mondos Posted January 22, 2003 Posted January 22, 2003 Hi people! I have installed ssl for catalog and for admin, and it is enabled in the configurations files, but in the admin section it happens as follows: - In the main page of admin I have the "You are protected by a unknown secure SSL connection", so everything seems to work well, BUT - when I click in any link I go always to a non ssl page What is happening? I have SSL set to true in configure.php but it looks like the pages in the admin section don't "take" the https header or something like that. My store is online and working and it is very important for me to have the security enabled. Please can someone help me with this? thanx thanx thanx mondos
Guest Posted January 24, 2003 Posted January 24, 2003 I have the same problem except I get page not found when I try to checkout on the secure server.
jujuhost Posted May 18, 2004 Posted May 18, 2004 I fixed this on my system by changing the link code in: admin/includes/functions/html_ouput.php Now all my admin links are https://... JuJu
Guest Posted May 18, 2004 Posted May 18, 2004 Surely there must be a better way to solve the problem? I have just encountered the same issue and would love to see a better solution than to modify the source code for something as routine as SSL.
Guest Posted May 18, 2004 Posted May 18, 2004 OKay, I fixed it by changing the HTTP server (not HTTPS) to https://myserver.com. That secures the whole admin folder. DOn't know if that's the smoothest solution, but other posts seems to indicate such is the case. If i'm wrong, somebody let me know. :)
webz Posted January 4, 2005 Posted January 4, 2005 OKay, I fixed it by changing the HTTP server (not HTTPS) to https://myserver.com.That secures the whole admin folder. DOn't know if that's the smoothest solution, but other posts seems to indicate such is the case. If i'm wrong, somebody let me know. :) <{POST_SNAPBACK}> 2.2 MS2 Installed from Plesk 7.5.1 I tried this and all links are now secure but I now get this error when I click on "Catagories/Products": Warning: is_dir(): open_basedir restriction in effect. File(/home/httpd/vhosts/mydomain.com/httpdocs/shop/images/) is not within the allowed path(s): (/home/httpd/vhosts/mydomain.com/httpsdocs:/tmp) in /home/httpd/vhosts/mydomain.com/httpsdocs/shop/admin/categories.php on line 326 Error Error: Catalog images directory does not exist: /home/httpd/vhosts/mydomain.com/httpdocs/shop/images/ And just under the "Categories / Products" heading I get this: Warning: file_exists(): open_basedir restriction in effect. File(/home/httpd/vhosts/mydomain.com/httpdocs/shop/images/travelcarr.gif) is not within the allowed path(s): (/home/httpd/vhosts/mydomain.com/httpsdocs:/tmp) in /home/httpd/vhosts/mydomain.com/httpsdocs/shop/admin/includes/functions/general.php on line 230 Has anyone experienced this? Any ideas on a fix? Webz -------> @(-_-)@
wads24 Posted January 6, 2005 Posted January 6, 2005 I am also having this problem, i saw below that someone said that they fixed it by fixing the link code in the admin/includes/functions/html_ouput.php , but there wasn't anymore info besides that. I want to have the admin area linked via https, and when i got to https://mysite.ssl.simplenet.com/admin/ the other links on the admin page are not linked via https, the are linked via http: Can anyone provide some detailed instructions on how to fix this problem. Thanks...
leslie@jump Posted January 7, 2005 Posted January 7, 2005 i fixed the problem withe the following changes. in admin/includes/local/configure.php change define('HTTP_SERVER', 'http://www.host.com'); to define('HTTP_SERVER', 'https://www.host.com'); define('HTTPS_SERVER', 'https://www.host.com'); change define('ENABLE_SSL', 0); to define('ENABLE_SSL', 1); in admin/includes/configure.php change define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module to define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module in catalog/includes/local/configure.php change define('HTTP_SERVER', 'http://www.host.com'); to define('HTTP_SERVER', 'https://www.host.com'); define('HTTPS_SERVER', 'https://www.host.com'); change define('ENABLE_SSL', 0); to define('ENABLE_SSL', 1); in catalog/includes/configure.php change define('ENABLE_SSL', false); // secure webserver for checkout procedure? to define('ENABLE_SSL', true); // secure webserver for checkout procedure? hope this may help
Thespian Posted January 13, 2005 Posted January 13, 2005 Hi people!I have installed ssl for catalog and for admin, and it is enabled in the configurations files, but in the admin section it happens as follows: - In the main page of admin I have the "You are protected by a unknown secure SSL connection", so everything seems to work well, BUT - when I click in any link I go always to a non ssl page What is happening? I have SSL set to true in configure.php but it looks like the pages in the admin section don't "take" the https header or something like that. My store is online and working and it is very important for me to have the security enabled. Please can someone help me with this? thanx thanx thanx mondos <{POST_SNAPBACK}> As others have pointed out, the problem is partially in the tep_href_link() function in admin/includes/functions/html_ouput.php Specificly, it takes 3 arguments, but many places in the code only provide 2. The 3rd argument ($connection) can be unset, or have the vales "SSL" or "NONSSL" and, as you'd expect, control the type of link generated. All well and good, except if an argument isn't specified, the function *defaults* to "NONSSL". *That* is what is causing the problem on the admin page. The main admin links all call this function with no third argument, so it defaults to generating unsecure links. I've fixed my copy with the following change that I hope the devs will see, and incorporate. bash-2.03$ diff html_output.php html_output.php-FIXED 15c15,19 < function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL') { --- > > // Original: > //function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL') { > // Fixed: -JMM > function tep_href_link($page = '', $parameters = '', $connection = 'UNSET') { 18a23,32 > > // Begin modified code -JMM > if ($connection == 'UNSET') { > if (getenv('HTTPS') == 'on') { // We are loading an SSL page > $connection = 'SSL'; > } else { > $connection = 'NONSSL'; > } > } Thsi changes the default behavior, when no argument is passed, to be "whatever I was doing when I was called". This seems the most sane choice, while maintaining the coder's ability to "over-ride" that default explicitly. Which brings me to the next problem. "NOSSL" is handed in as an argument in a bunch of places. These palces include the links down the left hand side of the various admin pages. All except "Tools". The problem here is that a store owner, going to their secured admin pages, will "fall out" of SSL by clicking on any of those left hand links even after my suggested above fix BECAUSE THE DEVS EXPLICITLY PASS "NONSSL" as an argument to the tep_href_link() function. I'm tempted to remove that for all of those admin links, since I can think of no reason to force those to be NONSSL, but I don't want to break something. Can someone please tell me why those were explicitly required to not be secure links? For anyone else who wishes to fix this on their own sites, without throwing the whole store permanently under SSL, here are the files I've found that use the NONSSL token. All of these should be examined, and in conjunction with my fix above, removed if you want to keep the secure/non-secure status of which ever page you are currently on. bash-2.03$ textsearch NONSSL | cut -f1 -d: | sort | uniq -c 1 ./admin/cache.php 1 ./admin/categories.php 6 ./admin/includes/boxes/catalog.php 1 ./admin/includes/boxes/configuration.php 2 ./admin/includes/boxes/customers.php 3 ./admin/includes/boxes/localization.php 3 ./admin/includes/boxes/modules.php 3 ./admin/includes/boxes/reports.php 5 ./admin/includes/boxes/taxes.php 2 ./admin/includes/classes/split_page_results.php 7 ./admin/includes/functions/html_output.php 3 ./admin/includes/header.php 15 ./admin/products_attributes.php 1 ./admin/reviews.php 4 ./admin/specials.php 2 ./admin/stats_customers.php 2 ./admin/stats_products_purchased.php 2 ./admin/stats_products_viewed.php 1 ./admin/whos_online.php 1 ./advanced_search.php 3 ./advanced_search_result.php 4 ./includes/application_top.php 1 ./includes/boxes/manufacturers.php 1 ./includes/boxes/search.php 1 ./includes/boxes/tell_a_friend.php 1 ./includes/functions/general.php 4 ./includes/functions/html_output.php 1 ./includes/modules/payment/psigate.php 1 ./product_info.php bash-2.03$
