SSL Problem on IIS server "Nonsecure items"

[artmonkey]

Hello all:) I've just started designing my OSCommerce website a month ago and already have a web hosting account with webhost4life.com. I thought it would make sense to use it for my OSCommerce website.

 

I've purchased the proper SSL for this, but I've had a lot of trouble getting my account login pages secure in new versions of internet explorer. It comes up, "This page contains secure and non secure items." Admin is also coming up "You are not secured by an SSL connection."

 

I've researched this problem for days with no luck. This DOES NOT seem to be a "http://" link anywhere coming up nonsecure. I have contacted my hosting and the last message I received was -

 

"Dear client, sorry to tell you that this issue can be handled by mod_write, however, it is unavailable in windows hosting environment."

 

Should I dump this hosting and purchase new hosting? I've spent so much time and a bit of money on this. Or is there a way to solve this issue in the configure.php files? I do hope so. Any help will be much appreciated!!

 

ArtMonkey.

[germ]

Post (or PM me) your URL and I'll find it.

 

It's caused by scripts or images from http sources on an https page.

[germ]

osC isn't recognizing the cue from the server that SSL is on.

 

Try this:

 

In your /includes/application_top.php find this line (about line 41):

 

  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Change it to:

 

  $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

It's always a good idea to backup any file before making any edits.

 

Let me know.

 

If this doesn't work there are other ways to find the info to get it to work.

[artmonkey]

No luck. Is there anything else we can try?

[germ]

Try what is in this post:

 

Click Me

 

I'll be around for the results.

;)

[germ]

Same thread different post:

 

Click Me

 

Make and upload the myenv.php file into your root folder, then post again or PM me.

[artmonkey]

Hi. Thanks! B) That's much batter.

 

First of all I uploaded the myenv.php file and then I changed the -

 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

to

 

// set the type of request (secure or not)

// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

$request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

as instructed at the bottom of the thread.

 

I had a play around and removed the myenv.php and the annoying pop-up is gone anyway!

 

So the second bit of code must have solved the issue anyway! I've removed the myenv.php permanently, but what was it supposed to have done?

 

One very small issue that I have noticed is the pages all stay at https:// whatever pages I browse after selecting login.php (not singing in, just viewing the page). It goes back to http:// when I sign in and log out fine.

 

But is so much better than how it was before with the annoying pop-up. Nice one :)

 

Oh, and I still have the, 'You are not protected by a secure SSL connection.' message in admin, but the browser says, https:// . Any ideas?

[germ]

I made an account and the only links that stay https after login are the ones across the top.

 

Has to be in the way the code is written.

 

The myenv.php was just to display server varaibles that would most commonly be used to detect when SSL is active.

 

Oh, and I still have the, 'You are not protected by a secure SSL connection.' message in admin, but the browser says, https:// . Any ideas?

Even if you access your admin with an httpS url?

:unsure:

 

That's bizarre....

:blink:

[artmonkey]

Yes. I'll investigate this tonight. I'll read through the changes my web hosting made just in case they did something when they were helping me before.. Thanks again for your help :) I thought I'd never get this site working.

 

The following link is a to my friend's website. He is the guy who got me into using oscommerce. Click on 'account', but don't sign in or create an account. Just click on a link, eg 'specials.' You'll find the address bar goes back form https:// to http:// properly... if you see what i mean. On my website it stays at https:// :blink:

[artmonkey]

My friend's website which doesn't have the odd glitch - http://www.creativetools.co.uk

[artmonkey]

My friend's website which doesn't have the odd glitch - http://www.creativetools.co.uk

 

Ignore my last post. Yes. I see. That's odd. I'll have a play around. thanks. I wonder why it's doing that on the ones along the top.. hmmm...

[germ]

The account link along the top needs to be https

:blush:

[artmonkey]

Thank you! I'm using an sts_template which my friend was kind enough to upload for me in the beginning. He has a similar issue I noticed at his new oscommerce site: http://www.onestopecommerce.co.uk It's practically the template he gave me in the beginning. It's very good in a lot of ways, but it may have been an idea to have started with the basic oscommerce package to learn the ropes. I'm getting more used to it all now. I'm adding direct links along the options at the top of my page, but with '?$sid' at the end. seems to be doing the trick (i think). :blink: