Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

ssl problem - workaround


DANYEYI

Recommended Posts

hi there,

 

i have a problem with my application_top.php file, my ssl would load up the encrypted pages but would not direct any of the images to https address giving me unsecure item errors in browsers. there are no hardcoded links and images, there were a couple of images that needed to be changed to https this has been done.

 

i corrected the problem by changeing the line in the application_top.php

 

 

from this:

 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

 

to this:

 

// set the type of request (secure or not)

$request_type = ($_SERVER['HTTP_HOST'] == 'mysite.co.uk') ? 'SSL' : 'NONSSL';

 

 

and my includes/configure.php file looks like this:

 

define('HTTP_SERVER', 'http://www.mysite.co.uk');

define('HTTPS_SERVER', 'https://mysite.co.uk');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'mysite.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'mysite.co.uk');

 

 

 

can you tell me if this is a good workaround for the problem? or is there another solution?

 

thanks in advanced

 

dan

Link to comment
Share on other sites

hi there,

 

i have a problem with my application_top.php file, my ssl would load up the encrypted pages but would not direct any of the images to https address giving me unsecure item errors in browsers. there are no hardcoded links and images, there were a couple of images that needed to be changed to https this has been done.

 

i corrected the problem by changeing the line in the application_top.php

 

 

from this:

 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

 

to this:

 

// set the type of request (secure or not)

$request_type = ($_SERVER['HTTP_HOST'] == 'mysite.co.uk') ? 'SSL' : 'NONSSL';

 

 

and my includes/configure.php file looks like this:

 

define('HTTP_SERVER', 'http://www.mysite.co.uk');

define('HTTPS_SERVER', 'https://mysite.co.uk');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'mysite.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'mysite.co.uk');

 

 

 

can you tell me if this is a good workaround for the problem? or is there another solution?

 

thanks in advanced

 

dan

 

No I would use ..

 $request_type = ( $_SERVER['SERVER_PORT'] = '443' ) ? 'SSL' : 'NONSSL';

 

  define('HTTP_SERVER', 'http://www.mysite.co.uk');
 define('HTTPS_SERVER', 'https://mysite.co.uk');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.mysite.co.uk');
 define('HTTPS_COOKIE_DOMAIN', '.mysite.co.uk');

Link to comment
Share on other sites

No I would use ..

 $request_type = ( $_SERVER['SERVER_PORT'] = '443' ) ? 'SSL' : 'NONSSL';

 

  define('HTTP_SERVER', 'http://www.mysite.co.uk');
 define('HTTPS_SERVER', 'https://mysite.co.uk');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.mysite.co.uk');
 define('HTTPS_COOKIE_DOMAIN', '.mysite.co.uk');

 

 

hi there,

 

worked great thanks! i just have a quick question, with the above code all images are showing as being located at https addresses? is this normal and ok for site functionality?

 

thanks

dan

Link to comment
Share on other sites

hi there,

 

worked great thanks! i just have a quick question, with the above code all images are showing as being located at https addresses? is this normal and ok for site functionality?

 

thanks

dan

 

No on non ssl pages images should ne nonssl.

 

Could I see a link to the site (if private pm me)

Link to comment
Share on other sites

pm sent thank you

 

Edit:

 

<base href="https://mysite.co.uk/">

 

your base href is https therefore your images are https.

 

this also means that these two are wrong ..

 

define('HTTP_SERVER', 'http://www.mysite.co.uk');

define('HTTPS_SERVER', 'https://mysite.co.uk');

Link to comment
Share on other sites

thanks for taking a look, im unsure how to solve this could you point me in thew right direction?

 

thanks again for your help

 

dan

 

I modified the above post while you were replying.

Link to comment
Share on other sites

Edit:

 

<base href="https://mysite.co.uk/">

 

your base href is https therefore your images are https.

 

this also means that these two are wrong ..

 

define('HTTP_SERVER', 'http://www.mysite.co.uk');

define('HTTPS_SERVER', 'https://mysite.co.uk');

 

 

ahh right missed that, can you tell me where i can find the base href so i can edit it?

 

dan

Link to comment
Share on other sites

ahh right missed that, can you tell me where i can find the base href so i can edit it?