♥Vger Posted January 14, 2005 Posted January 14, 2005 Leslie - you have the right idea with the 'admin' folder, but you should not do the same with the 'catalog' folder. Putting all of your storefront behind ssl will slow down your whole site - as all pages have to be encrypted before being served up to the customer. Jesse - I appreciate the time and trouble you went to on this problem - but the simplest fix is the best for newcomers to osCommerce. In admin/includes/configure.php change http://www.yourdomain.com to https://www.yourdomain.com. All sub-folders and pages in the 'admin' section are then run under ssl. Vger
Guest Posted January 18, 2005 Posted January 18, 2005 OK, I'm having the same problem - only I don't have a configure.php file in the 'local' folder! Oh Help :'( Sara
tbarlet Posted February 8, 2005 Posted February 8, 2005 It worked for me by just changing the followingin admin/local/config.php: change define('HTTP_SERVER', 'http://www.host.com'); to define('HTTP_SERVER', 'https://www.host.com'); i fixed the problem withe the following changes.in admin/includes/local/configure.php change define('HTTP_SERVER', 'http://www.host.com'); to define('HTTP_SERVER', 'https://www.host.com'); define('HTTPS_SERVER', 'https://www.host.com'); change define('ENABLE_SSL', 0); to define('ENABLE_SSL', 1); in admin/includes/configure.php change define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module to define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module in catalog/includes/local/configure.php change define('HTTP_SERVER', 'http://www.host.com'); to define('HTTP_SERVER', 'https://www.host.com'); define('HTTPS_SERVER', 'https://www.host.com'); change define('ENABLE_SSL', 0); to define('ENABLE_SSL', 1); in catalog/includes/configure.php change define('ENABLE_SSL', false); // secure webserver for checkout procedure? to define('ENABLE_SSL', true); // secure webserver for checkout procedure? hope this may help <{POST_SNAPBACK}>
Custom-Home-Theater Posted February 8, 2005 Posted February 8, 2005 Hi people!I have installed ssl for catalog and for admin, and it is enabled in the configurations files, but in the admin section it happens as follows: - In the main page of admin I have the "You are protected by a unknown secure SSL connection", so everything seems to work well, BUT - when I click in any link I go always to a non ssl page What is happening? I have SSL set to true in configure.php but it looks like the pages in the admin section don't "take" the https header or something like that. My store is online and working and it is very important for me to have the security enabled. Please can someone help me with this? thanx thanx thanx mondos <{POST_SNAPBACK}> I think you need to check your https settings in the /admin/config file
Guest Posted February 8, 2005 Posted February 8, 2005 we need to have an understanding of what is what, the file is configure.php and it is located in the respective 'includes' directory. the 'local' directory is for developing locally on your computer so you can do a full test of everything localy prior to sending to the internet without having to change your includes/configure.php files (just have to make sure you dont send the local/configure.php to the net)
TCwho Posted February 8, 2005 Posted February 8, 2005 This is just a small issue...but... I know my admin side is secure even though the lower left hand side of the main administration page still says it is not secure, even though I know it is due to change in configure.php and I am able to see padlock...... ...but is this just a flaw, or is it possible to get osC main administration page to actually 'lock' the padlock and say it is protected? Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00
