Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Configuration


oglee

Recommended Posts

by reading various post about ssl, i've been succesful with installing my cert. & editing my configuration.php in both admin and catalog.

 

when i visit the https version of my store, all is good! however, when i click on anything (link, picture etc) it takes me to the non-secure (http) version of the store.

 

how do i universally change link url's within my pages to keep me in secure mode throughout the site?

 

thanks in advance!

 

jim

Link to comment
Share on other sites

define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers

change all the config http:// values to https://

 

should do it.

 

 

define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

Link to comment
Share on other sites

i tried your recommendations but nothing has changed. perhaps if i post more data it will be helpful.

 

here is my admin/includes/config.php

[/code]// define our webserver variables

// FS = Filesystem (physical)

// WS = Webserver (virtual)

define('HTTP_SERVER','https:finalchukker.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'https://finalchukker.com');

define('HTTPS_CATALOG_SERVER', 'https://finalchukker.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/catalog/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', '');

define('DB_SERVER_USERNAME', 'mysql');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', '');

?>[/code]

 

and, here is my catalog/includes/configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'https://finalchukker.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://finalchukker.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'https://finalchukker.com');
 define('HTTPS_COOKIE_DOMAIN', 'https://finalchukker.com');
 define('HTTP_COOKIE_PATH', 'https://finalchukker.com');
 define('HTTPS_COOKIE_PATH', 'https://finalchukker.com');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', '');
 define('DB_SERVER_PASSWORD', '');
 define('DB_DATABASE', 'osCommerce');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'
?>

 

any help would be great! thanks in advance...

 

jim :(

Link to comment
Share on other sites

Those parameters are correct. Perhaps there is some kind of server caching happening? Your host might be able to help you more with that.

 

Good luck,

Matt

Link to comment
Share on other sites

Still having problems with this type of SSL setup. is there anything special that I need to look for?

 

define('HTTP_SERVER', 'http://finalchukker.com');

define('HTTPS_SERVER', 'https://finalchukker.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'finalchukker.com');

define('HTTPS_COOKIE_DOMAIN', 'finalchukker.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Link to comment
Share on other sites

It's not a configuration issue. Your site is not producing results to match what the configuration shows. Could you post your code for the nav bar in header.php and the code for function tep_href_link from includes/functions/html_output.php?

 

Thanks,

Matt

Link to comment
Share on other sites

first the header.php

 

<?php
/*
 $Id: header.php,v 1.42 2003/06/10 18:20:38 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// check if the 'install' directory exists, and warn of its existence
 if (WARN_INSTALL_EXISTENCE == 'true') {
   if (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/install')) {
     $messageStack->add('header', WARNING_INSTALL_DIRECTORY_EXISTS, 'warning');
   }
 }

// check if the configure.php file is writeable
 if (WARN_CONFIG_WRITEABLE == 'true') {
   if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) {
     $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning');
   }
 }

// check if the session folder is writeable
 if (WARN_SESSION_DIRECTORY_NOT_WRITEABLE == 'true') {
   if (STORE_SESSIONS == '') {
     if (!is_dir(tep_session_save_path())) {
       $messageStack->add('header', WARNING_SESSION_DIRECTORY_NON_EXISTENT, 'warning');
     } elseif (!is_writeable(tep_session_save_path())) {
       $messageStack->add('header', WARNING_SESSION_DIRECTORY_NOT_WRITEABLE, 'warning');
     }
   }
 }

// check session.auto_start is disabled
 if ( (function_exists('ini_get')) && (WARN_SESSION_AUTO_START == 'true') ) {
   if (ini_get('session.auto_start') == '1') {
     $messageStack->add('header', WARNING_SESSION_AUTO_START, 'warning');
   }
 }

 if ( (WARN_DOWNLOAD_DIRECTORY_NOT_READABLE == 'true') && (DOWNLOAD_ENABLED == 'true') ) {
   if (!is_dir(DIR_FS_DOWNLOAD)) {
     $messageStack->add('header', WARNING_DOWNLOAD_DIRECTORY_NON_EXISTENT, 'warning');
   }
 }

