DANYEYI Posted December 8, 2009 Share Posted December 8, 2009 hi there, i have a problem with my application_top.php file, my ssl would load up the encrypted pages but would not direct any of the images to https address giving me unsecure item errors in browsers. there are no hardcoded links and images, there were a couple of images that needed to be changed to https this has been done. i corrected the problem by changeing the line in the application_top.php from this: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; to this: // set the type of request (secure or not) $request_type = ($_SERVER['HTTP_HOST'] == 'mysite.co.uk') ? 'SSL' : 'NONSSL'; and my includes/configure.php file looks like this: define('HTTP_SERVER', 'http://www.mysite.co.uk'); define('HTTPS_SERVER', 'https://mysite.co.uk'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'mysite.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'mysite.co.uk'); can you tell me if this is a good workaround for the problem? or is there another solution? thanks in advanced dan Link to comment Share on other sites More sharing options...
♥FWR Media Posted December 8, 2009 Share Posted December 8, 2009 hi there, i have a problem with my application_top.php file, my ssl would load up the encrypted pages but would not direct any of the images to https address giving me unsecure item errors in browsers. there are no hardcoded links and images, there were a couple of images that needed to be changed to https this has been done. i corrected the problem by changeing the line in the application_top.php from this: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; to this: // set the type of request (secure or not) $request_type = ($_SERVER['HTTP_HOST'] == 'mysite.co.uk') ? 'SSL' : 'NONSSL'; and my includes/configure.php file looks like this: define('HTTP_SERVER', 'http://www.mysite.co.uk'); define('HTTPS_SERVER', 'https://mysite.co.uk'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'mysite.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'mysite.co.uk'); can you tell me if this is a good workaround for the problem? or is there another solution? thanks in advanced dan No I would use .. $request_type = ( $_SERVER['SERVER_PORT'] = '443' ) ? 'SSL' : 'NONSSL'; define('HTTP_SERVER', 'http://www.mysite.co.uk'); define('HTTPS_SERVER', 'https://mysite.co.uk'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.mysite.co.uk'); define('HTTPS_COOKIE_DOMAIN', '.mysite.co.uk'); Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
DANYEYI Posted December 8, 2009 Author Share Posted December 8, 2009 No I would use .. $request_type = ( $_SERVER['SERVER_PORT'] = '443' ) ? 'SSL' : 'NONSSL'; define('HTTP_SERVER', 'http://www.mysite.co.uk'); define('HTTPS_SERVER', 'https://mysite.co.uk'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.mysite.co.uk'); define('HTTPS_COOKIE_DOMAIN', '.mysite.co.uk'); hi there, worked great thanks! i just have a quick question, with the above code all images are showing as being located at https addresses? is this normal and ok for site functionality? thanks dan Link to comment Share on other sites More sharing options...
♥FWR Media Posted December 8, 2009 Share Posted December 8, 2009 hi there, worked great thanks! i just have a quick question, with the above code all images are showing as being located at https addresses? is this normal and ok for site functionality? thanks dan No on non ssl pages images should ne nonssl. Could I see a link to the site (if private pm me) Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
DANYEYI Posted December 8, 2009 Author Share Posted December 8, 2009 No on non ssl pages images should ne nonssl. Could I see a link to the site (if private pm me) pm sent thank you Link to comment Share on other sites More sharing options...
♥FWR Media Posted December 8, 2009 Share Posted December 8, 2009 pm sent thank you Edit: <base href="https://mysite.co.uk/"> your base href is https therefore your images are https. this also means that these two are wrong .. define('HTTP_SERVER', 'http://www.mysite.co.uk'); define('HTTPS_SERVER', 'https://mysite.co.uk'); Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
DANYEYI Posted December 8, 2009 Author Share Posted December 8, 2009 Edit: <base href="https://mysite.co.uk/"> your base href is https therefore your images are https. thanks for taking a look, im unsure how to solve this could you point me in thew right direction? thanks again for your help dan Link to comment Share on other sites More sharing options...
♥FWR Media Posted December 8, 2009 Share Posted December 8, 2009 thanks for taking a look, im unsure how to solve this could you point me in thew right direction? thanks again for your help dan I modified the above post while you were replying. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
DANYEYI Posted December 8, 2009 Author Share Posted December 8, 2009 Edit: <base href="https://mysite.co.uk/"> your base href is https therefore your images are https. this also means that these two are wrong .. define('HTTP_SERVER', 'http://www.mysite.co.uk'); define('HTTPS_SERVER', 'https://mysite.co.uk'); ahh right missed that, can you tell me where i can find the base href so i can edit it? dan Link to comment Share on other sites More sharing options...
