Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

host tells us the https pages must be in an ssl-enabled directory


dhecker

Recommended Posts

We are migrating an OSC site to a new host. They've installed an ssl cert and told us that all the ssl-enabled content must be in /home/secure_html, instead of /home/public_html where all the code currently is. So, when I click into the checkout, I get a 404 error!

 

I tried moving checkout_shipping.php into that secure_html directory and the ssl cert work (although the page broke because the includes weren't in that path). But, I'm not sure what the approach should be.

 

Should I copy all of the content into the secure directory? It seems like a bad idea to have to complete copies. Very confusing - any advice appreciated!

Link to comment
Share on other sites

It is a bad idea and is an out-dated approach. Your host should use a symlink to make that not necessary. If they won't, or can't, then you either need to run duplicate sets of code or move to a host that doesn't use that approach.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

It is a bad idea and is an out-dated approach. Your host should use a symlink to make that not necessary. If they won't, or can't, then you either need to run duplicate sets of code or move to a host that doesn't use that approach.

 

Jack

 

I'm in the same situation as dhecker - my client has an SSL cert installed by the host and as a result, when I look at the site and just mouse over, say, the "My Account" link, I can see that clicking it will take me to the https://secure.mydomain.com/account.php area - but the account.php file isn't there, so I get a 404 not found error.

 

Since this is the way it's set up and my client is not going to want to just pack up and move to another host, I need to resolve this somehow. It sounds like you are saying I would have to maintain two sets of the osCommerce installation - one in secure.mydomain.com and one the other one. Is this what you are saying? Or do I only need to have certain files in the secure folder? If just certain files, which ones? I kind of wish there were a list of which files so I would know what needs to be there and what doesn't. I am just a bit confused by the "anything to do with logging in or the checkout process". Many thanks in advance for your help!

Link to comment
Share on other sites

Move to another host. This way of doing things is out dated ad for a very good reason, it is a pain to use.

SolarFrenzy

Solar powered gadgets at down to earth prices.

 

CheekyNaughty

Promoting British Design

Link to comment
Share on other sites

I'm in the same situation as dhecker - my client has an SSL cert installed by the host and as a result, when I look at the site and just mouse over, say, the "My Account" link, I can see that clicking it will take me to the https://secure.mydomain.com/account.php area - but the account.php file isn't there, so I get a 404 not found error.

 

Since this is the way it's set up and my client is not going to want to just pack up and move to another host, I need to resolve this somehow. It sounds like you are saying I would have to maintain two sets of the osCommerce installation - one in secure.mydomain.com and one the other one. Is this what you are saying? Or do I only need to have certain files in the secure folder? If just certain files, which ones? I kind of wish there were a list of which files so I would know what needs to be there and what doesn't. I am just a bit confused by the "anything to do with logging in or the checkout process". Many thanks in advance for your help!

Well, that's the problem. You can guess at what pages should use the cert but if you add a conttibution that requires it, you may not realize it. If you have to use this type of setup, then it is best to keep two complete sets of files.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Move to another host. This way of doing things is out dated ad for a very good reason, it is a pain to use.

 

Pain or no pain, I have to stay with the current host. Please can anyone help? I would like to get the site running as soon as possible. If it means putting a copy of the entire site into the secure folder, so be it..but if I don't have to do that, it would be nice to know which folders/files DO need to go there.

Link to comment
Share on other sites

Well, that's the problem. You can guess at what pages should use the cert but if you add a conttibution that requires it, you may not realize it. If you have to use this type of setup, then it is best to keep two complete sets of files.

 

Jack

 

In my case I put a new installation of osC into a folder called "shop" of the public_html directory (http://www.mydomain.com/shop for example purposes). The secure folder is also in the public_html directory, and is https://secure.mydomain.com. When you click on the login link it wants to take you to https://secure.mydomain.com/shop/login.php... but it gives a 404 error.

 

If I create a folder named shop inside the secure folder then put a copy of login.php in there, and try the login link, it gives errors about a required file, application_top.php, not being found. This leads me to think that I need to have certain required files copied into the secure/shop folder, but I need to know which ones are required in order to have secure login/logout, checkout, etc. processes working properly. Application_top.php appears to be one of those files that need to be copied in there, for starters.

 

Isn't there a guide to that somewhere? Copying the entire /shop subfolder into the secure folder just seems like overkill to me.

Link to comment
Share on other sites

Try re-reading the thread - the answers are all there. You are wanting an easy solution for an out-dated and difficult method that few use. There's no support for it for that reason.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Try re-reading the thread - the answers are all there. You are wanting an easy solution for an out-dated and difficult method that few use. There's no support for it for that reason.

