rs2k Posted May 11, 2008 Posted May 11, 2008 I noticed if you remove the s from https:// you can turn an SSL page into a non SSL page. I can't imagine anyone ever doing it, but can SSL usage be forced on certain pages? I know I can use htaccess to force it on certain folders.
Guest Posted May 11, 2008 Posted May 11, 2008 I noticed if you remove the s from https:// you can turn an SSL page into a non SSL page. I can't imagine anyone ever doing it, but can SSL usage be forced on certain pages? I know I can use htaccess to force it on certain folders. osc is designed to auto use ssl where required. You do need an installed ssl certificate and to edit the two includes/configure.php files.
germ Posted May 12, 2008 Posted May 12, 2008 You can force a particular page to be SSL. At the top of the code, just below this line: require('includes/application_top.php'); Add this code: if ( $request_type != 'SSL' ) { tep_redirect(tep_href_link(basename($PHP_SELF), '', 'SSL')); } Using that code, if they enter the page with a http URL, it forces a reload of the page with a https URL. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
rs2k Posted May 12, 2008 Author Posted May 12, 2008 You can force a particular page to be SSL. At the top of the code, just below this line: require('includes/application_top.php'); Add this code: if ( $request_type != 'SSL' ) { tep_redirect(tep_href_link(basename($PHP_SELF), '', 'SSL')); } Using that code, if they enter the page with a http URL, it forces a reload of the page with a https URL. Thanks! That's exactly what I was looking for.
Draeisme Posted July 27, 2008 Posted July 27, 2008 Hi. I am trying to do the opposite of this. I have 'help' and 'about us' pages that have been implemented into the oscommerce system. I would like to force these pages to be NON SSL, because if they click it after being in my account then the help page is secure. How do i force a page to be NON SSL?
germ Posted July 27, 2008 Posted July 27, 2008 if ( $request_type != 'NONSSL' ) { tep_redirect(tep_href_link(basename($PHP_SELF), '', 'NONSSL')); } If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Draeisme Posted July 27, 2008 Posted July 27, 2008 if ( $request_type != 'NONSSL' ) { tep_redirect(tep_href_link(basename($PHP_SELF), '', 'NONSSL')); } Thanks for the quick reply jim, but when i use that code i get this error. Redirect Loop Firefox has detected that the server is redirecting the request for this address in a way that will never complete. The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete. * Have you disabled or blocked cookies required by this site? * NOTE: If accepting the site's cookies does not resolve the problem, it is likely a server configuration issue and not your computer.
germ Posted July 27, 2008 Posted July 27, 2008 Then you have other problems, probably either with a .htaccess file redirect or your configure file. The code does exactly what you wanted. :huh: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Draeisme Posted July 29, 2008 Posted July 29, 2008 The php code for redirecting should be placed in the top of the php file in the root(catalog) of domain right? I can't spot anything wrong, can you give it a glance over? Here is my php file, configure file and htaccess. <?php /* $Id: conditions.php,v 1.22 2003/06/05 23:26:22 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); if ( $request_type != 'NONSSL' ) { tep_redirect(tep_href_link(basename($PHP_SELF), '', 'NONSSL')); } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_HELP); $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_HELP)); Here is my config file and htaccess. define('HTTP_SERVER', 'http://www.raysebookshop.com'); define('HTTPS_SERVER', 'https://www.raysebookshop.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.raysebookshop.com'); define('HTTPS_COOKIE_DOMAIN', 'www.raysebookshop.com'); define('HTTP_COOKIE_PATH', '/test0r/'); define('HTTPS_COOKIE_PATH', '/test0r/'); define('DIR_WS_HTTP_CATALOG', '/test0r/'); define('DIR_WS_HTTPS_CATALOG', '/test0r/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/xxxxxxxxxx/public_html/test0r/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); Here is my htaccess # $Id: $ # # This is used with Apache WebServers # # For this to work, you must include the parameter 'Options' to # the AllowOverride configuration # # Example: # # <Directory "/usr/local/apache/htdocs"> # AllowOverride Options # </Directory> # # 'All' with also work. (This configuration is in the # apache/conf/httpd.conf file) # The following makes adjustments to the SSL protocol for Internet # Explorer browsers #<IfModule mod_setenvif.c> # <IfDefine SSL> # SetEnvIf User-Agent ".*MSIE.