SSL issues

[WoodsWalker]

Quick reply here as I'm on the run. When I began my adventure with osCommerce in April, I was well-versed in HTML but had no PHP experience - just a manual of which I had read the first chapter! (I'm now on Chapter 3 :D )

 

So, when I pulled up PHP pages in Dreamweaver, I was a little confused - why could I not see anything??

 

Before long, I gathered that PHP can only be "parsed" by a web server - not by one's local box. Aha! So, that's why you don't see the page rendered in Dreamweaver's "design view".

 

I just had to orient myself gradually to the look of PHP and HTML code all mixed up together in Dreamweaver's "code view". After making changes to a PHP file (always back-up!), I then upload my brilliant work to my hosting server to view it through my browser. Some people with more resources use a "testing server" as an intermediate.

 

There are certain programs you can put on your local computer that emulate a server environment and render PHP - maybe. I've never been tempted to try them because they seem fraught with problems. Someone more knowledgeable can advise you if you want to try this out.

 

Hope this helps!

~Wendy

[Guest]

Yes it helps, thank you. I'm slowing seeing all this.

 

What a pain it is compared to simple html and css.

[WoodsWalker]

What a pain it is compared to simple html and css.

 

Hee! :P But it does a whole lot of neat stuff.

[lemon106]

Hi! I need some SSL help...

 

Currently, my payment form is not SSL protected. Granted, all of the payment information goes directly to our e-merchant, but I'd like people to know that they are secure when they make a purchase using our form.

 

I checked with our hosting company and found out that we have a shared SSL certificate we can use -- but people have to be routed through https://moccasin.site-secure.net/askroland rather than just http://www.askroland.com

 

I read in a help forum from the hosting help site that I should just need to change a little code and I'll be set. I just want to set it up so that the payment form is secure for our customers.

 

Here's what the posting said:

"Submitting Data through SSL to CGI and PHP applications

 

The HTML code for a form page begins with a tag that looks like this:

 

<form action="http://yoursite.com/cgi-bin/something.cgi" method="POST">

 

It is the action part we are interested in here. This is the URL that the contents of the form will be sent to when the submit button is pressed. This is where we should use the https:// URL, so that the data is submitted over the secured channel. e.g.

 

<form action="https://eggplant.site-secure.net/yoursite/cgi-bin/something.cgi" method="POST">

 

Note here that it is not necessary to load the order page itself over https:// [who would be interested in a blank order form?] only to specify that the data be submitted ['form action'] over SSL.

 

Since most CGI's respond to a successful operation by returning HTML data [i.e. an order confirmation] this information will be returned down the same https:// channel that was used to submit the data."

 

I've looked all over my catalog files and can't find anything that says <form action=...>. I'm guessing this is because all of our pages our php.

 

Could anyone give me specific instructions on how to do this? Also, if you've had any experience with this, could you confirm for me whether people are going to be alerted that other pages are not secure? Since the payment form is really the only area of the site that has any secure data being sent from it, I don't know why it would matter -- but I know people get nervous when they see a warning that something isn't secure.

 

Thanks for any help!

Nicole

[Guest]

Wouldn't this be easier (and work)?

 

First, go to your web host and purchase a dedicated IP address and get yourself a certificate request (if you don't know how, email tech support - they can tell you how). Then go to Godaddy.com and purchase one of their Standard SSL Certificates (good and still much cheaper than anywhere else).

 

Once you purchase the certificate and give them your certificate request code you should get an email from them with a link as to where to download a zip file.

 

You then email that zip file (or it's location) to your web hosting company's tech support and they will set it up.

 

Then for any secured pages you want, link to "https" and the little pad lock will lock in the address bar to let visitors know this site is secure and data transmitted will be encrypted.

[lemon106]

Wouldn't this be easier (and work)?

 

First, go to your web host and purchase a dedicated IP address and get yourself a certificate request (if you don't know how, email tech support - they can tell you how). Then go to Godaddy.com and purchase one of their Standard SSL Certificates (good and still much cheaper than anywhere else).

 

Once you purchase the certificate and give them your certificate request code you should get an email from them with a link as to where to download a zip file.

 

You then email that zip file (or it's location) to your web hosting company's tech support and they will set it up.

 

Then for any secured pages you want, link to "https" and the little pad lock will lock in the address bar to let visitors know this site is secure and data transmitted will be encrypted.

 

 

Thanks for the response. I was hoping to do the option that is through the hosting company since it would be free -- but the godaddy.com certificate would also be a good option.

 

With either option, I would need to link to "https" like you mentioned -- and that's the part that I am unsure of how to do in the osCommerce php files. If anyone could provide specific instuctions of which files and code I need to change, that would be so helpful.

 

Thank you!

[germ]

How to install SSL on OSC: A Simple 1-2-3 Instruction, Simple, straighforward instructions