♥FWR Media Posted December 8, 2009 Share Posted December 8, 2009 ahh right missed that, can you tell me where i can find the base href so i can edit it? dan the base href is dictated on all catalog pages by the following: - <?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?> $request_type is set by the code I gave you for application_top.php If SSL the script uses for base href HTTPS_SERVER (set in includes/configure.php) If NONSSL the script uses for base href HTTP_SERVER (set in includes/configure.php) Yours is currently using HTTPS_SERVER only Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
DANYEYI Posted December 8, 2009 Author Share Posted December 8, 2009 the base href is dictated on all catalog pages by the following: - <?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?> $request_type is set by the code I gave you for application_top.php If SSL the script uses for base href HTTPS_SERVER (set in includes/configure.php) If NONSSL the script uses for base href HTTP_SERVER (set in includes/configure.php) Yours is currently using HTTPS_SERVER only right understood thanks. when i change the application_top.php code to $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; as found in another topic the base href changes to http but i have unsecured images again on my ssl pages! im really at a lose end! the only way at the moment i can get everything working correctly is with the settings in my first post :( Link to comment Share on other sites More sharing options...
♥FWR Media Posted December 9, 2009 Share Posted December 9, 2009 as found in another topic the base href changes to http but i have unsecured images again on my ssl pages! When you view ssl pages (where the images are still http) what is the base href? Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
DANYEYI Posted December 9, 2009 Author Share Posted December 9, 2009 When you view ssl pages (where the images are still http) what is the base href? the base href is showing up as http when i view the ssl pages. Link to comment Share on other sites More sharing options...
germ Posted December 10, 2009 Share Posted December 10, 2009 the base href is showing up as http when i view the ssl pages. In your application_top.php use this code to detect SSL: $request_type = ($_SERVER['SSL'] == '1') ? 'SSL' : 'NONSSL'; (Posted as a reply to our PM conversation) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
DANYEYI Posted December 10, 2009 Author Share Posted December 10, 2009 In your application_top.php use this code to detect SSL: $request_type = ($_SERVER['SSL'] == '1') ? 'SSL' : 'NONSSL'; (Posted as a reply to our PM conversation) THANK YOU THANK YOU THANK YOU!!! it has worked perfectly! im really greatful for your help in the matter as it was the only thing stopping my site from going live! i would reccomend the above solution for anybody having problems will ssl's on servers hosted by 123-reg.co.uk. thanks again germ! dan Link to comment Share on other sites More sharing options...
Billyma9999 Posted December 17, 2009 Share Posted December 17, 2009 Dear all, i'm new to osc and not really understand the concept of and session/cookie at all. would you help ? it might be a silly question to you. but just want to confirm. thanks here is my configure files catalog/includes <?php define('HTTP_SERVER', 'http://eshop.mydomain.com'); define('HTTPS_SERVER', 'https://eshop.mydomain.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'eshop.mydomain.com'); define('HTTPS_COOKIE_DOMAIN', 'mydomain.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); admin/includes; define('HTTP_SERVER', 'https://eshop.mydomain.com'); define('HTTP_CATALOG_SERVER', 'https://eshop.mydomain.com'); define('HTTPS_CATALOG_SERVER', 'https://eshop.mydomain.com'); define('ENABLE_SSL_CATALOG', 'true'); define('DIR_FS_DOCUMENT_ROOT', '/var/www/html/eshop1/'); define('DIR_WS_ADMIN', '/StoreAdmin/'); define('DIR_FS_ADMIN', '/var/www/html/eshop1/StoreAdmin/'); define('DIR_WS_CATALOG', '/'); define('DIR_FS_CATALOG', '/var/www/html/eshop1/'); ----------------------------------------------------------------------------------------- Method A. if use: catalog/includes define('HTTPS_COOKIE_DOMAIN', 'mydomain.com'); then after click login \\https://eshop.mydomain.com/login.php?osCsid=fh4d948rbai2sarp2207fb3nr1'>https://eshop.mydomain.com/login.php?osCsid=fh4d948rbai2sarp2207fb3nr1 and try click account, it show \\https://eshop.mydomain.com/account.php?osCsid=fh4d948rbai2sarp2207fb3nr1'>https://eshop.mydomain.com/account.php?osCsid=fh4d948rbai2sarp2207fb3nr1 Method B. if use: then after click login catalog/includes define('HTTPS_COOKIE_DOMAIN', 'eshop.mydomain.com'); \\https://eshop.mydomain.com/login.php? and try click account. it show \\https://eshop.mydomain.com/account.php? Question both are auto jump to https:// but which one i should you ? i think B is more security, see nothing, but am i really right ? because i see outsides internet, many link look like Method A, however, Method B even hiden everything, on the url, is it better, i don't know , because i don't excatly understand cookie and session, what they are doing. which one i should use ?which one got security problem. pls advised. thanks you. regards, Billy Link to comment Share on other sites More sharing options...
Billyma9999 Posted December 18, 2009 Share Posted December 18, 2009 Dear all, it maybe a silly queston. but not for me, can you help and advised ? thanks regards, Billy Link to comment Share on other sites More sharing options...
danut82 Posted December 18, 2009 Share Posted December 18, 2009 hi, i have the same poblem with "unsecure item errors in browsers" but with images definites in stylesheet.css if i remove all images from there the ssl page are loading without problems. i tried to make this modifications but no changes what can i do? Link to comment Share on other sites More sharing options...
danut82 Posted January 12, 2010 Share Posted January 12, 2010 hi, i have the same poblem with "unsecure item errors in browsers" but with images definites in stylesheet.css if i remove all images from there the ssl page are loading without problems. i tried to make this modifications but no changes what can i do? problem resolved some urls in stylesheet.css of pictures deleted much time ago Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.