Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HELP! HELP! SSL, Redirect Loop, Site is Down?


centrios40

Recommended Posts

Posted

ok, so i just got my host to install a PostivePlus SSL certificate.

 

its installed, and because the entire site has to be forwarded to www.domain.com, but my site now doesn't work.

 

i keep getting these "redirect loops"

 

"Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked.

 

The browser has stopped trying to retrieve the requested item. The site is

 

redirecting the request in a way that will never complete.

 

* Have you disabled or blocked cookies required by this site?

* NOTE: If accepting the site's cookies does not resolve the problem, it is probably a server configuration issue and not your computer."

 

my host says either remove the redirect (remove the protection) or theres something wrong with the PHP of oscommerce.

 

Here's their response:

I apologize for the trouble that you have been having, but the SSL certificate is installed. I have checked your site and the reason that it's coming back as being not-secure is because you have attributes of your site that are not being transferred over an encrypted source. For example, there are several links and images that are being sent over http instead of https. You can view this by checking your source code and by also examining the SSL certificate (along with the information that firefox displays about the page involving SSL).

If there is anything else that we can assist you with please do not hesitate to let us know.

 

i have no idea what the hell their talking about, and I certainly have no idea how to fix the problem.

Posted
anyone?

 

I'm not sure what the redirect loop is all about. I guess the first thing to check is your 2 configure.php files in admin/includes/configure.php and includes/configure.php. There was another topic today in which I posted example settings, plus others contributed their thoughts too. Perhaps you might like to take a look at that to see if your configure.php files are OK now that you've added the SSL certificate.

 

The particular post I'm refering to is post #9 here. It's a start at least.

Posted

Hello, it seems I am having a similar, but not exactly the same problem as: this post

 

my website is this: www.ghilliegear.com

 

if you look at the bottom, you can see the gold lock, but it has a red question mark..

clicking on product links, returns errors. i can't login into my admin area either. it keeps saying wrong login credentials.

 

this is pure havoc, its annoying me beyond belief!

 

I told my Host Company to install the SSL certificate on the entire site, they said to "i should install it" only in the cart, login, create an account area, etc.

 

this is what my includes/configure.php file looks like:

 

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://ghilliegear.com'); // eg, [url="http://localhost"]http://localhost[/url] - should not be empty for productive servers
 define('HTTPS_SERVER', ''); // eg, [url="https://localhost"]https://localhost[/url] - should not be empty for productive servers
 define('ENABLE_SSL', false); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'ghilliegear.com');
 define('HTTPS_COOKIE_DOMAIN', '');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

when i try to edit "define('ENABLE_SSL', false)" to "true" includes/configure.php in keeps giving me this error: [a fatal error or timeout occurred while processing this directive]

Posted

Can anyone tell me why so many people are having problems with their config files? I just don't get it.

 

You are trying to SSL(https) and not defining what it should be. How do you think it can work? Try this. Make sure to fill in your db info. You may also want to check the config file in your admin/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://ghilliegear.com'); // eg, [url="http://localhost"]http://localhost[/url] - should not be empty for productive servers
 define('HTTPS_SERVER', ''); // eg, [url="https://localhost"]https://localhost[/url] - should not be empty for productive servers
 define('ENABLE_SSL', false); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'ghilliegear.com');
 define('HTTPS_COOKIE_DOMAIN', '');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

when i try to edit "define('ENABLE_SSL', false)" to "true" includes/configure.php in keeps giving me this error: [a fatal error or timeout occurred while processing this directive]

Posted

UPDATE:

 

I've been able to stop the redirect.

but... i still can't login to my admin area.

 

and the gold lock still shows a question mark.

Posted
Can anyone tell me why so many people are having problems with their config files? I just don't get it.

 

You are trying to SSL(https) and not defining what it should be. How do you think it can work? Try this. Make sure to fill in your db info. You may also want to check the config file in your admin/

 

so i did what you outlined, and i dunnoo. it didn't change much, like i said in my previous post, i resolved the redirect this. before i did, i don't know what this was suppose to do.

Posted

You have an error in your admin/includes configure.php file.

 

You have this.

 

ghilliegear.com/admin/www.ghilliegear.com/admin/login.php

Posted
You have an error in your admin/includes configure.php file.

 

You have this.

 

ghilliegear.com/admin/www.ghilliegear.com/admin/login.php

 

i dont see that anywhere in the configure.php file

Posted
i dont see that anywhere in the configure.php file

What I meant was, that particular url string is showing in the locator(url) bar when going to admin.

 

When you type ghilliegear.com/admin

 

it should look like this

 

ghilliegear.com/admin/login.php

 

If you're unsure on what to do, post your config from admin.

Posted
What I meant was, that particular url string is showing in the locator(url) bar when going to admin.

 

When you type ghilliegear.com/admin

 

it should look like this

 

ghilliegear.com/admin/login.php

 

If you're unsure on what to do, post your config from admin.

 

Here it is:

 

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'www.ghilliegear.com'); // eg, [url="http://localhost"]http://localhost[/url] - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'www.ghilliegear.com');
 define('HTTPS_CATALOG_SERVER', 'www.ghilliegear.com');
 define('ENABLE_SSL_CATALOG', 1); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home2/ghillieg/public_html/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home2/ghillieg/public_html/admin/'); // absolute pate required
 define('DIR_WS_CATALOG', '/'); // absolute path required
 define('DIR_FS_CATALOG', '/home2/ghillieg/public_html/'); // absolute path required
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

another thing, now i noticed my site gets forwarded to https://

 

i don't want this.

