Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL issues


Guest

Recommended Posts

Hello all,

I've received my SSL certificate for my site and configured everything but something is wrong. My cert is for trianglebullseye.com.

 

Here are my configure.php settings:

define('HTTP_SERVER', 'http://www.trianglebullseye.com');

define('HTTPS_SERVER', 'https://trianglebullseye.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.trianglebullseye.com');

define('HTTPS_COOKIE_DOMAIN', 'trianglebullseye.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

 

If you goto https://trianglebullseye.com/ everything looks good. This is my under construction page. My site isn't live yet but you can get to it at http://www.trianglebullseye.com/index.php.

 

The problem is that when you goto any of my SSL enabled pages, such as, clicking My Account, the login page, or any of the checkout pages, things fall apart. The location bar (in Firefox) will show https and turns yellow for a second and then turns back to white, the Comodo logo shows up properly in the bottom right corner, and the lock show up as locked but it has a red line through it.

 

I've tried all kinds of things but none seem to work. Am I missing something obvious here? I've had help from my host company and Comodo but no luck.

 

any help would be greatly appreciated,

thanks,

Mike

Link to comment
Share on other sites

To use the "Force Cookie Use" feature both the http and https cookie domain settings have to match. So these are your correct settings:

 

define('HTTP_SERVER', 'http://trianglebullseye.com');
define('HTTPS_SERVER', 'https://trianglebullseye.com');
define('ENABLE_SSL', true);
define('HTTP_COOKIE_DOMAIN', 'trianglebullseye.com');
define('HTTPS_COOKIE_DOMAIN', 'trianglebullseye.com');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');

 

Vger

Link to comment
Share on other sites

To use the "Force Cookie Use" feature both the http and https cookie domain settings have to match. So these are your correct settings:

 

define('HTTP_SERVER', 'http://trianglebullseye.com');
define('HTTPS_SERVER', 'https://trianglebullseye.com');
define('ENABLE_SSL', true);
define('HTTP_COOKIE_DOMAIN', 'trianglebullseye.com');
define('HTTPS_COOKIE_DOMAIN', 'trianglebullseye.com');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');

 

Vger

 

Vger,

Thanks for the reply. I had read elsewhere about turning on the "Force Cookie Use" feature so that was already on. I changed my configure.php settings to what you said and that didn't seem to make any difference at all. I'm at a total loss...

 

Mike

Link to comment
Share on other sites

The code for your SSL image:

 

COT("http://www.trianglebullseye.com/images/secure_site.gif", "SC2", "none");

Needs to be:

 

COT("images/secure_site.gif", "SC2", "none");

And this code in your footer.php will cause "non secure items" popup in IE.

 

  <script src=http://www.hostmonster.com/src/js/trianglebullseye/CODE11/300x50/1.gif></script>

If you post the code from your /includes/footer.php I'll show you how to get PHP to "skip over" it when in SSL mode.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

The code for your SSL image:

 

COT("http://www.trianglebullseye.com/images/secure_site.gif", "SC2", "none");

Needs to be:

 

COT("images/secure_site.gif", "SC2", "none");

And this code in your footer.php will cause "non secure items" popup in IE.

 

  <script src=http://www.hostmonster.com/src/js/trianglebullseye/CODE11/300x50/1.gif></script>

If you post the code from your /includes/footer.php I'll show you how to get PHP to "skip over" it when in SSL mode.

 

Jim,

Thanks for the response. I know that I have to fix the secure/unsecure issue but I haven't started that yet. I'm still working on the SSL problem.

 

thanks,

Mike

 

Here is my footer.php:

require(DIR_WS_INCLUDES . 'counter.php');

?>

<table border="0" width="100%" cellspacing="0" cellpadding="1">

<tr class="footer">

<td class="footer">  <?php echo strftime(DATE_FORMAT_LONG); ?>  </td>

<td align="right" class="footer"><?php echo 'Copyright © ' . date('Y') . ' ' . STORE_NAME ?>  </td>

</tr>

</table>

<table border="0" width="100%" cellspacing="0" cellpadding="1">

<tr>

<td><a href="http://www.instantssl.com">

<img src="images/horz_master_85pixels.gif" alt="SS" width="85" height="51" style="border: 0px;">

</a>  

<script src=http://www.hostmonster.com/src/js/trianglebullseye/CODE11/300x50/1.gif></script>  

<a href="http://www.oscommerce.com"><img src="images/oscommerce.gif" border="0" alt="osCommerce" title=" osCommerce " width="204" height="50"></a>

 </tr>

</td>

</table>

<br>

<?php

if ($banner = tep_banner_exists('dynamic', '300x50')) {

?>

<br>

<table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td align="center"><?php echo tep_display_banner('static', $banner); ?></td>

</tr>

</table>

<?php

}

?>

Link to comment
Share on other sites

This IS your SSL problem.....