Guest Posted February 9, 2005 Posted February 9, 2005 It worked for me by just changing the following in admin/local/config.php: change define('HTTP_SERVER', 'http://www.host.com'); to define('HTTP_SERVER', 'https://www.host.com'); <{POST_SNAPBACK}> That seemed to work for me too, i don't mind having all my admin activities under SSL. BUT: In the catalog pages, the images are not displayed any more. N.B. I am using a ssl proxy with a SSL adress like "ssl.provider.com/catalog//mydomain" which is the SSL equivalent to "www.mydomain.com" The catalog images get adresses "ssl.provider.com/images/myimage.jpg" ( the "mydomain" went just into the nirvanah. :( ) When in try to fiddle with the setting in define('DIR_FS_CATALOG_IMAGES',by adding "mydomain" i just get "image not available". Has anyone got the same symptoms and even got a cure? Thank you! Michel
♥Vger Posted February 9, 2005 Posted February 9, 2005 ssl.provider.com/catalog//mydomain Well, there's two slashes in there to start with. Make sure that your https server address is https://ssl.provider.com/yourdomain, and then your https path to catalog is /catalog/ Leave the https cookie domain blank. Vger
Guest Posted February 9, 2005 Posted February 9, 2005 ssl.provider.com/catalog//mydomain Well, there's two slashes in there to start with. Make sure that your https server address is https://ssl.provider.com/yourdomain, and then your https path to catalog is /catalog/ Leave the https cookie domain blank. Vger <{POST_SNAPBACK}> Oh sorry, the double // was a typo. i will try your hint with nothing as cookie server Thanks
Guest Posted February 9, 2005 Posted February 9, 2005 Oh sorry, the double // was a typo. i will try your hint with nothing as cookie server Thanks <{POST_SNAPBACK}> Ooops! There is no cookie server in configure.php of admin? michel
scottburd Posted February 12, 2005 Posted February 12, 2005 If you want to protect someone from getting to your admin section...put a password protect on that directory. most web host have this option to where they will do it for you.
shotokai Posted February 19, 2005 Posted February 19, 2005 2.2 MS2 Installed from Plesk 7.5.1 I tried this and all links are now secure but I now get this error when I click on "Catagories/Products": Warning: is_dir(): open_basedir restriction in effect. File(/home/httpd/vhosts/mydomain.com/httpdocs/shop/images/) is not within the allowed path(s): (/home/httpd/vhosts/mydomain.com/httpsdocs:/tmp) in /home/httpd/vhosts/mydomain.com/httpsdocs/shop/admin/categories.php on line 326 Error Error: Catalog images directory does not exist: /home/httpd/vhosts/mydomain.com/httpdocs/shop/images/ And just under the "Categories / Products" heading I get this: Warning: file_exists(): open_basedir restriction in effect. File(/home/httpd/vhosts/mydomain.com/httpdocs/shop/images/travelcarr.gif) is not within the allowed path(s): (/home/httpd/vhosts/mydomain.com/httpsdocs:/tmp) in /home/httpd/vhosts/mydomain.com/httpsdocs/shop/admin/includes/functions/general.php on line 230 Has anyone experienced this? Any ideas on a fix? <{POST_SNAPBACK}> I have the same issue. Unfortunately the default settings - at least in my Plesk setup - serve HTTP and HTTPS docs from 2 different directories. (httpdocs & httpsdocs). I can't see a solution except to change the value for the http server in the config files as suggested here. I'd love to hear a better one though...
mikey boy Posted February 20, 2005 Posted February 20, 2005 I've recently pruchased an SSL for my website, but after a week of ploughing through the OsC help files can't find anything that tells me actually what to do with it! Can anyone kindly point me to any resources that take me step by step through the process of integrating an SSL into OsC. I need the Checkout secured, where people are going to be using credit & debit cards. Thanks. Mike :D
Guest Posted February 21, 2005 Posted February 21, 2005 Can anyone kindly point me to any resources that take me step by step through the process of integrating an SSL into OsC. I need the Checkout secured, where people are going to be using credit & debit cards. You should check that with your provider, he will give you the instructions to install the certificate. Once installed you just have to adapt the configure.PHP files and fill in the HTTPS domain (which should be the same than your HTTP domain, and set SSL to "true" Enjoy it, it is surely much easier than using shared SLL.
♥Vger Posted February 21, 2005 Posted February 21, 2005 If your hosting setup requires the use of an httpdocs folder and an httpsdocs folder then you need to duplicate all of the httpdocs files in the httpsdocs folder. Vger
Recommended Posts
Archived
This topic is now archived and is closed to further replies.