Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL breaks OSC Admin page


acwhiteman

Recommended Posts

Hi all,

 

I obtained and installed a SSL certificate and enabled SSL in both of my 'configure.php' files. When I got the cert, the hosting company (1&1.com) instructed me to set up an .htaccess file under my domain with the following lines:

 

RewriteEngine On

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^(.*)$ https://www.ctmlb.us/$1 [R]

 

This works fine since my entire site is now encrypted. I'm able to enter the store, log into a regular account, and view the contents of "My Account". However, when I try to log into my OSC Admin page, I get "Error: Invalid administrator login attempt".

 

If I remove the .htaccess file, pages show as normal (non encrypted) and I'm able to log into the Admin page fine. However, logging into my store as a user, the page correctly displays 'https' in the address bar in a different color- but with an open lock!

 

Any insight on how to resolve this will be greatly appreciated...

 

Thank you,

 

Alan.

Link to comment
Share on other sites

Hi all,

 

I obtained and installed a SSL certificate and enabled SSL in both of my 'configure.php' files. When I got the cert, the hosting company (1&1.com) instructed me to set up an .htaccess file under my domain with the following lines:

 

RewriteEngine On

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^(.*)$ https://www.ctmlb.us/$1 [R]

 

This works fine since my entire site is now encrypted. I'm able to enter the store, log into a regular account, and view the contents of "My Account". However, when I try to log into my OSC Admin page, I get "Error: Invalid administrator login attempt".

 

If I remove the .htaccess file, pages show as normal (non encrypted) and I'm able to log into the Admin page fine. However, logging into my store as a user, the page correctly displays 'https' in the address bar in a different color- but with an open lock!

 

Any insight on how to resolve this will be greatly appreciated...

 

Thank you,

 

Alan.

 

I'm not answering your specific question with this because I think what follows is more important.

 

Having SSL throughout your site is madness .. it increases server load massively .. slows the site down for customers .. Google wont index your site (doesn't index https pages).

 

In fact there's not a single reason to do it.

 

Remove the rewrite rule and let osCommerce work properly is my advice.

Link to comment
Share on other sites

I'm not answering your specific question with this because I think what follows is more important.

 

Having SSL throughout your site is madness .. it increases server load massively .. slows the site down for customers .. Google wont index your site (doesn't index https pages).

 

In fact there's not a single reason to do it.

 

Remove the rewrite rule and let osCommerce work properly is my advice.

 

FWR Media,

 

That's excellent advice! I will certainly remove the .htaccess file. However, that still leaves me with broken SSL pages. Firefox displays a pink addressbar and an open padlock on pages that need to be secured.

Link to comment
Share on other sites

Make and upload the script decribed in this post:

 

Click Me

 

Access it with an HTTPS URL, like:

 

https://www.ctmlb.us/catalog/myenv.php

 

THE HTTPS IS OF THE UTMOST IMPORTANCE!!!

 

Copy/paste the results of the scripts output into your next post.

 

The reason you have the broken padlock is that osC isn't detecting your SSL.

 

I can tell from this line in the HTML source of one of your secure pages:

 

<base href="http://www.ctmlb.us/catalog/">

We'll probably need to make an adjustment to your application_top.php

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

This is worth reading:

 

1&1 SSL Fix

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

This is worth reading:

 

1&1 SSL Fix

 

 

Thank you germ!

 

This is the result of myenv.php:

 

HTTP HOST: www.ctmlb.us

Server Port: 443

SSL Status: 1

Fowarded Server:

Fowarded Host:

Fowarded By:

 

I'll go ahead and read the article on 1&1 and see what needs to be done. I really appreciate your help...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...