 

MAKE A BACKUP.

 

Change this code:

 

<script src=http://www.hostmonster.com/src/js/trianglebullseye/CODE11/300x50/1.gif></script>  

to

 

<?php
if ( $request_type != 'SSL' ) {
?>
<script src=http://www.hostmonster.com/src/js/trianglebullseye/CODE11/300x50/1.gif></script>  
<?php
}
?>

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I changed my configure.php settings to what you said and that didn't seem to make any difference at all.

 

Well, when I clicked on any https link on your site before you made the changes I recommended I ended up on the cookie_usage.php page, so by changing the code as recommended the cookie problem has been corrected.

 

Now all you have to do is to sort out the "Secure/Insecure" messages - as pointed out by Jum.

 

Vger

Link to comment
Share on other sites

This IS your SSL problem.....

 

MAKE A BACKUP.

 

Change this code:

 

<script src=http://www.hostmonster.com/src/js/trianglebullseye/CODE11/300x50/1.gif></script>  

to

 

<?php
if ( $request_type != 'SSL' ) {
?>
<script src=http://www.hostmonster.com/src/js/trianglebullseye/CODE11/300x50/1.gif></script>  
<?php
}
?>

 

Jim,

You are the man! Thanks a ton. I owe you one. Sorry for being so slow but I get it now. I thought that was a totally separate problem and had nothing to do with it showing not secure.

 

I really appreciate the help.

 

take care,

Mike

Link to comment
Share on other sites

;)

 

Well, if I'm "the man", that makes Miss Anthony "the woman" 'cuz she had a hand in this success, too.

:lol:

 

You still have this code problem on your login page:

 

COT("http://www.trianglebullseye.com/images/secure_site.gif", "SC2", "none");

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

;)

 

Well, if I'm "the man", that makes Miss Anthony "the woman" 'cuz she had a hand in this success, too.

:lol:

 

You still have this code problem on your login page:

 

COT("http://www.trianglebullseye.com/images/secure_site.gif", "SC2", "none");

 

You are right. Miss Anthony is the woman. She started digging into my mess. I really do appreciate your help too Miss Anthony, please forgive me for my oversight. :blush:

 

I have the problem in a dozen files or so. I'm going to fix them now. Just a simple perl command...

 

after I backup, of course. B)

Link to comment
Share on other sites

While Miss Anthony is on the subject of "Force Cookie Use", I wonder if she could help me with my similar problem. I've wangled the code around a few different ways, but the result is always the same: if I enable "Force Cookie Use", people are redirected to "cookie_usage.php".

 

My SSL is for address "www.myaddress.com". My code is currently as follows.

 

define('HTTP_SERVER','http://www.myaddress.com');
 define('HTTPS_SERVER', 'https://www.myaddress.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.myaddress.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.myaddress.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

This was explored recently in this thread:

http://www.oscommerce.com/forums/index.php?showtopic=304020

... but I think Sam gave up on me. Do you have any ideas?

 

Thanks,

~Wendy

Link to comment
Share on other sites

First, I've always heard that forcing cookie use isn't a good idea.

 

And I've always told people to set these:

 

  define('HTTP_COOKIE_DOMAIN', 'www.myaddress.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.myaddress.com');

Like this:

 

  define('HTTP_COOKIE_DOMAIN', '.myaddress.com');
 define('HTTPS_COOKIE_DOMAIN', '.myaddress.com');

Although, I pretty certain this works as well:

 

  define('HTTP_COOKIE_DOMAIN', 'myaddress.com');
 define('HTTPS_COOKIE_DOMAIN', 'myaddress.com');

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Okee-dokee, I'll try that. I was just concerned that the

 

define('HTTPS_COOKIE_DOMAIN', '.myaddress.com');

 

would be incorrect if the SSL address started with a "www." (as mine does).

 

I got the idea that forcing cookie use was a good idea from a thread that had been posted by someone who had a problem with users being able to accidentally initiate simultaneous sessions, etc. The advice was to enable "Force Cookie Use" and also enable "Recreate Session".

 

Why is "Force Cookie Use" a bad idea, in your opinion? *interested*

 

Thanks,

~Wendy

Link to comment
Share on other sites

The settings I posted work regardless if your SSL cert is for "www.myaddress.com" or just "myaddress.com".

 

Forcing cookie use is bad only beacause many people have the misconception that you can get a virus from cookies (ludicrous because a cookie is just a text file), so they disable cookies.

 

Granted, there are "tracking cookies" that some sites can use to "track" your wanderings in cyberspace (to a point), but it's not a serious threat to your privacy (IMHO)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

First, I've always heard that forcing cookie use isn't a good idea.

