skamper55 Posted September 14, 2010 Posted September 14, 2010 Attempting to set-up osCommerce on a host who uses a proxy server for the SSL, therefore the store does not recognize the SSL correctly. In turn, the infamous insecure and secure content messages were popping up. Thanks to germ's post at http://www.oscommerce.com/forums/index.php?showtopic=329431&st=0&p=1372784entry1372784, I have been able to resolve most of the issues. However when someone uses the search box or selects an attribute from one of my products, I now get a Security warning, "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?" Is there a way to encrypt the form information?
germ Posted September 14, 2010 Posted September 14, 2010 /catalog/includes/boxes/search.php Change: $info_box_contents[] = array('form' => tep_draw_form('quick_find', tep_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'NONSSL', false), 'get'), to: $info_box_contents[] = array('form' => tep_draw_form('quick_find', tep_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', $request_type, false), 'get'), That fixes the search form problem. The site I manage doesn't use attributes so I'm as useless as a screendoor on a submarine there... :blush: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
skamper55 Posted September 14, 2010 Author Posted September 14, 2010 /catalog/includes/boxes/search.php Change: $info_box_contents[] = array('form' => tep_draw_form('quick_find', tep_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'NONSSL', false), 'get'), to: $info_box_contents[] = array('form' => tep_draw_form('quick_find', tep_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', $request_type, false), 'get'), That fixes the search form problem. The site I manage doesn't use attributes so I'm as useless as a screendoor on a submarine there... :blush:
skamper55 Posted September 14, 2010 Author Posted September 14, 2010 Thanks germ that solve the search box warning!
germ Posted September 14, 2010 Posted September 14, 2010 I could see where that code change was necessary because after logging in the default action is going to the home page still in SSL mode, and the search form is accessible there. But the product info pages where you select attributes shouldn't be SSL. :) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
skamper55 Posted September 14, 2010 Author Posted September 14, 2010 Actually had to go a step further and place the entire site under SSL using $request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'yourdomain.org') ? 'SSL' : 'NONSSL'; Otherwise as you noted, if a visitor was in the checkout area and decided to use the search box or click on a link in the main nav to go back to unsecured page, they were getting the infamous "insecure and secured" items on page message. Not an ideal solution, but it solves the proxy SSL issue. So I am still trying to figure out how to secure the form data (I use both radio boxes and drop downs) so the security warning, "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?" doesn't appear. The other option I might explore -- can the shopping cart page be forced to a HTTPS? I noticed this is the only page that still comes up as HTTP even with the entire site under SSL. Right now I'm not sure if that's possible or if it would even keep the security warning from displaying.
germ Posted September 15, 2010 Posted September 15, 2010 Just my opinon... Having the shop SSL all the time is a waste on several levels. If you can get it to go SSL at all you can get it to go SSL only when it needs to be. And we just fixed the search form problem. I probably don't have the "big picture". If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Recommended Posts
Archived
This topic is now archived and is closed to further replies.