Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

One more about SSL and HTTPS

gnarly parts

By gnarly parts
in General Support

Recommended Posts

gnarly parts

gnarly parts

Posted
Posted

I know this subject has been discuss before, but I haven't figured it out yet and can't find anything in the searches that is helping me. I have my own server. I've installed an SSL cert on my site. I can secure my admin and a test page, but not the site. My site works perfectly in nonsecure mode "http". When someone goes into the secure side of the site "https" (orders, log in, check out), the site will give pop up errors about "you are entering a page that contains secure and nonsecure items" I looking into it more and founded that all my pictures that are in my catalog is NOT switching over to secure "https" side. Here is a copy of my cat/config.

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.gnarlyparts.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.gnarlyparts.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.gnarlyparts.com');

define('HTTPS_COOKIE_DOMAIN', 'www.gnarlyparts.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

 

This is my site http://www.gnarlyparts.com

 

This is a test page that I installed that works in SSL https://www.gnarlyparts.com/test.php

 

Thanks

 

Dave

Always looking for a way to improve my sites.

Link to comment
Share on other sites
gnarly parts

gnarly parts

Posted
  • Author
Posted

Thanks for the tip.. I realize about the sitemeter. I had that problem before on another site, but you can check the properties on any picture on my site and see they are linking from http no matter if it's secure or not.

Always looking for a way to improve my sites.

Link to comment
Share on other sites
gnarly parts

gnarly parts

Posted
  • Author
Posted
I have just tried "create an account and everything is ok

https://www.gnarlyparts.com/create_account....4d02fe4a77f9f5e

 

The_Bear

Thanks Bear. I know the site works, but on older OS. Like Win 2000 it gives me pop up errors about secure and nonsecure. Also you notice that I don't have the gold lock key on the bottom of the site.

 

My test page and admin has the key but not the site.

Always looking for a way to improve my sites.

Link to comment
Share on other sites
kepa

kepa

Posted
Posted
Thanks for the tip.. I realize about the sitemeter. I had that problem before on another site, but you can check the properties on any picture on my site and see they are linking from http no matter if it's secure or not.

Thanks for the tip.. I realize about the sitemeter. I had that problem before on another site, but you can check the properties on any picture on my site and see they are linking from http no matter if it's secure or not.

 

Right, I noticed that too, but what does that popup box do? Does it refer you to the unsecure path? If so, than you will always be looking in the unsecure path. Did you try it at all? Just wondering.

 

Kepa

Link to comment
Share on other sites
gnarly parts

gnarly parts

Posted
  • Author
Posted
Thanks for the tip.. I realize about the sitemeter. I had that problem before on another site, but you can check the properties on any picture on my site and see they are linking from http no matter if it's secure or not.
Thanks for the tip.. I realize about the sitemeter. I had that problem before on another site, but you can check the properties on any picture on my site and see they are linking from http no matter if it's secure or not.

 

Right, I noticed that too, but what does that popup box do? Does it refer you to the unsecure path? If so, than you will always be looking in the unsecure path. Did you try it at all? Just wondering.

 

Kepa

On Windows 2000 with exployer 5.5 it gives me a pop up error saying "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" Then you have three chooses "Yes, No, More info" when I hit more info it can't tell me anything. When I hit "yes" it just goes to the next page like normal. When I hit "no" it goes to the next page but all pics are deleted.

Always looking for a way to improve my sites.

Link to comment
Share on other sites
kepa

kepa

Posted
Posted

When you hit no, what is it programmed to do...take you to the unsecure path? I don't know about microsoft programming, but it may be that when you click "no" it automatically refers you to the http: "unsecure" path...

 

I think it's that damned site meter...I hate them...it drives them traffic for no reason.

 

*modified because I meant no...I'm now confused...

Link to comment
Share on other sites
gnarly parts

gnarly parts

Posted
  • Author
Posted
When you hit yes, what is it programmed to do...take you to the unsecure path? I don't know about microsoft programming, but it may be that when you click "yes" it automatically refers you to the http: "unsecure" path...

 

I think it's that damned site meter...I hate them...it drives them traffic for no reason.

When I hit yes it moves forward to the next page in https path. Just don't get the gold lock on the bottom. Basicly what I think has to happen is my pictures has to go into the https path. I thought that OSC does this automaticly when I install the SSL cert.

 

I just put on that site meter last week. I will remove it now and see if it makes any difference.

 

Thanks

 

Dave

Always looking for a way to improve my sites.