 

And I've always told people to set these:

 

  define('HTTP_COOKIE_DOMAIN', 'www.myaddress.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.myaddress.com');

Like this:

 

  define('HTTP_COOKIE_DOMAIN', '.myaddress.com');
 define('HTTPS_COOKIE_DOMAIN', '.myaddress.com');

Although, I pretty certain this works as well:

 

  define('HTTP_COOKIE_DOMAIN', 'myaddress.com');
 define('HTTPS_COOKIE_DOMAIN', 'myaddress.com');

 

Psssst... it works! Both ways. ;)

 

And now that it's working, please let me know what you've heard about it's being a bad idea.

 

~Wendy

Link to comment
Share on other sites

:lol:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Oops, we posted simultaneously.

 

Thanks for the info! Yes, people have weird ideas about cookies. Still, if they don't actually assist with functionality, I see no reason to force them.

 

Have you any info on what functions cookies serve in osCommerce? Will a user with "cookies disabled" in their browser have quite a different experience in some way? Are there a lot of folks with "cookies disabled", who will be put off if one "forces" cookie use?

 

I have a feeling the answer is yes to that last one. Drat. Just when I got it working... :rolleyes:

Link to comment
Share on other sites

I know for sure osC uses the cookie to store the session ID

 

Without that, people may not be able to stay logged in, their shopping cart may empty, etc.

 

Not a pretty picture for an e-store.

 

Basically the cookie usage page is telling the user to turn cookies on (for that site at least) or shop elsewhere...

:blush:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Cool! I think for now I will not "force" cookie use, but instead see what user feedback is like regarding the site once it's operational.

 

We are almost ready for lift-off... just waiting for our payment gateway to give us our magic bat-password to connect with their service. :lol:

 

Thanks again,

~Wendy

Link to comment
Share on other sites

If you don't use cookies, I think you have to change to this in your catalog configure file:

 

  define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

If it isn't already.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Hello Jim. Thanks for offering everyone your help here. If you would be so kind, I too need a bit of assistance.

 

I recently purchased the Standard SSL Certificate from Godaddy and not sure if this is normal or if I have a problem:

 

The site I have the certificate set up on is still in the works (link below). We will sell beaded jewelry and the credit card transactions are all handled through 2CO - so I don't need to worry about locking down a page or my site for that.

 

What I did buy the certificate for was to let people know when they sign up for an account (name, address, phone, etc) on our site, all that information will be transmitted through our website and over the Internet encrypted.

 

So question 1 is, is this line of reasoning what people get certificates for sometimes? Or did I buy it for the wrong reasons?

 

The main problem I'm having is this:

 

If you go to the login page (or any page with the "s" after http) https://jenenichelle.com/login.php you will notice in the address bar and status bar of our site that the little pad lock is locked with a line through it. It says this means some items on this site are secure and some aren't.

 

How do I get it so the line disappears and the pages where people enter in information on a form is "locked" and secured?

 

Or is it suppose to be like this?

 

Here's the code in my include/configure.php file:

 

<?php
 define('HTTP_SERVER', 'http://jenenichelle.com');
 define('HTTPS_SERVER', 'http://jenenichelle.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'jenenichelle.com');
 define('HTTPS_COOKIE_DOMAIN', 'jenenichelle.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');

 

Also in my admin/includes/configure.php is:

 

<?php
 define('HTTP_SERVER', 'https://jenenichelle.com');
 define('HTTP_CATALOG_SERVER', 'https://jenenichelle.com');
 define('HTTPS_CATALOG_SERVER', 'https://jenenichelle.com');
 define('ENABLE_SSL_CATALOG', 'true');

 

Any ideas why I can't get the pad lock, locked?

 

Thanks.

Link to comment
Share on other sites

Start here:

 

/includes/configure.php

 

Change this;

 

 define('HTTPS_SERVER', 'http://jenenichelle.com');

to

 

 define('HTTPS_SERVER', 'https://jenenichelle.com');

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

You are a genius. One letter. One letter!!!!

 

Thank you so much for making my life a little easier now. Works fine.

Link to comment
Share on other sites

... and yepp, lots of people get SSL for their site even if it is not "required", because it allows people to feel more secure about transmitting personal information, and thus facilitates business.

 

~Wendy

Link to comment
Share on other sites

... and yepp, lots of people get SSL for their site even if it is not "required", because it allows people to feel more secure about transmitting personal information, and thus facilitates business.

 

~Wendy

 

 

Thank you Wendy. I was still wondering about that. You guys are great!

 

Now, does anyone know how I'm suppose to edit this index.php template using Dreamweaver MX ver. 7? I open it and the design area just gives me a bunch of little boxes that say "php" - all the images, text, and everything else is not there.

 

Obviously, this is a topic outside of SSL - any ideas where I can go to find this info?

 

Thanks again,

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...