*" \ # nokeepalive ssl-unclean-shutdown \ # downgrade-1.0 force-response-1.0 # </IfDefine> #</IfModule> # If Search Engine Friendly URLs do not work, try enabling the # following Apache configuration parameter # AcceptPathInfo On # Fix certain PHP values # (commented out by default to prevent errors occuring on certain # servers) # php_value session.use_trans_sid 0 # php_value register_globals 1 Options +FollowSymLinks RewriteEngine On RewriteBase / RewriteRule ^catalog/(.*)$ /$1 [R=301,NC,L] RewriteRule ^(.*)-p-(.*).html$ product_info.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-c-(.*).html$ index.php?cPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-m-(.*).html$ index.php?manufacturers_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pi-(.*).html$ popup_image.php?pID=$2&%{QUERY_STRING} RewriteRule ^(.*)-t-(.*).html$ articles.php?tPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-a-(.*).html$ article_info.php?articles_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pr-(.*).html$ product_reviews.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pri-(.*).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-i-(.*).html$ information.php?info_id=$2&%{QUERY_STRING} RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^contact/contact.php$ http://www.raysebookshop.com/contact_us.php [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^about.php$ http://www.raysebookshop.com/about_us.php [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^tos.php$ http://www.raysebookshop.com/terms.php [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^paymentinfo.php$ http://www.raysebookshop.com/payment.php [R=301,L] ErrorDocument 404 http://www.raysebookshop.com/404_error.php AddType text/x-server-parsed-html .html RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^best_sellers.php$ "http\:\/\/www\.raysebookshop\.com\/bestselling_products\.php" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^catalog/?$ "http\:\/\/www\.raysebookshop\.com" [R=301,L] RewriteCond %{HTTP_HOST} ^.*$ RewriteRule ^faq.php$ "http\:\/\/www\.raysebookshop\.com\/help\.php" [R=301,L]
germ Posted July 29, 2008 Posted July 29, 2008 Actually, it seems to be what's behind door number 3 instead. You've got a template with wonky code. :huh: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Draeisme Posted July 30, 2008 Posted July 30, 2008 Actually, it seems to be what's behind door number 3 instead. You've got a template with wonky code. :huh: LOL alright. What section is messed up, and how can i can de-wonkify it? I have it set up with relevant links, should i use absolute instead?
germ Posted July 30, 2008 Posted July 30, 2008 I don't mean to be blunt as a spoon, but your HTML source is a wreck. :blush: That aside, I believe the main problem with your links is the fact you don't have this code in the source in the <head> section: <base href="http://www.raysebookshop.com/"> Normal osC put's it in there like this: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> Just beneath the <title> tag. Many of your links are contructed like this: <a class="headerNavigation" href="contact_us.php"> So, without the base href what happens is this. When the page goes SSL, the links constructed as above are acquiring the HTTPS from the parent page. You could try putting the base href code in your <head> section and see if it works/helps. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Draeisme Posted August 3, 2008 Posted August 3, 2008 I tried the base href code, but then that messed up my images on the secure page and made them unsecure and gave that error. I am using STS template, and it does have the echo function somewhere, thats why the relative links are becoming secure. But i read up on STS and adding new text to config files. This allowed me to have certain pages that make the links always unsecure. Thanks for all your help Jim.
germ Posted August 3, 2008 Posted August 3, 2008 While you're in there working on your template files you should find out why your HTML source is messed up. If you look at it you'll see that these HTML tags appear multiple times: <!DOCTYPE <html> <head> <body> Each of those should only apppear once. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Draeisme Posted August 6, 2008 Posted August 6, 2008 With the way i have sts template set up, the featured and new product infoboxes have their own html file. So when it loads it you get the extra body and extra head and extra information. I am able to remove the extra <head> tags. Does having an extra body and html tag really hurt me?
germ Posted August 6, 2008 Posted August 6, 2008 Hard to say. Search engines might be skewed by it. It can't be that hard to fix, so why risk it? :unsure: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Recommended Posts
Archived
This topic is now archived and is closed to further replies.