 

what areas of my site do i actually need the ssl certificate? (login, checkout, my account, signup - right?)

 

and is it possible to have the ssl certificate only apply to these sections? because its making my whole site slow.

Posted

it should do that automatically because the standard osc links tell it too.. So, forinstance, if you went into header.php and saw the links for login, my account, cart, ect..

 

they would look like this

 

tep href_link (FILENAME_ACCOUNT' , 'SSL' , );

 

where as non-SSL pages do not have the 'SSL'

A great place for newbies to start

Road Map to oscommerce File Structure

DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways!

 

HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you

 

Proud Memeber of the CODE BREAKERS CLUB!!

Posted
UPDATE:

 

I've been able to stop the redirect.

but... i still can't login to my admin area.

 

and the gold lock still shows a question mark.

Its still redirecting to https. Is this being done in.htaccess?

 

Here it is:

 

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'www.ghilliegear.com'); // eg, [url="http://localhost"]http://localhost[/url] - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'www.ghilliegear.com');
 define('HTTPS_CATALOG_SERVER', 'www.ghilliegear.com');
 define('ENABLE_SSL_CATALOG', 1); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home2/ghillieg/public_html/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home2/ghillieg/public_html/admin/'); // absolute pate required
 define('DIR_WS_CATALOG', '/'); // absolute path required
 define('DIR_FS_CATALOG', '/home2/ghillieg/public_html/'); // absolute path required
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

another thing, now i noticed my site gets forwarded to https://

 

i don't want this.

 

what areas of my site do i actually need the ssl certificate? (login, checkout, my account, signup - right?)

 

and is it possible to have the ssl certificate only apply to these sections? because its making my whole site slow.

Yes those pages will bee SSL only if you have enable SSL set to true or 1 in your config files. Both admin and catalog.

Try this for your admin config file. Remember to fill in your db info.

<?php
/*
 $Id: configure.php 1739 2007-12-20 00:52:16Z hpdl $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2002 osCommerce

 Released under the GNU General Public License
*/

// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
 define('HTTP_SERVER', 'http://www.ghilliegear.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.ghilliegear.com');
 define('HTTPS_CATALOG_SERVER', 'https://www.ghilliegear.com');
 define('ENABLE_SSL_CATALOG', 1); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home2/ghillieg/public_html/'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
 define('DIR_WS_ADMIN', '/admin/');
 define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
 define('DIR_WS_CATALOG', '/');
 define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
 define('DB_SERVER', '');
 define('DB_SERVER_USERNAME', '');
 define('DB_SERVER_PASSWORD', '');
 define('DB_DATABASE', '');
 define('USE_PCONNECT', 'false');
 define('STORE_SESSIONS', 'mysql');
?>

 

it should do that automatically because the standard osc links tell it too.. So, forinstance, if you went into header.php and saw the links for login, my account, cart, ect..

 

they would look like this

 

tep href_link (FILENAME_ACCOUNT' , 'SSL' , );

 

where as non-SSL pages do not have the 'SSL'

Kinda yes. They will only go to https if enabled in the configs. If enable is set to 0 or false then the http link will be used even if the says to use SSL

Posted

Yes, an important point not to miss from Brian's reply above is:

define('HTTP_CATALOG_SERVER', 'http://www.ghilliegear.com');

define('HTTPS_CATALOG_SERVER', 'https://www.ghilliegear.com');

 

You need to correct these in your configure.php file. You had the http:// and https:// part missing.

 

I'm not sure you have fixed your redirect problem... I'm still getting this back

HTTP/1.x 301 Moved Permanently
Date: Mon, 20 Oct 2008 07:56:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Location: https://www.ghilliegear.com/
Content-Length: 417
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

when I browse to http://www.ghilliegear.com

Posted

Regarding your padlock, you need to sort out your server first (the http and https mentioned above) before you can fix this.

 

However, it does seem that you have a number of inconsistencies even ignoring which mode (http or https) the images are coming from. Some images are requested from www.ghilliegear.com, others from ghilliegear.com, so you need to tidy that up. You should presumably have all images coming from www.ghilliegear.com.

 

You also have one image coming from here "http://s9.addthis.com/button1-addthis.gif" (the social bookmarks one). There will still be the padlock problem with that one if you intend to call it from one of your secure pages (https mode). If someone logs in, then presumably this will be the case. Perhaps you'll need to copy it to your own server and then call it in a similar way to other images?

 

The 2 problem images on your home page I can see are:

http://ghilliegear.com/favicon.ico

http://ghilliegear.com/siteimages/hp-image/welcomeimage1.jpg

 

I think you need to look how you're calling both these. In the case of favicon.ico, the best way would probably be to use a relative link, like so:

<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">

Then it will be correctly called according to which server mode you're in. Obviously, that means editing all the top level .php files that contain it... just about all of them. :)

Posted

What is your username and password? If you have forgtten then go to your database using phpmyadmin. Click on the administrators table. Then click on the empthy tab at the top. On the page that follows MAKE SURE IT IS ONLY THE ADMINISTRATORS TABLE that is being emptied. Click yes. to empty.

 

Go back to your stores admin page and it will ask to enter a new username and password. Once you do that you will have to enter them in again to login.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...