Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL-Problem in V2.2


kowalsky

Recommended Posts

Hello everyone!

Well so far I've managed to figure out all of the problems with the new version (2.2).

The only thing I haven't figured out is that upon checkout if a person hasn't logged in before they checkout they are presented with the login screen and this works as it is supposed to, however...when the person logs in they should be sent from the unsecure connection to the secure connection and it isn't happening. The page that collects the credit card and shipping info is not secure until NEXT is clicked. The strange thing is that this works as it should if the person has already logged in before clicking checkout. We haven't made any modifications to the login/logout or checkout code.

 

If anyone has any ideas about this problem please let me know I ve already looked for a solution in this forum, but it seems, that the workarounds for earlier Versions are not fitting with Version 2.2.

 

Thanks in advance

Kowalsky :(

Link to comment
Share on other sites

OK folks,

 

I guess the problem with SSL lies in some code of the login.php, inserted below.

The drawing of some variables seems to cause problems and to divert the checkout_shipping.php into an insecure mode.

 

Is there a way to secure that the variables were hand over within the SSL-mode.

 

Regards

Kowalsky

 

require('includes/application_top.php');

 

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {

$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);

$password = tep_db_prepare_input($HTTP_POST_VARS['password']);

 

// Check if email exists

$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");

if (!tep_db_num_rows($check_customer_query)) {

$HTTP_GET_VARS['login'] = 'fail';

} else {

$check_customer = tep_db_fetch_array($check_customer_query);

// Check that password is good

if (!tep_validate_password($password, $check_customer['customers_password'])) {

$HTTP_GET_VARS['login'] = 'fail';

} else {

$check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $check_customer['customers_id'] . "' and address_book_id = '1'");

$check_country = tep_db_fetch_array($check_country_query);

 

$customer_id = $check_customer['customers_id'];

$customer_default_address_id = $check_customer['customers_default_address_id'];

$customer_first_name = $check_customer['customers_firstname'];

$customer_country_id = $check_country['entry_country_id'];

$customer_zone_id = $check_country['entry_zone_id'];

tep_session_register('customer_id');

tep_session_register('customer_default_address_id');

tep_session_register('customer_first_name');

tep_session_register('customer_country_id');

tep_session_register('customer_zone_id');

 

$date_now = date('Ymd');

tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . $customer_id . "'");

Link to comment
Share on other sites

SOLVED!

This solution works for me:

please post, if it also works in your case.

 

 

Replace in the catalog/login.php

the following passage

 

// restore cart contents

$cart->restore_contents() ;

if (sizeof($navigation->snapshot) > 0) { $origin_href = tep_href_link($navigation->snapshot[?page?], tep_array_to_string($navigation->snapshot[?get?], array(tep_session_name())), $navigation->snapshot[?mode?]); $navigation->clear_snapshot(); tep_redirect($origin_href); } else { tep_redirect(tep_href_link(FILENAME_DEFAULT)); } } } }

 

with

 

// restore cart contents

$cart->restore_contents();

 

if (sizeof($navigation->snapshot) > 0) {

$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), 'SSL');

$navigation->clear_snapshot();

tep_redirect($origin_href);

//tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));

} else {

tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'SSL'));

}

}

}

}

 

Regards

kowalsky

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...