 

Jack

 

I'm sorry if I seem dense. There are a lot of us who want to understand how this is done. "The answers are all there" - well, then, it seems to me there are two (appropriate) solutions mentioned in this thread:

 

1) change webhosts or

2) get the webhost to create a symlink (from the SSL cert folder to the osC folder/files? or the other way around?) so that duplication of files isn't needed; when a secure environment is needed it will show as such - for the login and checkout processes.

 

An INAPPROPRIATE (and should not be necessary) solution is to place a copy of the osC installation files into the secure folder.

 

Please be patient with me and others who are really just trying to understand so we can learn and know how it's done and get it done right.

 

I realized I did not post my config setting information for the admin or catalog so I have them posted here - perhaps I overlooked something. Note: have changed some names to protect the innocent. The SSL cert is a purchased cert (GeoTrust) installed on a domain that resides on a shared hosting server. The version of osC is 2.2 RC2a.

 

/shop/includes/configure.php

 

  define('HTTP_SERVER', 'http://mydomain.com');
 define('HTTPS_SERVER', 'https://secure.mydomain.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'mydomain.com');
 define('HTTPS_COOKIE_DOMAIN', 'secure.mydomain.com');
 define('HTTP_COOKIE_PATH', '/shop/');
 define('HTTPS_COOKIE_PATH', '/shop/');
 define('DIR_WS_HTTP_CATALOG', '/shop/');
 define('DIR_WS_HTTPS_CATALOG', '/shop/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/xxxxxx/public_html/shop/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

and here is the /shop/admin/includes/configure.php:

 

  define('HTTP_SERVER', 'http://mydomain.com');
 define('HTTP_CATALOG_SERVER', 'http://mydomain.com');
 define('HTTPS_CATALOG_SERVER', 'https://secure.mydomain.com');
 define('ENABLE_SSL_CATALOG', true);
 define('DIR_FS_DOCUMENT_ROOT', '/home/xxxxxx/public_html/shop/');
 define('DIR_WS_ADMIN', '/shop/admin/');
 define('DIR_FS_ADMIN', '/home/xxxxxx/public_html/shop/admin/');
 define('DIR_WS_CATALOG', '/shop/');
 define('DIR_FS_CATALOG', '/home/xxxxxx/public_html/shop/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

 

Did I overlook something in the config files, or is it back to getting the webhost to set a symlink, or am I missing something else here?

Link to comment
Share on other sites

An INAPPROPRIATE (and should not be necessary) solution is to place a copy of the osC installation files into the secure folder.

 

Jack was perfectly patient and was offering you sound advice, as is usual for him, being one of the most experienced here.

 

If indeed you find his advice "inappropriate" then I suggest that you obviously know better than all of us and that you therefore do not need our help.

 

Coming on here and slagging off admired users who were trying to help you is going to get you ignored.

 

Good luck.

Link to comment
Share on other sites

Jack was perfectly patient and was offering you sound advice, as is usual for him, being one of the most experienced here.

 

If indeed you find his advice "inappropriate" then I suggest that you obviously know better than all of us and that you therefore do not need our help.

 

Coming on here and slagging off admired users who were trying to help you is going to get you ignored.

 

Good luck.

 

 

Please try to understand! I am not slapping at or slagging off anyone. My sincere apologies if anyone thought I was doing that because that is certainly not my intent. I don't come to the forums with the intention of insulting people, I came to ask for help and to make sure that I fully understand the information being shared here.

 

I've researched other threads on this issue and found conflicting information. I just need help with clarifying the information I am getting. If the solution Jack gave is not inappropriate, I would just appreciate being corrected on that. What I listed was based on my clearly imperfect understanding of this thread and other threads, and the information I listed before was simply a summarization of what I found thus far. Note I included additional information about my setup that I hoped would provide more background so Jack could hopefully confirm or correct my thinking, and perhaps help others who may be in the same situation.

 

Jack had suggested that a symlink is needed. I take that to mean copying the osC files into the secure folder would not be necessary. Then he said copying the osC files into the secure folder is needed. I am merely confused as to which is the preferred approach, not attempting to be rude toward Jack or anyone else.

Link to comment
Share on other sites

Please try to understand! I am not slapping at or slagging off anyone. My sincere apologies if anyone thought I was doing that because that is certainly not my intent. I don't come to the forums with the intention of insulting people, I came to ask for help and to make sure that I fully understand the information being shared here.

 

I've researched other threads on this issue and found conflicting information. I just need help with clarifying the information I am getting. If the solution Jack gave is not inappropriate, I would just appreciate being corrected on that. What I listed was based on my clearly imperfect understanding of this thread and other threads, and the information I listed before was simply a summarization of what I found thus far. Note I included additional information about my setup that I hoped would provide more background so Jack could hopefully confirm or correct my thinking, and perhaps help others who may be in the same situation.

