Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Implementation Help


germ

Recommended Posts

Hi Germ,

 

Recently added SSL and doesn't appear to be cooperating. I thought that it would default the base url to an https. That could be a server issue, but not sure. Have altered config files in admin and catalogue (although don't have catalogue, it just goes to my root, but just letting you know what files altered). Have uploaded your files and was good on some parts. but this is what I get when using the myenv.php file.

 

myenv.php Version 1.2

 

SSL Variables

 

HTTP HOST: []

 

Server Port: [443]

 

SSL Status: [on]

 

Fowarded Server: [undefined!]

 

Fowarded Host: [undefined!]

 

Fowarded By: [undefined!]

 

$_SERVER['HTTPS']: [on]

 

Load: 2

 

I found a file called ssl_check.php and it came up with this info:

 

We have detected that your browser has generated a different SSL Session ID used throughout our secure pages.

 

For security measures you will need to logon to your account again to continue shopping online.

 

Some browsers such as Konqueror 3.1 does not have the capability of generating a secure SSL Session ID automatically which we require. If you use such a browser, we recommend switching to another browser such as Microsoft Internet Explorer, Netscape, or Mozilla, to continue your online shopping experience.

 

We have taken this measurement of security for your benefit, and apologize upfront if any inconveniences are caused.

 

Please contact the store owner if you have any questions relating to this requirement, or to continue purchasing products offline.

 

I am guessing the sslcheck file came with oscommerce.

 

Help?

Link to comment
Share on other sites

  • Replies 414
  • Created
  • Last Reply

Did you read the very first post in this thread closely and do all the checks I laid out?

:unsure:

 

From the info you posted, if your config file is correct it should be working.

 

To be of any help I'll need your URL (either post it here or PM it to me).

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Did you read the very first post in this thread closely and do all the checks I laid out?

:unsure:

 

From the info you posted, if your config file is correct it should be working.

 

To be of any help I'll need your URL (either post it here or PM it to me).

 

Hi Germ,

 

Yes, I just went back to double check I had read and tried the suggestions last night. I have. I even went looking for links that might refer to the unsecure domain instead of relative links. Particularly, in my english or english/index.php. I believe I had a look at both, but I am pretty sure I made my links relative because one never knows if they decide to change something and then you have to go and mess with the URL again.

 

So, if you don't mind, I'm going to PM the url.

 

Thanks heaps. I do appreciate the script because it is advising me something isn't right, while part of it appears to be.

Link to comment
Share on other sites

Hi Germ,

 

Yes, I just went back to double check I had read and tried the suggestions last night. I have. I even went looking for links that might refer to the unsecure domain instead of relative links. Particularly, in my english or english/index.php. I believe I had a look at both, but I am pretty sure I made my links relative because one never knows if they decide to change something and then you have to go and mess with the URL again.

 

So, if you don't mind, I'm going to PM the url.

 

Thanks heaps. I do appreciate the script because it is advising me something isn't right, while part of it appears to be.

In your /includes/configure.php be sure this line is like this:

 

  define('DIR_WS_HTTPS_CATALOG', '/');

I think you might have this instead:

 

  define('DIR_WS_HTTPS_CATALOG', '');

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

In your /includes/configure.php be sure this line is like this:

 

  define('DIR_WS_HTTPS_CATALOG', '/');

I think you might have this instead:

 

  define('DIR_WS_HTTPS_CATALOG', '');

 

Yes, I did, Fixed that to reflect

  define('DIR_WS_HTTPS_CATALOG', '/');

 

Still showing general http://

 

That was my includes/configure.php and I checked the admin includes one but could not find same reference so one file altered.

Link to comment
Share on other sites

Here's a question:

 

In what would be catalog (except I don't have that) /configure.php

 

define('DIR_WS_HTTPS_CATALOG', '/');

 

Does there need to be something stated where the forward slash is, instead of a forward slash? I mean what if I don't have catalog...should that be removed and just show 'DIR_WS_HTTPS', '/' and something in the /?

 

Just looking at ideas.

Link to comment
Share on other sites

Looks like you have everything configured correctly now.

 

I don't know why some images won't show on the SSL side.

 

If I accessd them directly with my browser (with HTTPS URL) they show.

 

You have some statcounter scripts at the bottom that use HTTP links.

 

You'll need to change the code to something like this:

 

<?php
 if ( $request_type == 'NONSSL' ) {
?>

******** DELETE THIS LINE AND PUT YOUR STAT COUNTER CODE HERE ********

<?php
 }
?>

You can't load scripts or images from HTTP sources on a HTTPS page.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I see what you mean by the images. Will look into that.

