germ Posted May 1, 2009 Author Share Posted May 1, 2009 In the file change this code: if ( $HTTP_GET_VARS['site'] ) { $site = preg_replace("/[^ {}a-zA-Z0-9_.-\/:]/i", "", $HTTP_GET_VARS['site']); To: if ( $HTTP_GET_VARS['site'] ) { $site = preg_replace("/[^ {}a-zA-Z0-9_.\/:-]/i", "", $HTTP_GET_VARS['site']); I will fix that bug next time I upload the contribution. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
janhworman Posted May 20, 2009 Share Posted May 20, 2009 In the file change this code: if ( $HTTP_GET_VARS['site'] ) { $site = preg_replace("/[^ {}a-zA-Z0-9_.-\/:]/i", "", $HTTP_GET_VARS['site']); To: if ( $HTTP_GET_VARS['site'] ) { $site = preg_replace("/[^ {}a-zA-Z0-9_.\/:-]/i", "", $HTTP_GET_VARS['site']); I will fix that bug next time I upload the contribution. I have had the same problem showing an error attempting top open a file when using the coded file unsecure.php that you included in your download. I have tried the change you listed above, but it still doesn't show any issues. I can get the site to load fine now on the index.php site based on your previous postings, but now, when I click on any other link it converts to a non-secure site link. my site is https://www.ministryresourcecentral.com/c4c...talog/index.php I still have the files installed in the catalog folder from your SSL help file. I would appreciate any advice as I am needing to get this corrected ASAP - I need to go live this week! Thank you very much! Link to comment Share on other sites More sharing options...
germ Posted May 20, 2009 Author Share Posted May 20, 2009 when I click on any other link it converts to a non-secure site link. It's supposed to work like that. I can find nothing "unsecure" or wrong with the way your SSL is working. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
iyah Posted July 26, 2009 Share Posted July 26, 2009 I have been trying for weeks to get my SSL working correctly. Both internet explorer and firefox are scaring away my customers. IE gives a warning about unsecured and secured contents and firefox shows an (!) over the lock. Here is what I get when I run the unsecure.php : unsecure.php Version 1.1 Site not specified! Here is MY URL Thanks Link to comment Share on other sites More sharing options...
germ Posted July 26, 2009 Author Share Posted July 26, 2009 Correct implementation of the contribution: click me If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
iyah Posted July 26, 2009 Share Posted July 26, 2009 I have been trying for weeks to get my SSL working correctly. Both internet explorer and firefox are scaring away my customers. IE gives a warning about unsecured and secured contents and firefox shows an (!) over the lock. Here is what I get when I run the unsecure.php : unsecure.php Version 1.1 Site not specified! Here is MY URL Thanks Forgot to mention that I tried all the changes mentioned in application top.php but willing to try them again. I also just noticed that the (!) in firefox seems to be gone but IE still showing that annoying message. How can I get rid of that message? Link to comment Share on other sites More sharing options...
germ Posted July 26, 2009 Author Share Posted July 26, 2009 Remove the http links to images and/or scripts. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
iyah Posted July 26, 2009 Share Posted July 26, 2009 Remove the http links to images and/or scripts. What do you mean? For example should I make changes on the slider on my header? If so what should I change in: leftrightslide[0]='<a href="http://mydomain/folder//catalog/product_info.php?cPath=28&products_id=49"><img src="http://mysite/folder//catalog/images/pouch.gif" border=0 width="75" height="75"></a>' Link to comment Share on other sites More sharing options...