 

Jack had suggested that a symlink is needed. I take that to mean copying the osC files into the secure folder would not be necessary. Then he said copying the osC files into the secure folder is needed. I am merely confused as to which is the preferred approach, not attempting to be rude toward Jack or anyone else.

 

Just baseing it on what you said and responded to Jack your server set up currently requires duplicate files in the the public and secure folders, my experiences of this odd set up mirrors Jacks. The two folders should contain identical files.

 

Try to change one and not the other and before you know it you'll be in all sorts of bother.

Link to comment
Share on other sites

Just baseing it on what you said and responded to Jack your server set up currently requires duplicate files in the the public and secure folders, my experiences of this odd set up mirrors Jacks. The two folders should contain identical files.

 

Try to change one and not the other and before you know it you'll be in all sorts of bother.

 

Thank you so much for understanding I was only asking for help! I truly appreciate it. Since Jack referred to a symlink before, I ws curious if creating a symlink between the secure folder and the osC folder is also a solution? If yes, is it preferred over copying the files into the secure folder, or will that not work anyway because of the way the SSL certificate is installed?

 

The more I understand, the better I can do this - which is why I really appreciate your help on this.

Link to comment
Share on other sites

Thank you so much for understanding I was only asking for help! I truly appreciate it. Since Jack referred to a symlink before, I ws curious if creating a symlink between the secure folder and the osC folder is also a solution? If yes, is it preferred over copying the files into the secure folder, or will that not work anyway because of the way the SSL certificate is installed?

 

The more I understand, the better I can do this - which is why I really appreciate your help on this.

 

the symlink is something that most definately should have been set up by your hosts, it is not something you can "just do"

Link to comment
Share on other sites

the symlink is something that most definately should have been set up by your hosts, it is not something you can "just do"

 

Yes, I understand that now, thanks - I am waiting for a live chat with the webhost to see if they will create it, and will report back on the results here.

Link to comment
Share on other sites

Yes, I understand that now, thanks - I am waiting for a live chat with the webhost to see if they will create it, and will report back on the results here.

 

Live chat with webhost left me with two choices:

 

1) The webhost can get SSL cert reissued. Turns out cert was issued to secure.mydomain.com - shouldn't it have been issued to mydomain.com in the first place?

 

2) Don't get cert reissued - instead MOVE, not copy, entire site into secure folder and set a redirect so when users type "www.mydomain.com" or "mydomain.com" they will be redirected to https://secure.mydomain.com/shop. Make sure the configure.php files point to secure.mydomain.com in all instances. The effect is the entire site is secure, right, but are there any ramifications AGAINST doing this?

 

Which is really the best option, and can you please explain why so I understand this for future reference? I have another osCommerce project coming up and this client will want a similar setup.

 

Thank you to all who have helped so far!

Link to comment
Share on other sites

Live chat with webhost left me with two choices:

 

1) The webhost can get SSL cert reissued. Turns out cert was issued to secure.mydomain.com - shouldn't it have been issued to mydomain.com in the first place?

 

2) Don't get cert reissued - instead MOVE, not copy, entire site into secure folder and set a redirect so when users type "www.mydomain.com" or "mydomain.com" they will be redirected to https://secure.mydomain.com/shop. Make sure the configure.php files point to secure.mydomain.com in all instances. The effect is the entire site is secure, right, but are there any ramifications AGAINST doing this?

 

Which is really the best option, and can you please explain why so I understand this for future reference? I have another osCommerce project coming up and this client will want a similar setup.

 

Thank you to all who have helped so far!

Take a look in your hosts TOS page. Is their policy "Grab shovel - dig deeper?" :) The ssl cert can be ordered for any way you want it to be worded. So using secure.domainname.com shouldn't cause a problem. Typically, one would setup a sub-domain for this and point it to the main domain. Your host seems to be struggling with modern methods though. I'm not saying this in a mean-spirited way. They may be a perfectly fine host in all regards but it doesn't seem so regarding this matter. My concern would be that if you had trouble with your setup, would they be able to fix it? But besides all of that, running a site in full secure mode is not a good idea and will kill its chances of ranking well in the search engine listings. If you have no other choices than the ones you listed in this thread, then I would get the cert re-issued. At least then your site won't suffer in the listings.

