Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Can I force SSL usage where cutomer info in input?


rs2k

Recommended Posts

I noticed if you remove the s from https:// you can turn an SSL page into a non SSL page. I can't imagine anyone ever doing it, but can SSL usage be forced on certain pages? I know I can use htaccess to force it on certain folders.

Link to comment
Share on other sites

I noticed if you remove the s from https:// you can turn an SSL page into a non SSL page. I can't imagine anyone ever doing it, but can SSL usage be forced on certain pages? I know I can use htaccess to force it on certain folders.

osc is designed to auto use ssl where required. You do need an installed ssl certificate and to edit the two includes/configure.php files.

Link to comment
Share on other sites

You can force a particular page to be SSL.

 

At the top of the code, just below this line:

 

  require('includes/application_top.php');

Add this code:

 

  if ( $request_type != 'SSL' ) {
tep_redirect(tep_href_link(basename($PHP_SELF), '', 'SSL'));
 }

Using that code, if they enter the page with a http URL, it forces a reload of the page with a https URL.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

You can force a particular page to be SSL.

 

At the top of the code, just below this line:

 

  require('includes/application_top.php');

Add this code:

 

  if ( $request_type != 'SSL' ) {
tep_redirect(tep_href_link(basename($PHP_SELF), '', 'SSL'));
 }

Using that code, if they enter the page with a http URL, it forces a reload of the page with a https URL.

 

 

Thanks! That's exactly what I was looking for.

Link to comment
Share on other sites

  • 2 months later...

Hi. I am trying to do the opposite of this.

 

I have 'help' and 'about us' pages that have been implemented into the oscommerce system. I would like to force these pages to be NON SSL, because if they click it after being in my account then the help page is secure.

 

How do i force a page to be NON SSL?

Link to comment
Share on other sites

  if ( $request_type != 'NONSSL' ) {
tep_redirect(tep_href_link(basename($PHP_SELF), '', 'NONSSL'));
 }

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

  if ( $request_type != 'NONSSL' ) {
tep_redirect(tep_href_link(basename($PHP_SELF), '', 'NONSSL'));
 }

 

Thanks for the quick reply jim, but when i use that code i get this error.

 

Redirect Loop

 

 

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

 

 

The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete.

 

* Have you disabled or blocked cookies required by this site?

* NOTE: If accepting the site's cookies does not resolve the problem, it is likely a server configuration issue and not your computer.

Link to comment
Share on other sites

Then you have other problems, probably either with a .htaccess file redirect or your configure file.

 

The code does exactly what you wanted.

:huh:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

The php code for redirecting should be placed in the top of the php file in the root(catalog) of domain right?

 

I can't spot anything wrong, can you give it a glance over?

 

Here is my php file, configure file and htaccess.

 

<?php
/*
 $Id: conditions.php,v 1.22 2003/06/05 23:26:22 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

  if ( $request_type != 'NONSSL' ) {
tep_redirect(tep_href_link(basename($PHP_SELF), '', 'NONSSL'));
 }

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_HELP);

 $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_HELP));

 

 

Here is my config file and htaccess.

 

  define('HTTP_SERVER', 'http://www.raysebookshop.com');
 define('HTTPS_SERVER', 'https://www.raysebookshop.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.raysebookshop.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.raysebookshop.com');
 define('HTTP_COOKIE_PATH', '/test0r/');
 define('HTTPS_COOKIE_PATH', '/test0r/');
 define('DIR_WS_HTTP_CATALOG', '/test0r/');
 define('DIR_WS_HTTPS_CATALOG', '/test0r/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/xxxxxxxxxx/public_html/test0r/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

Here is my htaccess

# $Id: $
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
#   AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)

# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers

#<IfModule mod_setenvif.c>
#  <IfDefine SSL>
#	SetEnvIf User-Agent ".*MSIE.*" \
#			 nokeepalive ssl-unclean-shutdown \
#			 downgrade-1.0 force-response-1.0
#  </IfDefine>
#</IfModule>

