Jan_hartvig Posted June 7, 2021 Share Posted June 7, 2021 Hi I have a problem with the shop showing "Page not safe in adres field before the webbadress. what am I tod do , is it my webbhotell or the shop that is the problem And my second problem is the text " I am able to write to the configuration file: /customers/e/0/4/bikesupport.se/httpd.www/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. It has been over 30 days since the extended security checks were last performed. Please re-run the extended security checks under Tools -> Security Checks." Where is it I have to change this? Link to comment Share on other sites More sharing options...
Hotclutch Posted June 7, 2021 Share Posted June 7, 2021 3 minutes ago, Jan_hartvig said: I am able to write to the configuration file: /customers/e/0/4/bikesupport.se/httpd.www/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. You need to browse to this file on your server using a ftp client such as Filezilla and set the permissions to 444. On the catalog and admin side. 5 minutes ago, Jan_hartvig said: It has been over 30 days since the extended security checks were last performed. Please re-run the extended security checks under Tools -> Security Checks." Where is it I have to change this? In Admin go to Tools -> Security Checks. 6 minutes ago, Jan_hartvig said: I have a problem with the shop showing "Page not safe in adres field before the webbadress. what am I tod do , is it my webbhotell or the shop that is the problem You can speak to your host about installing SSL to your domain. Link to comment Share on other sites More sharing options...
Demitry Posted June 7, 2021 Share Posted June 7, 2021 Add the following line to both of the application_top.php files. That will set the file permissions to 440 any time an admin or catalog page is loaded. To upload and overwrite either of those files, you will need to manually set the file permissions to 660 or higher using an FTP application or File Manager. chmod('includes/configure.php', 0440); osCommerce: made for programmers, ...because store owners do not want to be programmers. https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce Link to comment Share on other sites More sharing options...
Jan_hartvig Posted June 8, 2021 Author Share Posted June 8, 2021 22 hours ago, Hotclutch said: You need to browse to this file on your server using a ftp client such as Filezilla and set the permissions to 444. On the catalog and admin side. In Admin go to Tools -> Security Checks. You can speak to your host about installing SSL to your domain. Hi found it but after i activated it the webshop design on the first page changed from alt 2 to alt 1. This is just on the first page. When I click on a link in the shop it goes over to alt 2 again ??? Link to comment Share on other sites More sharing options...
Hotclutch Posted June 8, 2021 Share Posted June 8, 2021 Not sure what you mean. If you mean you activated SSL, then you also have to go edit both your configure files. define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', false); // secure webserver for checkout procedure? This section you need to change false to true. You also have to change your values in the first 2 lines from http to https. Link to comment Share on other sites More sharing options...
ArtcoInc Posted June 8, 2021 Share Posted June 8, 2021 @Jan_hartvig HTH Malcolm Link to comment Share on other sites More sharing options...
bonbec Posted June 9, 2021 Share Posted June 9, 2021 Seriously? Put an active link to your admin folder and make it public ... Delete this link and also hide the link in your screenshot. Immediately rename your administration folder. These are basic safety rules ... with OsC 2.2 since 2006 ... Link to comment Share on other sites More sharing options...
Jan_hartvig Posted June 25, 2021 Author Share Posted June 25, 2021 On 6/8/2021 at 10:22 PM, Hotclutch said: Not sure what you mean. If you mean you activated SSL, then you also have to go edit both your configure files. define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', false); // secure webserver for checkout procedure? This section you need to change false to true. You also have to change your values in the first 2 lines from http to https. Hi I will trye this 🙂 Link to comment Share on other sites More sharing options...
Demitry Posted June 26, 2021 Share Posted June 26, 2021 @Jan_hartvig There are two actions you must take to set-up SSL on your site: 1) Call your hosting company’s tech support and ask them to apply the SSL Certificate to your domain. Today, this is usually free, unless you want a more insured SSL, in case that you get sued for a data breach. The ladder is a waste of money unless you are Amazon or eBay. 2) Make changes in both of the osC configuration files to enable SSL and to direct SSL pages to the HTTPS domain name. This will enable SSL on your site for specific pages such as the shopping cart, all checkout pages, and any registered-customer account pages. If you want to apply SSL to ALL site pages, you can force this SSL encryption via the following script added to your main .htaccess file. I don’t recommend doing this, but it is your choice and with the current HTTP/2.0 protocol, it will not negatively impact your page loading. If you want to apply this code, just change YourDomainName in the script to that of your own domain name. Also, you may want to contact your hosting company to get the correct SERVER_PORT number. The one I am using is relevant to my server set-up, here in the US. I’m not sure if this is different outside of the US. Personally, I only use this script to test for NONSSL vulnerabilities, but you can use it to make all site pages HTTPS, if this is what you want to do. Good luck. # Force (SSL) HTTPS on all pages of this domain RewriteEngine On RewriteCond %{HTTP_HOST} ^YourDomainName\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.YourDomainName.com/$1 [R,L] osCommerce: made for programmers, ...because store owners do not want to be programmers. https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce Link to comment Share on other sites More sharing options...
Jan_hartvig Posted June 26, 2021 Author Share Posted June 26, 2021 14 hours ago, Demitry said: @Jan_hartvig There are two actions you must take to set-up SSL on your site: 1) Call your hosting company’s tech support and ask them to apply the SSL Certificate to your domain. Today, this is usually free, unless you want a more insured SSL, in case that you get sued for a data breach. The ladder is a waste of money unless you are Amazon or eBay. 2) Make changes in both of the osC configuration files to enable SSL and to direct SSL pages to the HTTPS domain name. This will enable SSL on your site for specific pages such as the shopping cart, all checkout pages, and any registered-customer account pages. If you want to apply SSL to ALL site pages, you can force this SSL encryption via the following script added to your main .htaccess file. I don’t recommend doing this, but it is your choice and with the current HTTP/2.0 protocol, it will not negatively impact your page loading. If you want to apply this code, just change YourDomainName in the script to that of your own domain name. Also, you may want to contact your hosting company to get the correct SERVER_PORT number. The one I am using is relevant to my server set-up, here in the US. I’m not sure if this is different outside of the US. Personally, I only use this script to test for NONSSL vulnerabilities, but you can use it to make all site pages HTTPS, if this is what you want to do. Good luck. # Force (SSL) HTTPS on all pages of this domain RewriteEngine On RewriteCond %{HTTP_HOST} ^YourDomainName\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.YourDomainName.com/$1 [R,L] 14 hours ago, Demitry said: Hi Thanks for traying to help me :-) My webbhotell is full installed with SSL Everything is activated. I put in the code as you sade. The page become safe but the layout that oscommerce shop has changes from picture 1 to picture 2 below. The frame setting changes but the page runs in https. in safe mode. Is there somthing I'm missing here? picture 1 Picture 2 Link to comment Share on other sites More sharing options...
Jan_hartvig Posted June 26, 2021 Author Share Posted June 26, 2021 It's like it cant finde the stylesheet.css Link to comment Share on other sites More sharing options...
Hotclutch Posted June 26, 2021 Share Posted June 26, 2021 The 2nd picture suggests that you have css files not loading ... somewhere http must be made https, probably configure files. Link to comment Share on other sites More sharing options...
Demitry Posted June 26, 2021 Share Posted June 26, 2021 Ashley is right, your css is not loading. Check your /includes/template_top.php file and the shop configuration file. Also, clear your browser cache and do a hard-refresh SHFT-CTRL-R. osCommerce: made for programmers, ...because store owners do not want to be programmers. https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.