germ Posted December 20, 2010 Author Share Posted December 20, 2010 If that code isn't in application_top, I really wouldn't have a clue. :blush: If you can find where $request_type gets set I can help change it to something that will work. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
germ Posted December 21, 2010 Author Share Posted December 21, 2010 The earliest version of this file I can find is this: $Id: application_top.php,v 1.264 2003/02/17 16:37:52 hpdl Exp $ That's about a month newer than yours It has this code: // define the project version define('PROJECT_VERSION', 'osCommerce 2.2-MS1'); // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; Don't know if that helps at all. That particluar test won't work fot you. The one below should: // set the type of request (secure or not) $request_type = (getenv('HTTP_X_FORWARDED_SERVER') == 'ssl.perfora.net') ? 'SSL' : 'NONSSL'; If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
webwork Posted December 26, 2010 Share Posted December 26, 2010 Hi Germ, My web host is on justhost. I just purchase Geotrust SSL. If I click "checkout" button on the shipping cart page, it brings me back to the shopping cart page with "Your Shopping Cart is empty!" My URL is www.dhfashionusa.com. I have run your help php files and cannot see any errors? Your help is very much appreciated. Thanks, Link to comment Share on other sites More sharing options...
germ Posted December 26, 2010 Author Share Posted December 26, 2010 In the config file try changing this: define('HTTPS_COOKIE_DOMAIN', 'dhfashionusa.com'); To: define('HTTPS_COOKIE_DOMAIN', 'www.dhfashionusa.com'); Or this: define('HTTPS_COOKIE_DOMAIN', '.dhfashionusa.com'); If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
webwork Posted December 26, 2010 Share Posted December 26, 2010 Thank you for your quick reply. I tried both. The problem is still there. Your php files still on the web site you can run them to see if there are any issue. Thanks, Link to comment Share on other sites More sharing options...
germ Posted December 26, 2010 Author Share Posted December 26, 2010 It only empties the cart in Firefox. It stays intact using IE Try setting "Force Cookie Use" to false in your admin. Save it. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
webwork Posted December 26, 2010 Share Posted December 26, 2010 Hi Germ, When I set "force cookie use" to false, it works even with cookie_domain "dhhandbag.com". Does "force cookie use = false" have some other side impacts? Thanks, Link to comment Share on other sites More sharing options...
germ Posted December 26, 2010 Author Share Posted December 26, 2010 The side effect being the osCid appears in the browser address bar now. I think the whole problem is that the SSL cert is issued to the domain name without the WWW. Edit the config file to this: define('HTTP_SERVER', 'http://dhfashionusa.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://dhfashionusa.com'); // eg, https://localhost - should not be empty for productive servers I see you have one of the SEO URL mods installed so you might have to edit the .htaccess file also. The goal here is to remove the "www." from all your URL's After you have done that you can try forcing cookies again and see if the problem comes back. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
webwork Posted December 27, 2010 Share Posted December 27, 2010 Hi Germ, You are great. Thank you very much. After I changed http_server without www, it works with force_cookie option. As I remembered my ssl only covers one domain either with or withour www. Does that mean I have to buy two SSLs? Thanks, Link to comment Share on other sites More sharing options...
germ Posted December 27, 2010 Author Share Posted December 27, 2010 You can ony have one SSL cert. for a domain, either with or without the "www." If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
webwork Posted December 28, 2010 Share Posted December 28, 2010 Hi Germ, Does that mean I should use SSL to cover the domain with WWW. In that way the normal config setting will work, i.e. HTTP with www and HTTPS without www. Thanks, Link to comment Share on other sites More sharing options...
germ Posted December 28, 2010 Author Share Posted December 28, 2010 You can't use WWW. with your SSL without getting a new cert. I thought you had it all working, but the cart still dumps using Firefox, still OK with IE. In your admin under Sessions what do you have these set to: Force Cookie Use Check SSL Session ID Check User Agent Check IP Address Prevent Spider Sessions Recreate Session If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
webwork Posted December 30, 2010 Share Posted December 30, 2010 Hi Germ, I rechecked and found "add cart" doesn't work too when I change www to no-www. The settings are: Force Cookie Use: True Check SSL Session ID: False Check User Agent: False Check IP Address: False Prevent Spider Sessions: True Recreate Session: False My previous question is that when I renew or puchase new SSL, should I ask ssl to cover www? Thanks, Link to comment Share on other sites More sharing options...
JeddeJ Posted January 15, 2011 Share Posted January 15, 2011 Hi I just got SSL set on my web server (was done by the hosting company) i have followed all the instructions on the first post and nothing seems to resolve my issue. I have followed several threads but haven't found anything related to my issue. The problem is I cannot access any of my web-pages that require SSL encryption, notably the account, cart and checkout. All i get is a big scary looking 500 - Internal Server Error. Does this mean one of my files has the wrong permission levels? My log files show the following, but i am not web savvy enough know exactly what it means. Premature end of script headers: /home/******/public_html/catalogue/account.php SoftException in Application.cpp:422: Mismatch between target UID (99) and UID (504) of file "/home/*****/public_html/catalogue/account.php" Any help would be much appreciated Link to comment Share on other sites More sharing options...