 

Jack

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Take a look in your hosts TOS page. Is their policy "Grab shovel - dig deeper?" :) The ssl cert can be ordered for any way you want it to be worded. So using secure.domainname.com shouldn't cause a problem. Typically, one would setup a sub-domain for this and point it to the main domain. Your host seems to be struggling with modern methods though. I'm not saying this in a mean-spirited way. They may be a perfectly fine host in all regards but it doesn't seem so regarding this matter. My concern would be that if you had trouble with your setup, would they be able to fix it? But besides all of that, running a site in full secure mode is not a good idea and will kill its chances of ranking well in the search engine listings. If you have no other choices than the ones you listed in this thread, then I would get the cert re-issued. At least then your site won't suffer in the listings.

 

Jack

 

Jack

 

I appreciate your patience. I've been feeling so stuck in the middle of nowhere, and between what I've been learning here and what I've been learning from the webhost, I hope you can understand how confused (and a bit frustrated) I became.

 

The cert was originally issued to 'secure.mydomain.com' back in 2005 and it worked fine up until a few weeks ago, after the site was moved to a new server (same webhost). What seems to have created more problems was the cert had expired and needed to be renewed. Since then the client reported users were getting '404 not found' errors when trying to log in, create accounts or checkout. I had not changed anything in the configure.php files since the site was merely moved to a different server and the cert was renewed and reinstalled. The webhost rechecked and confirmed the cert was reinstalled correctly.

 

Since the original install of osCommerce was an older version, I decided to install a new version - 2.2 RC2a - into a subfolder (the /shop one I mentioned previously) and made sure the configure.php files were set taking that into consideration. I exported the original database, made the necessary mySQL changes to add the new fields to the appropriate tables in that SQL file and then imported the database to the new installation. It's fine. All the products are showing up, and you can see them when you navigate through the catalog. You just can't checkout/buy anything (PayPal isn't yet installed, will be after I get the SSL issue fixed) - or log in, or create an account.

 

The original site is at http://www.morningmistmetalarts.com - the new version is at http://www.morningmistmetalarts.com/shop

 

UPDATE:

If you go to https://secure.morningmistmetalarts.com it will take you to http://www.morningmistmetalarts.com/shop but when you try the login, create account, guestbook or checkout links, you will get a 404 not found. It seems like it's soooooo close, I'm just missing something somewhere.

Link to comment
Share on other sites

If you go to https://secure.morningmistmetalarts.com it will take you to http://www.morningmistmetalarts.com/shop but when you try the login, create account, guestbook or checkout links, you will get a 404 not found. It seems like it's soooooo close, I'm just missing something somewhere.
You should be able to go to https://secure.domain.com and have it work. But they, someone, has it redirecting, which isn't typical. Only your host can fix this for you since it is specific to your setup.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

You should be able to go to https://secure.domain.com and have it work. But they, someone, has it redirecting, which isn't typical. Only your host can fix this for you since it is specific to your setup.

 

Jack

 

A few days ago, when I put in https://secure.morningmistmetalarts.com, it gave me a white page with the GeoTrust logo on it, which I take to mean the SSL cert was correctly installed. I didn't change anything on my end since then, so it must be the webhost; but even before then, I was getting the 404 errors when clicking to log in, create an account, or checkout - and in the original site, to go to the guestbook. Is there something else I've been missing that would cause the 404 errors? The error shows the following when clicking on the create account link:

 

Not Found

The requested URL /shop/create_account.php was not found on this server.

 

And the URL in the address field would show:

 

https://secure.morningmistmetalarts.com/sho...ddb200caf681c69

 

This is really confusing me as to what I need to do to fix the problem. It was why I asked before if I needed to move the /shop folder into the secure folder. The 404 errors have been the behavior since I started posting here about the issue. Are you telling me the webhost has to fix something, or is there still something else I need to do to get this working?

 

The webhost has told me the cert issuer will honor a reissue if it's still needed, but I need to let them know within a couple of hours, because there is a short window of time during which GeoTrust will honor the reissue, and it takes time for the webhost to get the process underway before that window closes. Do I need to request a reissue of the SSL cert? Originally the cert was issued to secure.morningmistmetalarts.com; osCommerce was not installed into secure.morningmistmetalarts.com - it is in www.morningmistmetalarts.com/shop -- so, am I to understand that getting the certificate reissued to www.morningmistmetalarts.com will help to resolve my problem?

 

If not, is there anything I can do to fix this problem, or is the issue entirely on the webhost's end? I'm sorry if I sound like I'm repeating myself. I just don't fully understand why there is this problem, but I am very willing to try so if I seem like a complete blockhead, I'm really sorry. I'm trying, though.

Link to comment
Share on other sites

The includes/configre.php file has to be setup to use the certificate. Maybe yours isn't.

 

Jack

 

I posted the contents of the two configure.php files in post #9 of this thread; just substitute morningmistmetalarts wherever it says mydomain. It shows:

 

define('HTTPS_SERVER', 'https://secure.mydomain.com');

 

and SSL is turned on.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...