GwilliamP Posted September 4, 2008 Posted September 4, 2008 Hi, I know this is an old chestnut but I can not find the answer after a lot of searching. I have a dedicated SSL (domain, not www.domain) and a fixed IP. My config.php is as follows; <?php define('HTTP_SERVER', 'http://thestoreindevon.com'); define('HTTPS_SERVER', 'https://thestoreindevon.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'thestoreindevon.com'); define('HTTPS_COOKIE_DOMAIN', 'thestoreindevon.com'); define('HTTP_COOKIE_PATH', '/shop/'); define('HTTPS_COOKIE_PATH', '/shop/'); define('DIR_WS_HTTP_CATALOG', '/shop/'); define('DIR_WS_HTTPS_CATALOG', '/shop/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/www/thestoreindevon.com/shop/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); <snip> DB info </snip> ?> I would have expected that user account and checkout pages would be https but they are all http. If, for example, I access the Change Password page it has an http address but if I manually change the address to https FireFox warns me that the page contains unauthenticated content. Is there an error in the above config.php or has my host botched the SSL install?
germ Posted September 4, 2008 Posted September 4, 2008 osC isn't recognizing the cue from the server that SSL is on. Try this: In your /shop/includes/application_top.php find this line (about line 41): $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; Change it to: $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; It's always a good idea to backup any file before making any edits. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
GwilliamP Posted September 4, 2008 Author Posted September 4, 2008 Jim, I gather from your post that config.php is correct. I initially thought it was me being a dummy and not seeing an error. Change made as you suggested; // set the type of request (secure or not) // $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; No changes seen in the site behaviour. I am using Change Password to test as, until it is working, I have no idea which ought to be secure. Paul <edit> I have no idea if this helps but the following are all the ssl references I can find inthe phpinfo() for the server; Configure Command <snip> '--with-openssl=/usr'</snip> CURL Information libcurl/7.15.5 OpenSSL/0.9.7e zlib/1.2.2 libidn/0.6.5 OpenSSL support enabled OpenSSL Version OpenSSL 0.9.7e 25 Oct 2004 pqsql SSL support enabled </edit>
germ Posted September 4, 2008 Posted September 4, 2008 OK. Before we try anything else, let's be sure there's nothing thwarting our efforts. Check to see if this file exists on your site: /shop/includes/local/configure.php If it exists, it may have a line like this: define('ENABLE_SSL', 0); If so, alter it to this: define('ENABLE_SSL', 1); And if it has a line for HTTPS_SERVER it should look like this: define('HTTPS_SERVER', 'https://thestoreindevon.com'); // eg, https://localhost - should not be empty for productive servers Let me know what you find out. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
GwilliamP Posted September 4, 2008 Author Posted September 4, 2008 OK. Before we try anything else, let's be sure there's nothing thwarting our efforts. Check to see if this file exists on your site: /shop/includes/local/configure.php All that is in the folder is README
germ Posted September 4, 2008 Posted September 4, 2008 OK. In your /shop/includes/application_top.php change the line we changed earlier to this instead: $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; Any better? :unsure: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
GwilliamP Posted September 4, 2008 Author Posted September 4, 2008 OK. In your /shop/includes/application_top.php change the line we changed earlier to this instead: $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; Any better? :unsure: Unfortunately not. I still see http://thestoreindevon.com/shop/account_password.php
germ Posted September 4, 2008 Posted September 4, 2008 Copy the text in the CODE box below into a text editor (Notepad) on your PC: <?php echo 'HTTP HOST: ' . "$HTTP_HOST"; echo '<br>Server Port: ' . getenv('SERVER_PORT'); echo '<br>SSL Status: ' . getenv('HTTPS'); echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER'); echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST'); echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY'); ?> Save it as myenv.php Upload it into your /shop folder on your server. Then, access it using this link: Click me It will output some text to your browser. Copy/paste that output into your next post. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
GwilliamP Posted September 4, 2008 Author Posted September 4, 2008 Hmm, NOT so good! HTTP HOST: thestoreindevon.com Server Port: 80 SSL Status: Fowarded Server: Fowarded Host: Fowarded By: I am no expert but all those blanks look wrong.
