Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Unsecure Items alert (images & CSS) on SSL pages


Guest

Recommended Posts

I have finished a site for a friend http://www.greenjacketgolfshop.com which uses SSL encryption. I have avidly read the forums and the installation instructions and have one last problem to solve but can't find an answer.

 

When you display, say, the account login page, the standard alert appears about a secure page containing some unsecure items. These items are the images and also no CSS formatiing is included (if you choose not to view unsecure items). The missing images and css are all stored locally, I do not think there are any links to external non-secure web pages.

 

My site is hosted on a windows server and 2 main folders exist, a httpdocs and a httpsdocs folder. Currently everything is in the httpdocs folder. The secure page switching works fine, its just images and CSS that cause an alert.

 

Here are the contents of my config file, minus the database connection stuff :-

 

 

<?php

define('HTTP_SERVER', 'http://www.greenjacketgolfshop.com');

define('HTTPS_SERVER', 'https://www.greenjacketgolfshop.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.greenjacketgolfshop.com');

define('HTTPS_COOKIE_DOMAIN', 'www.greenjacketgolfshop.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', '/images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', 'D:/Inetpub/vhosts/greenjacketgolfshop.com/httpdocs/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

define('DB_SERVER', 'localhost');

define('DB_SERVER_USERNAME', '**********');

define('DB_SERVER_PASSWORD', '**********');

define('DB_DATABASE', 'greenjacket');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', 'mysql');

?>

 

 

These are the main things that I've tried so far (several times in most cases!) :-

 

Changing $request_type to '1', 'on' and '443' as recommended in some forums. As found in application_top.php.

 

Copying the page login.php and a few select images into the httpsdocs area, in the same folder structure as on httpdocs. I wondered if they needed to be in the secure area. The most obvious image I used for this was the header image which replaces the standard OsCommerce store logo. But I still got the alert.

 

I have tried changing the value of DIR_WS_IMAGES to include leading'/' and '../' characters as suggested in some forum answers.

 

I have viewed source many times looking for clues.

 

The SSL is on a dedicated IP address with matching token www.greenjacketgolfshop.com

 

I have found the alert doesn't always show on Firefox but always shows with IE, versions 6, 7 and 8!

 

I'm pretty sure this wil be one of those "something and nothing" values that I've over-looked somewehere. Grateful for any light that you can shine on this.

 

Thanks

 

Tim

Link to comment
Share on other sites

SSL Help

 

SSL Help support thread

 

In the support thread, I'd try the part that starts with:

 

If it's a Windowz server, try this:

FIRST.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

SSL Help

 

SSL Help support thread

 

In the support thread, I'd try the part that starts with:

 

 

FIRST.

 

Thanks for the reply, I read through this one before, which is where I tried the different request types mentioned in my post - but none of them made any difference in my case. Do you have any other suggestions or threads I may have missed? Thanks. Tim

Link to comment
Share on other sites

Download my contribution and upload the mybigenv.php to your site.

 

You can either leave it so I can access it, or copy/paste the contents of BOTH WINDOWS it produces when you run it into your next post.

 

Basically we're looking for some variable on the server that changes when the store is in SSL mode so we can plug that into application_top

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Download my contribution and upload the mybigenv.php to your site.

 

You can either leave it so I can access it, or copy/paste the contents of BOTH WINDOWS it produces when you run it into your next post.

 

Basically we're looking for some variable on the server that changes when the store is in SSL mode so we can plug that into application_top

 

Hi Germ, thanks for the contributions. I have installed them on my site now. I look forward to seeing what you make of it.

Link to comment
Share on other sites

From what I see:

 

// set the type of request (secure or not)
 $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL'

That should work.

 

Be certain your code looks EXACTLY like that.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

If it still won't work, I just made a small improvement to the cfgchk.php file in the contribution.

 

Upload the new version and post again.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

From what I see:

 

// set the type of request (secure or not)
 $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL'

That should work.

 

Be certain your code looks EXACTLY like that.

 

 

Hi Germ, That's it! Pure Genius! Thank you so much. For anyone else attempting this solution just copy and paste what Germ has used and be sure to add a semi-colon (;) right at the end too.

 

That one has had me scratching my head for a while there! Many thanks.

Link to comment
Share on other sites

My bad!!

:blush:

 

The correct code is:

 

// set the type of request (secure or not)
 $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

So far that has worked on every windowz osc site I've suggested it to.

 

Just glad it worked for you, too.

;)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...