Link to comment
Share on other sites
gnarly parts

gnarly parts

Posted
  • Author
Posted
When you hit no, what is it programmed to do...take you to the unsecure path? I don't know about microsoft programming, but it may be that when you click "no" it automatically refers you to the http: "unsecure" path...

 

I think it's that damned site meter...I hate them...it drives them traffic for no reason.

 

*modified because I meant no...I'm now confused...

When I hit no it takes me to the next page in https but displays no pictures. All text are there.

 

I just removed the sitemeter and it's still doing the same thing.

 

Lucky I'm a patient man or I would stangle my monitor right about now. *lol*

Always looking for a way to improve my sites.

Link to comment
Share on other sites
kepa

kepa

Posted
Posted

Hey gnarly, check your <base href on all your pages within catalog. What does it look like?

 

mine looks like this:

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

Link to comment
Share on other sites
gnarly parts

gnarly parts

Posted
  • Author
Posted
Hey gnarly, check your <base href on all your pages within catalog. What does it look like?

 

mine looks like this:

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

Just checked mine.. exactly the same..

 

Thanks

Always looking for a way to improve my sites.

Link to comment
Share on other sites
gnarly parts

gnarly parts

Posted
  • Author
Posted
gnarly, how do you address the pics that you have on your site? Do you use relative paths or absolute ones?

 

I went to https://www.gnarlyparts.com/create_account.php and noticed that the "continue" button at the bottom is addressed correctly. Try addressing your other pics the same if you haven't done so already.

The only photos I did the links on are the pay pal, credit card logos and that bike picture. I did it using html codes.

 

<td width="100%" style="border-style: none; border-width: medium">

<p align="center">

<img src="images/paypalv.gif"><br>

<img src="images/payments.gif" width="122" height="68">

 

The "continue" buttom I have no control over. I think OSC put it there.

 

I really appreciate all the help you are offering me.

 

Dave

Always looking for a way to improve my sites.

Link to comment
Share on other sites
wizardsandwars

wizardsandwars

Posted
Posted

What he's saying is that the continue button on the create_account page is switching over to https correctly, however, the smae button on trhe https://www.gnarlyparts.com/login.php is not. Take a look at the code, and find where OSC is calling both of those buttons, and make sure that they are called the same way. The should both be useing tep_display_image or something like that.

-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Link to comment
Share on other sites
kepa

kepa

Posted
Posted

Hey gnarly,

just looked at the your certificate and it shows that it is an intermediate certificate, but when I look at the chain, it doesn't look right. I don't think it is set up properly. Take a look (or have your guy) take a look at it to see if that may be the problem. Right now, it is set up like you are an intermediate certificate authority and I don't think you are...or are you?

Link to comment
Share on other sites
gnarly parts

gnarly parts

Posted
  • Author
Posted

Hey Kepa,

 

I think you're right. I can generate multiple IPs on my server. I know we had to make a Static IP for this site because of another cert on the same server was interfering with this site. I guess I could have shared that cert but for $25 I thought what the hay. It's cheap. I've installed my cert banner on my test page and it's is there but invisable. That is telling me something is wrong. I'm going to have my guy go over it one more time for me. In the meantime I have turn my SSL to false because this is a live store.

 

Thanks for all the help. You D man.

 

Dave

Always looking for a way to improve my sites.

Link to comment
Share on other sites
firehorse

firehorse

Posted
Posted
I guess I could have shared that cert but for $25 I thought what the hay. It's cheap. I've installed my cert banner on my test page and it's is there but invisable. That is telling me something is wrong. I'm going to have my guy go over it one more time for me. In the meantime I have turn my SSL to false because this is a live store.

Please keep us updated as I'm thinking of one of those $25 ssl certificates and I would like to know it 'works' with osc before I get one!

 

Thanks :)

Link to comment
Share on other sites
zwen

zwen

Posted
Posted

cheers! i thnk it's working...

www.dollzinc.com/catalog

 

hmmm i SSL the entire catalog and admin.

is it silly to do so?

 

i personally feel alot safer looking at the yellow padlock at all times!

any disadvantages to that?

Link to comment
Share on other sites
gnarly parts

gnarly parts

Posted
  • Author
Posted
cheers! i thnk it's working...

www.dollzinc.com/catalog

 

hmmm i SSL the entire catalog and admin.

is it silly to do so?

 

i personally feel alot safer looking at the yellow padlock at all times!

any disadvantages to that?

If you SSL your entire site you will never get any search spiders on your site. If that doesn't matter then go for it.

 

As for my SSL problem.. Still working on it. Will keep everyone posted.

 

Dave

Always looking for a way to improve my sites.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...