 

dan

 

the base href is dictated on all catalog pages by the following: -

 

<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>

 

$request_type is set by the code I gave you for application_top.php

 

If SSL the script uses for base href HTTPS_SERVER (set in includes/configure.php)

 

If NONSSL the script uses for base href HTTP_SERVER (set in includes/configure.php)

 

Yours is currently using HTTPS_SERVER only

Link to comment
Share on other sites

the base href is dictated on all catalog pages by the following: -

 

<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>

 

$request_type is set by the code I gave you for application_top.php

 

If SSL the script uses for base href HTTPS_SERVER (set in includes/configure.php)

 

If NONSSL the script uses for base href HTTP_SERVER (set in includes/configure.php)

 

Yours is currently using HTTPS_SERVER only

 

 

right understood thanks. when i change the application_top.php code to

 

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

as found in another topic the base href changes to http but i have unsecured images again on my ssl pages!

 

im really at a lose end!

 

the only way at the moment i can get everything working correctly is with the settings in my first post :(

Link to comment
Share on other sites

as found in another topic the base href changes to http but i have unsecured images again on my ssl pages!

 

When you view ssl pages (where the images are still http) what is the base href?

Link to comment
Share on other sites

the base href is showing up as http when i view the ssl pages.

In your application_top.php use this code to detect SSL:

 

  $request_type = ($_SERVER['SSL'] == '1') ? 'SSL' : 'NONSSL';

(Posted as a reply to our PM conversation)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

In your application_top.php use this code to detect SSL:

 

  $request_type = ($_SERVER['SSL'] == '1') ? 'SSL' : 'NONSSL';

(Posted as a reply to our PM conversation)

 

 

THANK YOU THANK YOU THANK YOU!!! it has worked perfectly! im really greatful for your help in the matter as it was the only thing stopping my site from going live!

 

i would reccomend the above solution for anybody having problems will ssl's on servers hosted by 123-reg.co.uk.

 

thanks again germ!

 

dan

Link to comment
Share on other sites

Dear all,

 

i'm new to osc and not really understand the concept of and session/cookie at all. would you help ?

it might be a silly question to you. but just want to confirm. thanks

 

 

here is my configure files

 

catalog/includes

 

<?php

define('HTTP_SERVER', 'http://eshop.mydomain.com');

define('HTTPS_SERVER', 'https://eshop.mydomain.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'eshop.mydomain.com');

define('HTTPS_COOKIE_DOMAIN', 'mydomain.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

 

 

admin/includes;

 

define('HTTP_SERVER', 'https://eshop.mydomain.com');

define('HTTP_CATALOG_SERVER', 'https://eshop.mydomain.com');

define('HTTPS_CATALOG_SERVER', 'https://eshop.mydomain.com');

define('ENABLE_SSL_CATALOG', 'true');

define('DIR_FS_DOCUMENT_ROOT', '/var/www/html/eshop1/');

define('DIR_WS_ADMIN', '/StoreAdmin/');

define('DIR_FS_ADMIN', '/var/www/html/eshop1/StoreAdmin/');

define('DIR_WS_CATALOG', '/');

define('DIR_FS_CATALOG', '/var/www/html/eshop1/');

 

-----------------------------------------------------------------------------------------

 

Method A.

 

if use:

catalog/includes define('HTTPS_COOKIE_DOMAIN', 'mydomain.com');

then after click login

 

\\https://eshop.mydomain.com/login.php?osCsid=fh4d948rbai2sarp2207fb3nr1'>https://eshop.mydomain.com/login.php?osCsid=fh4d948rbai2sarp2207fb3nr1

and try click account, it show

\\https://eshop.mydomain.com/account.php?osCsid=fh4d948rbai2sarp2207fb3nr1'>https://eshop.mydomain.com/account.php?osCsid=fh4d948rbai2sarp2207fb3nr1

 

 

Method B.

 

if use:

then after click login

 

catalog/includes define('HTTPS_COOKIE_DOMAIN', 'eshop.mydomain.com');

\\https://eshop.mydomain.com/login.php?

and try click account. it show

\\https://eshop.mydomain.com/account.php?

 

Question

both are auto jump to https://

but which one i should you ?

i think B is more security, see nothing, but am i really right ? because i see outsides internet, many link look like Method A, however, Method B even hiden everything, on the url, is it better, i don't know , because

i don't excatly understand cookie and session, what they are doing.

 

which one i should use ?which one got security problem. pls advised.

 

thanks you.

regards,

Billy

Link to comment
Share on other sites

hi,

 

i have the same poblem with "unsecure item errors in browsers" but with images definites in stylesheet.css

if i remove all images from there the ssl page are loading without problems.

i tried to make this modifications but no changes

 

what can i do?

Link to comment
Share on other sites

  • 4 weeks later...

hi,

 

i have the same poblem with "unsecure item errors in browsers" but with images definites in stylesheet.css

if i remove all images from there the ssl page are loading without problems.

i tried to make this modifications but no changes

 

what can i do?

problem resolved

some urls in stylesheet.css of pictures deleted much time ago

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...