germ Posted September 4, 2008 Posted September 4, 2008 If you had used the link I provided (which was necessary) you would have gotten: HTTP HOST: thestoreindevon.comServer Port: 443 SSL Status: on Fowarded Server: Fowarded Host: Fowarded By: But that only tells me that either one of these should have worked: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; So pick one and make the appropriate change in application_top.php I'd change it back to the original code. In your /shop/index.php does it have a line like this in the <head> section: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> :unsure: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
GwilliamP Posted September 4, 2008 Author Posted September 4, 2008 Ooops. I did a mouse over of the link, saw the /myenv.php and modified the address in my browser. I was in a rush and missed the https. Sorry. You were correct, it came back as below. HTTP HOST: thestoreindevon.com Server Port: 443 SSL Status: on Fowarded Server: Fowarded Host: Fowarded By: I have returned application_top.php to; $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; index.php has the line exactly as you posted, it is on line 44 but <head> does not exist anywhere in the file
germ Posted September 4, 2008 Posted September 4, 2008 Unless you have some mod rewrite going on in your .htaccess file in your /shop folder I'm clueless. :huh: Everything you've posted tells me it should be working. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
GwilliamP Posted September 4, 2008 Author Posted September 4, 2008 Unless you have some mod rewrite going on in your .htaccess file in your /shop folder I'm clueless. :huh: Everything you've posted tells me it should be working. I have seen vague references forum to .htaccess but have no clue how to use it. It seems that every folder has one but I have not touched them. I just checked and every line starts with a #. It looks like I have a shiny new business that NOBODY will buy from due to no security! Could it possibly be down to a botched SSL install by the hosting company?
germ Posted September 4, 2008 Posted September 4, 2008 It's installed correctly as far as I can tell. If you say no to the "non-secure items" popup (in IE) the padlock appears in the address bar. Looking at the HTML source, this is the problem: <base href="http://thestoreindevon.com/shop/"> When in SSL mode it should be: <base href="https://thestoreindevon.com/shop/"> And everything you've posted tells me the osCommerce code should be detecting SSL and making adjustments for it, yet it doesn't. I don't have a clue where to look or what to try any longer. :( If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
GwilliamP Posted September 5, 2008 Author Posted September 5, 2008 I don't have a clue where to look or what to try any longer. :( Well that makes 2 of us. I thought it all looked OK, hence the initial post. All I can think of is doing a fresh install in say /test and see what that does. The hosting company does offer a 'Zacky Tools Installer - oscommerce-2.2rc2a' that installs into /catalog. I could try that and see if it works. I dumped it as I prefer /shop. IF it works I will compare the installs and see if I can see what the diffs are. To be honest, I am not too hopefull. Thanks for trying, Paul.
germ Posted September 8, 2008 Posted September 8, 2008 I see you have it working. ;) When you view your site in SSL mode with IE7 you get the "nonsecure items" popup. This is part (if not all) that is responsible: <table style="width: 1004px; height: 2032px; text-align: left; margin-left: auto; margin-right: auto;" background="http://thestoreindevon.com/shop/images/border-thestoreindevon2.gif" border="0" cellpadding="0" cellspacing="0"> You've got a direct HTTP link to an image. :blush: I believe this would work, and not cause problems in IE: <table style="width: 1004px; height: 2032px; text-align: left; margin-left: auto; margin-right: auto;" background="/shop/images/border-thestoreindevon2.gif" border="0" cellpadding="0" cellspacing="0"> At least this didn't muck it up using the Web Developer plugin in Firefox. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
GwilliamP Posted September 9, 2008 Author Posted September 9, 2008 I see you have it working. ;) When you view your site in SSL mode with IE7 you get the "nonsecure items" popup. This is part (if not all) that is responsible: <table style="width: 1004px; height: 2032px; text-align: left; margin-left: auto; margin-right: auto;" background="http://thestoreindevon.com/shop/images/border-thestoreindevon2.gif" border="0" cellpadding="0" cellspacing="0"> You've got a direct HTTP link to an image. :blush: I believe this would work, and not cause problems in IE: <table style="width: 1004px; height: 2032px; text-align: left; margin-left: auto; margin-right: auto;" background="/shop/images/border-thestoreindevon2.gif" border="0" cellpadding="0" cellspacing="0"> At least this didn't muck it up using the Web Developer plugin in Firefox. DoooH! Fixed that. Adding that background (pseudo border) was one of the first things I did before I fully understood how osC deals with images. B.T.W. I hate to admit the reason for my initial problem but here goes. I edit localy and FTP the edits to the server. Somehow an edit to configure.php had not been uploaded leaving out a vital "HTTPS_SERVER', 'https://". It was still reading "HTTPS_SERVER', 'http://" :angry: Once that missing 's' was uploaded everything worked. Everything in this thread was from me checking local files and not the loaded ones - MAJOR lesson learnt. Thanks for taking/wasting your time on all of this. Paul.
