ziggy13 Posted May 16, 2008 Posted May 16, 2008 I am having a slight problem in Internet Explorer. We have OScommerce installed with an SSL. When I use IE to view my cart, gourdshop.com/retal I get a warning that says "This page contains both secure and nonsecure items". If you click yes to display the nonsecure items, everything looks fine. When you click no, it takes all the formatting away and shows a bunch of text, no colors or anything. What do I need to do so that this message no longer pops up? A lot of customers have been complaining about it and they don't think our site is secure. Any help would be appreciated, and thanks for everyones time. -Ziggy
Guest Posted May 17, 2008 Posted May 17, 2008 I am having a slight problem in Internet Explorer. We have OScommerce installed with an SSL. When I use IE to view my cart, gourdshop.com/retal I get a warning that says "This page contains both secure and nonsecure items". If you click yes to display the nonsecure items, everything looks fine. When you click no, it takes all the formatting away and shows a bunch of text, no colors or anything. What do I need to do so that this message no longer pops up? A lot of customers have been complaining about it and they don't think our site is secure. Any help would be appreciated, and thanks for everyones time. -Ziggy I have been battling with this all day. Finally got it fixed from the help of Jim. Visit the link below to the and scroll down to the bottom. The bottom of page 1 and all of page two reference it. http://www.oscommerce.com/forums/index.php?showtopic=302218&st=0 also, what is your website? clint
ziggy13 Posted May 19, 2008 Author Posted May 19, 2008 sorry i posted the link wrong in my original post it's http://www.gourdshop.com/retail
germ Posted May 19, 2008 Posted May 19, 2008 Post what your /retail/includes/configure.php file has for these lines: define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', ?); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', ''); define('HTTPS_COOKIE_DOMAIN', ''); define('HTTP_COOKIE_PATH', ''); define('HTTPS_COOKIE_PATH', ''); Don't post the entire file, just those seven lines. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
ziggy13 Posted May 19, 2008 Author Posted May 19, 2008 define('HTTP_SERVER', 'http://gourdshop.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://gourdshop.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'gourdshop.com'); define('HTTPS_COOKIE_DOMAIN', 'gourdshop.com'); define('HTTP_COOKIE_PATH', '/retail/'); define('HTTPS_COOKIE_PATH', '/retail/');
ziggy13 Posted May 19, 2008 Author Posted May 19, 2008 I also want to give you some other info...I edited my .htaccess file to forward everyone to https://gourdshop.com. I did this because if you typed in the www. and went to a secure page, it would tell you that the SSL certificate did not belong to www.gourdshop.com but that it belonged to gourdshop.com. Forwarding everyone to https://gourdshop.com solved this problem, but I was still getting the "secure and nonsecure" error in IE. I also got an error in my object_info.php file that wouldn't let me post any new products. So I put the original .htaccess file back and it fixed the error that wouldn't let me post new products, however I still get the error about the SSL not belonging to www.gourdshop.com and I still get the "secure and nonsecure" error.