 

Ah, the stats...that didn't even occur. Yes, that's an external link. I've removed the code for the moment. I did load your script and will keep it in mind for future reference, but right now I need to focus on some fundamentals.

 

Thanks for reminding me of the external link.

 

Think I'll have to do some messing around and try.

Link to comment
Share on other sites

How do you get the site to load to https automatically? Do I need a redirect script to do that? I can find one of those pretty easily.

Having the whole site HTTPS all the time isn't a good idea for several reasons.

 

And it wouldn't fix the problem anyway.

 

I've never seen a site refuse to load images on the SSL side like that when the configuration and image links are all correct so I am completely baffled...

(like that's difficult to do - baffle me :lol: )

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Having the whole site HTTPS all the time isn't a good idea for several reasons.

 

And it wouldn't fix the problem anyway.

 

I've never seen a site refuse to load images on the SSL side like that when the configuration and image links are all correct so I am completely baffled...

(like that's difficult to do - baffle me :lol: )

 

Yeah I'm trying to figure that out, and yes, I see what you mean about having entire site secured. I don't need it right? It's only the sensitive areas and I registered as a new user and went to cart for purchase (no merchant gateway set up yet) and the vital spots are loading in https (which is good), but the images...that has me stumped. Only thing I can really consider at this stage is folder permissions on images. I have many images in images/subcategoryname/image.jpg but that should not be generating an error as the links to these images are relative. I'm looking around and have emailed my webhost to see if they can find the problem (as they have been quite helpful) but other than that, all I can really do right now is look at script and search forums all over the www. I'm not the only one that has had this trouble, but there are no posted replies to how to fix it.

 

Thanks heaps for your time Germ. I don't expect you to waste any more of your time than you already have, looking at why images aren't showing. The permissions are set to 755, which should be fine.

Link to comment
Share on other sites

OK.

 

Here's a thought.

 

When I try to access your /images folder directly with my browser I get a "403: forbidden" page.

 

Maybe the .htaccess file in the /images folder needs a little tweaking.

 

To test this theory just rename the .htaccess file in the /images folder to text.htaccess

 

.htaccess files are hidden files by default in the UNIX environment so you may have to toggle a setting in your cPanel to make them visible.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

OK.

 

Here's a thought.

 

When I try to access your /images folder directly with my browser I get a "403: forbidden" page.

 

Maybe the .htaccess file in the /images folder needs a little tweaking.

 

To test this theory just rename the .htaccess file in the /images folder to text.htaccess

 

.htaccess files are hidden files by default in the UNIX environment so you may have to toggle a setting in your cPanel to make them visible.

 

That caused images to show in secure pages.

Next question: Can I leave the htaccess as a txt file or do I need to change it back for it to work?

It did not allow me to log in as a user on the front end.

Link to comment
Share on other sites

That caused images to show in secure pages.

Next question: Can I leave the htaccess as a txt file or do I need to change it back for it to work?

It did not allow me to log in as a user on the front end.

Not quite sure what you mean?

:unsure:

 

Altering the .htaccess file in the /images folder only shouldn't affect the entire site.

:blink:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Not quite sure what you mean?

:unsure:

 

Altering the .htaccess file in the /images folder only shouldn't affect the entire site.

:blink:

 

I don't have an .htaccess file in my images folder. It's in the root (which in some installs is catalog).

Link to comment
Share on other sites

I don't have an .htaccess file in my images folder. It's in the root (which in some installs is catalog).

I just made an account, logged off, and logged back in successfully.

:blush:

 

Does that help any?

:unsure:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Am I able to leave the htaccess as text, or advisable to change it back? If it's fine with the .txt extension (root folder not images only) then cool.

I still get the "403: forbidden" when accessing the /images folder (but that is a good thing). I was going to suggest a different way to protect a folder from prying eyes but I don't need to.

 

If it all works with the file renamed leave it that way.

 

"Kick the tires" on the site for a while. If it works, you know what they say, "If it aint broke don't fix it".

:thumbsup:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Thank you so much Germ. Your assistance is greatly appreciated. I will leave as is.

 

It's an old word, but I'm not from the US, so as I would say "You're awesome!"

You're most welcome, Ma'am.

:rolleyes:

 

But fixing anything is a two way collaboration, so if I am "awesome" in any way, shape, form, or fashion, then that would have to apply equally to you as well.

:wub:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

You're most welcome, Ma'am.

:rolleyes:

 

But fixing anything is a two way collaboration, so if I am "awesome" in any way, shape, form, or fashion, then that would have to apply equally to you as well.

:wub:

 

Well thank you! - I just try to follow directions.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...