germ Posted September 10, 2008 Posted September 10, 2008 I had the same thing happen when I was helping someone else with SSL problems (they were posting "local" files, not reading them off the server). I had forgotten about that. This reminds me to ask that question next time everything looks OK, but it still doesn't work. As long as you got it working, that's what's important, and it wasn't a waste of time. :) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
BarrySmith Posted September 28, 2008 Posted September 28, 2008 Hi Jim, As advised on another thread I added the above code to my website (I am not sure but I do not appear to have a shop folder as the shop is my homepage) and got the following output when accessing it from your link: HTTP HOST: thestoreindevon.com Server Port: 443 SSL Status: on Fowarded Server: Fowarded Host: Fowarded By: Also when I add the file to the end of my site I get the following output: HTTP HOST: Server Port: 80 SSL Status: Fowarded Server: Fowarded Host: Fowarded By: and if I try and access it by adding https, I get the following output in a window: Alert www.mysite.co.uk has sent an incorrect or unexpected message. Error Code: -12263 Any idea why this maybe Jim? I have built an online store solely with the help of this forum.
BarrySmith Posted September 28, 2008 Posted September 28, 2008 Hi Jim, If it helps, I have posted the contents of the configure file below ( the file is located within public_html/includes: <?php define('HTTP_SERVER', 'http://www.mywebsite.co.uk'); define('HTTPS_SERVER', 'https://www.mywebsite.co.uk'); define('ENABLE_SSL', false); define('HTTP_COOKIE_DOMAIN', 'mywebsite.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'mywebsite.co.uk'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', ''); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/snorings/public_html/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); define('DB_SERVER', 'localhost'); define('DB_SERVER_USERNAME', 'XXXXX'); define('DB_SERVER_PASSWORD', 'XXXXXX'); define('DB_DATABASE', 'XXXXX'); define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', 'mysql'); //// BOF phpBB2 Integration v1.3 // define phpbb2 path define('DIR_WS_PHPBB', '/phpbb2/'); //// EOF phpBB2 Integration v1.3 ?> I have built an online store solely with the help of this forum.
GwilliamP Posted September 28, 2008 Author Posted September 28, 2008 Hi Peter/Barry, I can see 2 issues - 1 from each post. 1st post, HTTP HOST: thestoreindevon.com That's MY domain - bugger off and get your own! :angry: 2nd post, define('ENABLE_SSL', false); Needs to be define('ENABLE_SSL', true); Warning - As i am the plonker that started this thread, this may not be the definitive solution.
germ Posted September 28, 2008 Posted September 28, 2008 Error Code: -12263 When your browser returns that it usually means one of two things. 1. SSL isn\'t installed at all. 2. SSL isn\'t installed correctly. :blush: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
BarrySmith Posted September 28, 2008 Posted September 28, 2008 Thanks for that, The error message that you quoted Jim appears in a XP error window and appears if I change the false to true. Sorry for using your website Paul -was not intential. By the way, as mentioned before, when i run the script on my domin at www.mysite.co.uk/myenv.php, I get the following error: HTTP HOST: Server Port: 80 SSL Status: Fowarded Server: Fowarded Host: Fowarded By: Any ideas at all, as I am totally lost! Regards. Peter. I have built an online store solely with the help of this forum.
germ Posted September 28, 2008 Posted September 28, 2008 You have to purchase and install a SSL certificate, or use the shared SSL your host may have. It's not something you can just "turn on" and get to work. I'm not sure if you realize that or not. :unsure: If your host has shared SSL, and you wish to use that, you need to ask them what the HTTPS URL to your shop would be. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
BarrySmith Posted September 28, 2008 Posted September 28, 2008 Hi Jim, To be honest this is not something that I was at all aware off. I have spoken to my host ( Dathorn), they said that I need to buy SSL subcription for 1 year. Can this work withouth ssl? Regards. Pari. I have built an online store solely with the help of this forum.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.