germ Posted July 26, 2009 Author Share Posted July 26, 2009 These links: <a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/Money_order.jpg" border="0"></a><br><br> <a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/cheque.gif" border="0"></a><br><br> <a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/western union.gif" border="0"></a> Should be: <a href="#"><img src="images/Money_order.jpg" border="0"></a><br><br> <a href="#"><img src="images/cheque.gif" border="0"></a><br><br> <a href="#"><img src="images/western union.gif" border="0"></a> And the image part of the links in the slideshow should be like this: <img src="images/pouch.gif" border=0 width="75" height="75"> (No http reference) And in the stylesheet: background-image: url('http://iyahroots.com/rasta-products//catalog/images/logo1.jpg'); Needs to be: background-image: url('images/logo1.jpg'); If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
iyah Posted July 26, 2009 Share Posted July 26, 2009 These links: <a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/Money_order.jpg" border="0"></a><br><br> <a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/cheque.gif" border="0"></a><br><br> <a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/western union.gif" border="0"></a> Should be: <a href="#"><img src="images/Money_order.jpg" border="0"></a><br><br> <a href="#"><img src="images/cheque.gif" border="0"></a><br><br> <a href="#"><img src="images/western union.gif" border="0"></a> And the image part of the links in the slideshow should be like this: <img src="images/pouch.gif" border=0 width="75" height="75"> (No http reference) And in the stylesheet: background-image: url('http://iyahroots.com/rasta-products//catalog/images/logo1.jpg'); Needs to be: background-image: url('images/logo1.jpg'); Thanks so much. There is a problem I think with relative paths. I am using Netfirms as my host and I have always noticed that relative paths do not work. Link to comment Share on other sites More sharing options...
germ Posted July 26, 2009 Author Share Posted July 26, 2009 1. Change hosts 2. Remove the "unsecure" items. 3. Put up with the problem. :huh: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
iyah Posted July 26, 2009 Share Posted July 26, 2009 1. Change hosts 2. Remove the "unsecure" items. 3. Put up with the problem. :huh: YOU ARE RIGHT!! I need to change host. Thanks for all the help at least I will get it fixed now. Link to comment Share on other sites More sharing options...
germ Posted July 26, 2009 Author Share Posted July 26, 2009 If you're talking about "relative links" within a page this thread may shed some light on that. And the whole osC concept is based on "relative links" when pertaining to images. If you look at the HTML source, in the <head> section you'll see something like: <base href="http://yoursite.com/catalog/"> Then look at an image link: <img src="images/oscommerce.gif" width="204" height="50" border="0" alt=" osCommerce " title=" osCommerce "> So the browser takes the: <base href="http://yoursite.com/catalog/"> And adds that to the image link and knows to find the image at: <img src="http://yoursite.com/catalog/images/oscommerce.gif" width="204" height="50" border="0" alt=" osCommerce " title=" osCommerce "> So when you implement SSL, the only part of the page that changes to make the images "secure" is the <base href> If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
iyah Posted July 27, 2009 Share Posted July 27, 2009 Thanks so much. There is a problem I think with relative paths. I am using Netfirms as my host and I have always noticed that relative paths do not work. This may help someone else using netfirms. Found the fix on Netfirms's support page HERE. Link to comment Share on other sites More sharing options...
lordofcb Posted September 21, 2009 Share Posted September 21, 2009 If you're talking about "relative links" within a page this thread may shed some light on that.... You seem to know your SSL, well I know NOTHING about how it is supposed to work. But anyways, I purchased a Comodo SSL certificate through my hosting company for my oscommerce after a sales rep suggested it. I have been reading what you have written and the part about the external references (like my banners and such) make sense. But i need to know if what they have done makes any sense at all... I hope I can explain this clearly.. I have a domain xyz.com where they installed this SSL product.. they did it today and adjusted my configure.php file for me. So, i went to my catalog, and banners not displaying etc.. but even worse, when I try to sign in as a user, or create a new user, nothing will work... also, there are many more problems that suddenly popped up.. I also have a new version of oscommerce i put into xyz.com/oscommercenew/catalog, as soon as they installed the SSL i lost all access to it, getting 400 or 500 internal error messages.. then next, even more trouble.. i have loads of other webpages on the same domain, like xyz/folder1/xxx.html, xyz/folder2/aaa.html etc etc... and now when i browse to any of them everything is going off the https://xyz.com domain, and all sorts of stuff in all those other programs isn't working right. My question is I guess.. is them installing an SSL product on my domain suppose to effect every single thing like that??? I didn't think my entire domain would default to https: pages Link to comment Share on other sites More sharing options...