# If Search Engine Friendly URLs do not work, try enabling the
# following Apache configuration parameter

# AcceptPathInfo On

# Fix certain PHP values
# (commented out by default to prevent errors occuring on certain
# servers)

# php_value session.use_trans_sid 0
# php_value register_globals 1

Options +FollowSymLinks
RewriteEngine On 
RewriteBase /
RewriteRule ^catalog/(.*)$ /$1 [R=301,NC,L]

RewriteRule ^(.*)-p-(.*).html$ product_info.php?products_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-c-(.*).html$ index.php?cPath=$2&%{QUERY_STRING}
RewriteRule ^(.*)-m-(.*).html$ index.php?manufacturers_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-pi-(.*).html$ popup_image.php?pID=$2&%{QUERY_STRING}
RewriteRule ^(.*)-t-(.*).html$ articles.php?tPath=$2&%{QUERY_STRING}
RewriteRule ^(.*)-a-(.*).html$ article_info.php?articles_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-pr-(.*).html$ product_reviews.php?products_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-pri-(.*).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-i-(.*).html$ information.php?info_id=$2&%{QUERY_STRING}

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^contact/contact.php$ http://www.raysebookshop.com/contact_us.php [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^about.php$ http://www.raysebookshop.com/about_us.php [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^tos.php$ http://www.raysebookshop.com/terms.php [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^paymentinfo.php$ http://www.raysebookshop.com/payment.php [R=301,L]

ErrorDocument 404 http://www.raysebookshop.com/404_error.php

AddType text/x-server-parsed-html .html

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^best_sellers.php$ "http\:\/\/www\.raysebookshop\.com\/bestselling_products\.php" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^catalog/?$ "http\:\/\/www\.raysebookshop\.com" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^faq.php$ "http\:\/\/www\.raysebookshop\.com\/help\.php" [R=301,L]

Link to comment
Share on other sites

Actually, it seems to be what's behind door number 3 instead.

 

You've got a template with wonky code.

:huh:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Actually, it seems to be what's behind door number 3 instead.

 

You've got a template with wonky code.

:huh:

 

 

LOL alright.

What section is messed up, and how can i can de-wonkify it? I have it set up with relevant links, should i use absolute instead?

Link to comment
Share on other sites

I don't mean to be blunt as a spoon, but your HTML source is a wreck.

:blush:

 

That aside, I believe the main problem with your links is the fact you don't have this code in the source in the <head> section:

 

<base href="http://www.raysebookshop.com/">

Normal osC put's it in there like this:

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

Just beneath the <title> tag.

 

Many of your links are contructed like this:

 

<a class="headerNavigation" href="contact_us.php">

So, without the base href what happens is this.

 

When the page goes SSL, the links constructed as above are acquiring the HTTPS from the parent page.

 

You could try putting the base href code in your <head> section and see if it works/helps.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I tried the base href code, but then that messed up my images on the secure page and made them unsecure and gave that error.

 

I am using STS template, and it does have the echo function somewhere, thats why the relative links are becoming secure.

 

But i read up on STS and adding new text to config files. This allowed me to have certain pages that make the links always unsecure.

 

Thanks for all your help Jim.

Link to comment
Share on other sites

While you're in there working on your template files you should find out why your HTML source is messed up.

 

If you look at it you'll see that these HTML tags appear multiple times:

 

<!DOCTYPE
<html>
<head>
<body>

Each of those should only apppear once.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

With the way i have sts template set up, the featured and new product infoboxes have their own html file. So when it loads it you get the extra body and extra head and extra information. I am able to remove the extra <head> tags. Does having an extra body and html tag really hurt me?

Link to comment
Share on other sites

Hard to say.

 

Search engines might be skewed by it.

 

It can't be that hard to fix, so why risk it?

:unsure:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...