying different things in application_top for this code: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; What do you have there now? :unsure: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Sc00ter_ep Posted March 4, 2008 Author Posted March 4, 2008 // set the type of request (secure or not) //$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; I've tried both lines to no avail.
germ Posted March 4, 2008 Posted March 4, 2008 See if you have this file on your site: /includes/local/configure.php If you have it, be sure the definitions in it are correct. It also may have a line like this: define('ENABLE_SSL', 0); If so, change it to this: define('ENABLE_SSL', 1); Let me know what you find. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Sc00ter_ep Posted March 4, 2008 Author Posted March 4, 2008 No, the only thing in that folder is a README.
germ Posted March 4, 2008 Posted March 4, 2008 So far so good (I think). We're just eliminating possibilities one at a time. Post the code from this file: /pwned/includes/header.php If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Sc00ter_ep Posted March 4, 2008 Author Posted March 4, 2008 LOL, I was just looking at that page! <?php /* $Id: header.php 1739 2007-12-20 00:52:16Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // check if the 'install' directory exists, and warn of its existence if (WARN_INSTALL_EXISTENCE == 'true') { if (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/install')) { $messageStack->add('header', WARNING_INSTALL_DIRECTORY_EXISTS, 'warning'); } } // check if the configure.php file is writeable if (WARN_CONFIG_WRITEABLE == 'true') { if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) { $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); } } // check if the session folder is writeable if (WARN_SESSION_DIRECTORY_NOT_WRITEABLE == 'true') { if (STORE_SESSIONS == '') { if (!is_dir(tep_session_save_path())) { $messageStack->add('header', WARNING_SESSION_DIRECTORY_NON_EXISTENT, 'warning'); } elseif (!is_writeable(tep_session_save_path())) { $messageStack->add('header', WARNING_SESSION_DIRECTORY_NOT_WRITEABLE, 'warning'); } } } // check session.auto_start is disabled if ( (function_exists('ini_get')) && (WARN_SESSION_AUTO_START == 'true') ) { if (ini_get('session.auto_start') == '1') { $messageStack->add('header', WARNING_SESSION_AUTO_START, 'warning'); } } if ( (WARN_DOWNLOAD_DIRECTORY_NOT_READABLE == 'true') && (DOWNLOAD_ENABLED == 'true') ) { if (!is_dir(DIR_FS_DOWNLOAD)) { $messageStack->add('header', WARNING_DOWNLOAD_DIRECTORY_NON_EXISTENT, 'warning'); } } if ($messageStack->size('header') > 0) { echo $messageStack->output('header'); } ?> <div class="fixcenter"> <table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr class="header"> <td valign="middle"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image(DIR_WS_IMAGES . 'store_logo.png', STORE_NAME) . '</a>'; ?></td> <td align="right" valign="bottom"><?php echo '<a href="' . tep_href_link(FILENAME_ACCOUNT, '', 'SSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_account.gif', HEADER_TITLE_MY_ACCOUNT) . '</a> <a href="' . tep_href_link(FILENAME_SHOPPING_CART) . '">' . tep_image(DIR_WS_IMAGES . 'header_cart.gif', HEADER_TITLE_CART_CONTENTS) . '</a> <a href="' . tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_checkout.gif', HEADER_TITLE_CHECKOUT) . '</a>'; ?> </td> </tr> </table> <table border="0" width="100%" cellspacing="0" cellpadding="1"> <tr class="headerNavigation"> <td class="headerNavigation"> <?php echo $breadcrumb->trail(' » '); ?></td> <td align="right" class="headerNavigation"><?php if (tep_session_is_registered('customer_id')) { ?><a href="<?php echo tep_href_link(FILENAME_LOGOFF, '', 'SSL'); ?>" class="headerNavigation"><?php echo HEADER_TITLE_LOGOFF; ?></a> | <?php } ?><a href="<?php echo tep_href_link(FILENAME_ACCOUNT, '', 'SSL'); ?>" class="headerNavigation"><?php echo HEADER_TITLE_MY_ACCOUNT; ?></a> | <a href="<?php echo tep_href_link(FILENAME_SHOPPING_CART); ?>" class="headerNavigation"><?php echo HEADER_TITLE_CART_CONTENTS; ?></a> | <a href="<?php echo tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'); ?>" class="headerNavigation"><?php echo HEADER_TITLE_CHECKOUT; ?></a> </td> </tr> </table> <?php if (isset($HTTP_GET_VARS['error_message']) && tep_not_null($HTTP_GET_VARS['error_message'])) { ?> <table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr class="headerError"> <td class="headerError"><?php echo htmlspecialchars(stripslashes(urldecode($HTTP_GET_VARS['error_message']))); ?></td> </tr> </table> <?php } if (isset($HTTP_GET_VARS['info_message']) && tep_not_null($HTTP_GET_VARS['info_message'])) { ?> <table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr class="headerInfo"> <td class="headerInfo"><?php echo htmlspecialchars(stripslashes(urldecode($HTTP_GET_VARS['info_message']))); ?></td> </tr> </table> <?php } ?> I also have persistent connections set to true. I'm on a static IP.
germ Posted March 4, 2008 Posted March 4, 2008 That looks OK. I asked you to look in the wrong place earlier. Do you have this file on your site: /pwned/includes/local/configure.php :unsure: What I posted earlier was just: /includes/local/configure.php That is incorrect. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Sc00ter_ep Posted March 4, 2008 Author Posted March 4, 2008 That looks OK. I asked you to look in the wrong place earlier. Do you have this file on your site: /pwned/includes/local/configure.php What I posted earlier was just: /includes/local/configure.php That is incorrect. No problem, I knew where you were going. The only thing in that "Local" folder is a README file.
germ Posted March 4, 2008 Posted March 4, 2008 OK. This just doesn't add up.... :blink: MAKE A BACKUP OF YOUR INDEX.PHP FILE. As a test, change the <head> code in your index.php to this: <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <?php // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; ?> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> </head> After you do that, access it with your "secure' URL: https://www.pwnedpcs.com/pwned/index.php How does that work? :unsure: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
germ Posted March 4, 2008 Posted March 4, 2008 It's always looked like that. You just didn't realize it. The SSL problem is still this: <base href="http://www.pwnedpcs.com/pwned/"> Now, if you put that PHP code in as I instructed, the question is: Why doesn't it work? :unsure: It does the same thing as your https://www.pwnedpcs.com/pwned/myenv.php code.... Maybe it's staring me right in the face and I'm too blind to see. I'll have to think about this for a while. Maybe someone else has an explantion why the getenv() seems to work outside of osC, but not within it's hallowed confines... :huh: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Sc00ter_ep Posted March 5, 2008 Author Posted March 5, 2008 germ, thank you so much for all you help!!!! I didn't get it figured out, but I did a clean re-install (4th times the charm :) ) and everything is working perfectly. I just need to put the addons back in one at a time, and check them with scrutiny.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.