germ Posted September 21, 2009 Author Share Posted September 21, 2009 My question is I guess.. is them installing an SSL product on my domain suppose to effect every single thing like that??? No. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
lordofcb Posted September 22, 2009 Share Posted September 22, 2009 No. I thought so, it sure doesn't seem right to me. I did a bit more investigating and notice what they have done.. they have put a file folder in my root called ssl.conf, inside that folder are 3 certificate type files. Then, for some reason unknown to me, they have added a 3rd level domain under my domain called cx9.xwebshoting.com, now every page i attempt to browse too has the following happen to it... If i enter into browser http:\\xyz.com\homepage.html it converts it to https:\\xyz.com.cx9.xwebhosting.com\homepage.html then it reports certificate erro and continuing to the page goes to an internal 500 error. Link to comment Share on other sites More sharing options...
Guest Posted October 1, 2009 Share Posted October 1, 2009 I'm having SSL issues, my stylesheet and images are being blocked in IE. I changed the path to my stylesheet in login.php to a https:// link to test it and it works, but my images are still blocked. I've uploaded your contribution but can't seem to get the unsecure.php to work. Your files are here. Any help would be great, i've been scratching my head for most of the afternoon. Cheers, Dave Link to comment Share on other sites More sharing options...
germ Posted October 2, 2009 Author Share Posted October 2, 2009 Bad news. :( You're on one of those servers where nothing changes in the "environment" that is visible to PHP. osC relies on being able to detect when SSL is active by checking some server variable that has a different value (or doesn't exist) when SSL is active. The server you are on has no such variable. You could put is a support ticket and ask them why and if they could arrange something for you. If you look at this page $SERVER['HTTPS'] is "standard PHP but they have that turned off or unavailale on your server. You could try this. If you try that be aware that it may not work all the time if you actually manually tyoe in a https url to the store. But it should work fine if all you do is click links on the pages. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Guest Posted October 2, 2009 Share Posted October 2, 2009 That works perfectly. I know it's not ideal, but it gets me out of trouble while i hassle the crap out of this horrible hosting company. You're a legend, thank you so much for your help! Link to comment Share on other sites More sharing options...
Guest Posted October 19, 2009 Share Posted October 19, 2009 Hi, I'm trying to use the ssl implementation contribution to track down a problem with my HTTPS pages showing secure and unsecure images when accessed using IE8 and Vista. I've installed the contribution, but am getting this error message when I try to use the unsecure.php file (I'm probably missing some simple point). Forbidden You don't have permission to access /store_tole_decorative_painting/unsecure.php on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/1.3.41 Server at www.decorativepaintingstore.com Port 443 Any idea what I'm doing wrong? Sharon Link to comment Share on other sites More sharing options...
germ Posted October 19, 2009 Author Share Posted October 19, 2009 The store isn't recognizing the cue from the server hat SSL is on or the config file(s) are wrong. Read the first post in this thread closely. It has things for you to CHECK and TRY. My answer has nothing to do with your question (sorry about that :blush: ) but EVERYTHING to do with your SSL problem. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Guest Posted October 20, 2009 Share Posted October 20, 2009 Yes, I've read the first post. I sure my configure file is ok. I've had tech support at my host company check and they say the configure file is perfect. What I'm thinking it might be is the application-top.php file. My file has this line in it: // set the type of request (secure or not) $request_type = (stristr(getenv('HTTP_X_FORWARDED_HOST'), "https://www.decorativepaintingstore.com")) ? 'SSL' : 'NONSSL'; The part that is different than what you've said it should be is the "(stristr)" I've tried removing this and changing it to the statement you have listed, but then I get other error messages. Link to comment Share on other sites More sharing options...
germ Posted October 20, 2009 Author Share Posted October 20, 2009 Use this code: // set the type of request (secure or not) $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Guest Posted October 20, 2009 Share Posted October 20, 2009 Use this code: // set the type of request (secure or not) $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; ****** I just tried that before you replied, but when I use the login.php page, enter a name and password, then click continue, it just loops back to itself and won't let me log in as a customer. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.