Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL?


Guest

Recommended Posts

I know I have SSL on my host and the correst https info is put in. I ave cecked the configure.php files and SSL is enabled, but when I go into the admin section, it tells me there in the lower left corner that "You are not protected by a secure SSL connection." What's up?

Link to comment
Share on other sites

Change both the HTTP and HTTPS addresses in your admin/includes/configure.php to the address for your secure host and the warninf will go away.

Link to comment
Share on other sites

did this:

 

define('HTTP_SERVER', 'https://server18.pronicsolutions.com/~foonlord/'); // eg, http://localhost or - https://localhost should not be empty for productive servers

 

define('HTTP_CATALOG_SERVER', 'https://server18.pronicsolutions.com/~foonlord/');

 

define('HTTPS_CATALOG_SERVER', 'https://server18.pronicsolutions.com/~foonlord/');

 

still doesn't work.

Link to comment
Share on other sites

still not working. using:

 

define('HTTP_SERVER', 'https://server18.pronicsolutions.com/~foonlord/'); // eg, http://localhost or - https://localhost should not be empty for productive servers

 

define('HTTP_CATALOG_SERVER', 'https://server18.pronicsolutions.com/~foonlord/');

 

define('HTTPS_CATALOG_SERVER', 'https://server18.pronicsolutions.com/~foonlord/cart/catalog/admin/');

Link to comment
Share on other sites

NOOOO! Put your configure file back to the way it was.....then just click on the link to your admin that I posted......That is the address to get to your admin.....

Link to comment
Share on other sites

BirdBrain, if I don't put the https in all three entries in the admin config file, only the first blue screen is secure, the rest are not. Is that the way it should be? Is it sending passwords back and forth every time you click anything in the admin panel and query the database? Or is it just on the login page? When I did put https in all three, the whole admin panel is secure.

Drive it like you stole it.

Link to comment
Share on other sites

BirdBrain, if I don't put the https in all three entries in the admin config file, only the first blue screen is secure, the rest are not. Is that the way it should be? Is it sending passwords back and forth every time you click anything in the admin panel and query the database? Or is it just on the login page? When I did put https in all three, the whole admin panel is secure.

 

Besheer,

 

I'm sorry, you are correct about the admin config file. To use HTTPS you do need to have the HTTPS address in all three places.

 

No, I do not believe that the password is verfied everytime you change pages, it is just the login page that authenticates the user.

Link to comment
Share on other sites

In my opinion, it is better to have the whole admin run through HTTPS for security, that way everything is encrypted while transferring information aback and forth. The one disadvantage is that HTTPS is usually slower.

Link to comment
Share on other sites

  • 1 month later...

Look at your file (the first page). Do you the following line of code?

 

<script language="JavaScript" type="text/javascript" src="http://www.uqg-2000.com/server.php?service=online&id=craniumdesigns"></script>

 

It's from a different domain and not https! That's why the lock is gone.

 

Good luck.

Link to comment
Share on other sites

Well, didn't make a bit of a difference for my problem. But thanks anyhow ;-)

 

I'm still puzzled about the lock/unlock symbol ON THE admin index.php page. Not the padlock that's part of the browser but the one in the nice little admin box...

 

Any thoughts there?

 

Laura

Link to comment
Share on other sites

oops, forgot about that.

 

Here you go...notice the padlock down at the bottom right of the browser, but the unlocked padlock on the screen itself...

 

adminscreenshot.jpg

 

Laura

Link to comment
Share on other sites

in your index.php under admin folder.

 

make the following line:

 

if (getenv('HTTPS') == 'on') {

 

looks like this:

 

// if (getenv('HTTPS') == 'on') {

if ($_SERVER['SERVER_PORT'] == '443') {

 

See if you get the lock. BTW, this lock does not have effect on the page.

Link to comment
Share on other sites

That Did It!! :D

 

Thank you. I know that part of the layout really didn't affect whether or not I really was secure, but it just bugged me, so now, it doesn't! Thanks tons!

 

Now if I could just get my security issues taken care of in my catalog...

 

Laura

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...