germ Posted May 19, 2008 Posted May 19, 2008 Change these: define('HTTP_COOKIE_DOMAIN', 'gourdshop.com'); define('HTTPS_COOKIE_DOMAIN', 'gourdshop.com'); define('HTTP_COOKIE_PATH', '/retail/'); define('HTTPS_COOKIE_PATH', '/retail/'); to: define('HTTP_COOKIE_DOMAIN', '.gourdshop.com'); define('HTTPS_COOKIE_DOMAIN', '.gourdshop.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); But that won't fix your problem. Look in the <head> section of your /retail/index.php for a line that looks something like this: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> Post what you have for this line. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
ziggy13 Posted May 23, 2008 Author Posted May 23, 2008 I have been trying to make those changes in the retail/includes/configure.php file but it will not let me. Everytime I try to upload the file via SmartFTP it sends it to the transfer queue, tries to upload and replace it and it won't take it. Then it just sits there and retries it every 30 seconds but it won't overwrite it. Here is exactly what I have in the <head> section of my retail/index.php file: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
germ Posted May 23, 2008 Posted May 23, 2008 If it won't overwrite it you have a permissions problem. Login to your Control panel provided by your Web host (NOT OSC!) and change it there. Look in /retail/includes/application_top.php around line 40 for this code: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; Post what you have in your file for those lines. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
ziggy13 Posted May 31, 2008 Author Posted May 31, 2008 Sorry for the delay. I fixed my permissions and changed the other files as you requested. Here is what my /retail/includes/application_top.php says in those lines: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
germ Posted May 31, 2008 Posted May 31, 2008 Copy the text in the CODE box below into a text editor (Notepad) on your PC: <?php echo 'HTTP HOST: ' . "$HTTP_HOST"; echo '<br>Server Port: ' . getenv('SERVER_PORT'); echo '<br>SSL Status: ' . getenv('HTTPS'); echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER'); echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST'); echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY'); ?> Save it as myenv.php Upload it into your /retail folder on your server. Then, access it using this link: <-- VERY IMPORTANT!!! Click Me It will output some text to your browser. Copy/paste that output into your next post. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
ziggy13 Posted August 15, 2008 Author Posted August 15, 2008 I apologize for the long delay since my last post. I was moving servers and a lot of stuff happened but anyways... This is what it said: HTTP HOST: Server Port: 443 SSL Status: on Fowarded Server: Fowarded Host: Fowarded By: But first it said the SSL certifcate issued was for www.gourdshop.com not gourdshop.com, this came up in a little popup message
germ Posted August 15, 2008 Posted August 15, 2008 This: define('HTTPS_SERVER', 'https://gourdshop.com'); // eg, https://localhost - should not be empty for productive servers Should be: define('HTTPS_SERVER', 'https://www.gourdshop.com'); // eg, https://localhost - should not be empty for productive servers If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
♥Vger Posted August 15, 2008 Posted August 15, 2008 and the http and https cookie domain settings should be 'www.gourdshop.com' Vger
germ Posted August 16, 2008 Posted August 16, 2008 The site is making a cookie for the HTTP and HTTPS side with the osCid in it as it is now. Unless you're having problems logging in, dumping the cart contents, or losing the session ID, I wouldn't change them. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
♥Vger Posted August 16, 2008 Posted August 16, 2008 With a full ssl certificate, provided the http and https cookie domains are set correctly to the name of the ssl certificate, you can then turn on "Force Cookie Use" - which you cannot do if those settings don't match the certificate common name. You may also, depending on the server set up, be able to use the Force SSL directive to lock down the osCommerce admin panel behind https connections (no unencrypted connections will be possible). Vger
ziggy13 Posted August 19, 2008 Author Posted August 19, 2008 Thanks guys! Everything is working fine by changing my config file. You guys are awesome!
Grant7 Posted August 29, 2008 Posted August 29, 2008 Hi guys, I'm actually getting the same problem with internet explorer for my site, www.totsntales.com. I'm getting the "this page contains secure and unsecure items. Do you want to display the unsecure items?" message whenever the site goes to ssl, like on login.php or create_account.php. The SSL certificate is registered to www.totsntales.com. Here's what I have in my includes/configure.php file: define('HTTP_SERVER', 'http://www.totsntales.com'); define('HTTPS_SERVER', 'https://www.totsntales.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.totsntales.com'); define('HTTPS_COOKIE_DOMAIN', 'www.totsntales.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/shop/'); define('DIR_WS_HTTPS_CATALOG', '/shop/'); Any clues? Cheers, Grant
germ Posted August 29, 2008 Posted August 29, 2008 You have a hard coded http image link in your stylesheet: background-image:url(http://www.totsntales.com/images/babybee.jpg); Try this instead: background-image:url(/images/babybee.jpg); If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.