germ Posted January 15, 2011 Author Share Posted January 15, 2011 Make a simple HTML file, call it test.html <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="content-type" content="text/html;charset=iso-8859-1"> <title>Down for Maintenance</title> </head> <body bgcolor="#ffffff"> <table width="100%" border="0" cellspacing="2" cellpadding="0" height="100%"> <tr> <td> <div align="center"> <font size="7">Store Down for Maintenance.<br>Please check back later.</font></div> </td> </tr> </table> </body> </html> Up load it to the catalog folder. Access it with your SSL URL: https://your_domain.com/catalog/test.html or https://www.your_domain.com/catalog/test.html If that doesn't work then the problem is something I can't fix - contact your host to fix it. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
JeddeJ Posted January 15, 2011 Share Posted January 15, 2011 hi Germ that html file worked ok i downloaded the SSL Help and it works too. Although i have no real idea what it means catalog configure file(s)seem alright though all green Link to comment Share on other sites More sharing options...
germ Posted January 15, 2011 Author Share Posted January 15, 2011 If you want any more from me you'll have to post (or PM me) your URL so I can see first hand what's up. Even then I can't guarantee anything other than I'll give it my best. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
JeddeJ Posted January 15, 2011 Share Posted January 15, 2011 hi Germ the Hosting guys got back to me looks like they didn't set up the Virtual Host for the domain name properly. They said 'Now the scripts are parsed properly and the pages load without any issues.' The good thing is i can now see account, cart and checkout pages on the site, but (in firefox)the Green bar in the URL flashes up and dissappears and in internet explorer the warning are all over the place! Link to comment Share on other sites More sharing options...
germ Posted January 15, 2011 Author Share Posted January 15, 2011 My Firefox (not the latest version) shows an encrypted connection. I get the "unsecure items" popup in Internet Explorer because of this line in the source: <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script> You can't load scripts or images from http source on https pages. Download the script from there, put it in your shop folder and then the proper code becomes: <script type="text/javascript" src="jquery-latest.js"></script> That will load on secure pages with no problem. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
pdcelec Posted January 15, 2011 Share Posted January 15, 2011 My Firefox (not the latest version) shows an encrypted connection. I get the "unsecure items" popup in Internet Explorer because of this line in the source: <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script> You can't load scripts or images from http source on https pages. Download the script from there, put it in your shop folder and then the proper code becomes: <script type="text/javascript" src="jquery-latest.js"></script> That will load on secure pages with no problem. Alternatively this will work <script type="text/javascript" src="<?php echo (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on') ? 'https://' : 'http://') . 'code.jquery.com/jquery-latest.js'; ?>"></script> Link to comment Share on other sites More sharing options...
germ Posted January 15, 2011 Author Share Posted January 15, 2011 The site that hosts the script doesn't support https - I tried it. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
JeddeJ Posted January 15, 2011 Share Posted January 15, 2011 Hi Germ do i need to replace that bit of script in all of the shop files or can i get away with just the files relating to the secure pages? This bit of code 'http://code.jquery.com/jquery-latest.js' is designed to get the latest javascript code, now that i am removing it do i have to update the script from time to time? Also i was trying to get the unsecure.php programme to work. Don't what i have been doing wrong! All i have to do below is change the 'yourdomain.com' is that correct? http://www.yourdomain.com/unsecure.php?site=https://site.com/page.php Just wanted to see it working, thanks for you help Link to comment Share on other sites More sharing options...
germ Posted January 15, 2011 Author Share Posted January 15, 2011 If the jquery script works now it will continue to work. Check for updates if you like. The correct URL for the unsecure program to work for you is: http://www.YOUR_DOMAIN.com/shop/unsecure.php?site=https://www.YOUR_DOMAIN.com/shop/index.php If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
JeddeJ Posted January 15, 2011 Share Posted January 15, 2011 hi Germ just want to thank you for getting back to me so quickly and helping me sort the problematic coding. I'm a complete novice at this stuff and had been doing a lot of reading before i mailed this forum so i could get a little bit of an idea of what was going on with SSL never mind what to do! Excuse my way of writing especially about the javascript...'http://code.jquery.com/jquery-latest.js' sounded like i knew what it meant...i'm dyslexic but try to hid it! It seems by your reply the file that the href collects rarely changes. Why doesn't everybody have the script in their catalogue or do they only have it by necessity for SSL purposes? i had to get rid of all the offending code from every file <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script> And i just like to say the site is working perfectly. Cheers Jim Link to comment Share on other sites More sharing options...
ftrippie Posted January 24, 2011 Share Posted January 24, 2011 Hi Guys, Perhaps you can help me out as well. I set up a dedicated SSL with fixed IP etc. At first I got problems with all the image files (like the icon for folders and like the product images) on both shop and admin console. Then I changed to the recommended configuration for 1AND1 (although I am on LONEX): // set the type of request (secure or not) $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; and that sorted it for the shop site (ordering an item, going into cart via https works), but I keep getting the problem for the admin console. Every image is showing the stolen.gif (linking images is theft) because of the htaccess implementation against hotlinking: # stop hotlinking (gif/jpg) and serve alternate content <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?decobio\.com/.*$ [NC] RewriteRule .*\.(gif|jpg)$ http://www.decobio.com/images/stolen.gif [R,NC,L] </ifModule> So, I am left with a couple of questions: 1. how to solve the hotlinking issue (do I have to put https in there as well)? 2. I still get 'warning; contains unauthenticated content' in firefox when going into the shoppingcart (switching from http to https) 3. If i change the functions/general.php as well from 'on' to '1', it won't switch to https, so perhaps it shouldn't be on '1' at all? Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.