 if ($messageStack->size('header') > 0) {
   echo $messageStack->output('header');
 }
?>
<table border="0" width="100%" cellspacing="0" cellpadding="0">
 <tr class="header">
   <td valign="middle"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image(DIR_WS_IMAGES . 'logo_tag.bmp', 'FinalChukker.com') . '</a>'; ?></td>
   <td align="right" valign="bottom"><?php echo '<a href="' . tep_href_link(FILENAME_ACCOUNT, '', 'SSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_account.gif', HEADER_TITLE_MY_ACCOUNT) . '</a>  <a href="' . tep_href_link(FILENAME_SHOPPING_CART) . '">' . tep_image(DIR_WS_IMAGES . 'header_cart.gif', HEADER_TITLE_CART_CONTENTS) . '</a>  <a href="' . tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_checkout.gif', HEADER_TITLE_CHECKOUT) . '</a>'; ?>  </td>
 </tr>
</table>
<table border="0" width="100%" cellspacing="0" cellpadding="1">
 <tr class="headerNavigation">
   <td class="headerNavigation">  <?php echo $breadcrumb->trail(' » '); ?></td>
   <td align="right" class="headerNavigation"><?php if (tep_session_is_registered('customer_id')) { ?><a href="<?php echo tep_href_link(FILENAME_LOGOFF, '', 'SSL'); ?>" class="headerNavigation"><?php echo HEADER_TITLE_LOGOFF; ?></a>  |  <?php } ?><a href="<?php echo tep_href_link(FILENAME_ACCOUNT, '', 'SSL'); ?>" class="headerNavigation"><?php echo HEADER_TITLE_MY_ACCOUNT; ?></a>  |  <a href="<?php echo tep_href_link(FILENAME_SHOPPING_CART); ?>" class="headerNavigation"><?php echo HEADER_TITLE_CART_CONTENTS; ?></a>  |  <a href="<?php echo tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'); ?>" class="headerNavigation"><?php echo HEADER_TITLE_CHECKOUT; ?></a>   </td>
 </tr>
</table>
<?php
 if (isset($HTTP_GET_VARS['error_message']) && tep_not_null($HTTP_GET_VARS['error_message'])) {
?>
<table border="0" width="100%" cellspacing="0" cellpadding="2">
 <tr class="headerError">
   <td class="headerError"><?php echo htmlspecialchars(urldecode($HTTP_GET_VARS['error_message'])); ?></td>
 </tr>
</table>
<?php
 }

 if (isset($HTTP_GET_VARS['info_message']) && tep_not_null($HTTP_GET_VARS['info_message'])) {
?>
<table border="0" width="100%" cellspacing="0" cellpadding="2">
 <tr class="headerInfo">
   <td class="headerInfo"><?php echo htmlspecialchars($HTTP_GET_VARS['info_message']); ?></td>
 </tr>
</table>
<?php
 }
?>

Link to comment
Share on other sites

next is the function

// The HTML href link wrapper function
 function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
   global $request_type, $session_started, $SID;

   if (!tep_not_null($page)) {
     die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>');
   }

   if ($connection == 'NONSSL') {
     $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
   } elseif ($connection == 'SSL') {
     if (ENABLE_SSL == true) {
       $link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
     } else {
       $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
     }
   } else {
     die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL</b><br><br>');
   }

   if (tep_not_null($parameters)) {
     $link .= $page . '?' . tep_output_string($parameters);
     $separator = '&';
   } else {
     $link .= $page;
     $separator = '?';
   }

   while ( (substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0, -1);

// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
   if ( ($add_session_id == true) && ($session_started == true) && (SESSION_FORCE_COOKIE_USE == 'False') ) {
     if (tep_not_null($SID)) {
       $_sid = $SID;
     } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
       if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
         $_sid = tep_session_name() . '=' . tep_session_id();
       }
     }
   }

   if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) {
     while (strstr($link, '&&')) $link = str_replace('&&', '&', $link);

     $link = str_replace('?', '/', $link);
     $link = str_replace('&', '/', $link);
     $link = str_replace('=', '/', $link);

     $separator = '?';
   }

   if (isset($_sid)) {
     $link .= $separator . $_sid;
   }

   return $link;
 }

////
// The HTML image wrapper function
 function tep_image($src, $alt = '', $width = '', $height = '', $parameters = '') {
   if ( (empty($src) || ($src == DIR_WS_IMAGES)) && (IMAGE_REQUIRED == 'false') ) {
     return false;
   }

 

Thanks Matt for any help

 

Dale

Link to comment
Share on other sites

Is it possible that the function that switches between the SSL and Non SSL is not working properly? Is this due to a version of software installed that had problems? If we were to update the install to the latest version would we encounter the same issue?

 

Dale

Link to comment
Share on other sites

I've just been through this & discovered that my server did not seem to use the correct enviroment varaible for SSL My fix was to alter the code in application_top.php where it detects SSL I was getting lots of warning about secure / nonsecure on same page.

 

About line 44

// set the type of request (secure or not)
//$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
 $request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'sslrelay.com') ? 'SSL' : 'NONSSL';

 

I also added in html_output.php

 

about line 124

// The HTML form submit button wrapper function
// Outputs a button in the selected language
 function tep_image_submit($image, $alt = '', $parameters = '') {
   global $language;

   $image_submit = '<input type="image" src="' . tep_output_string(DIR_WS_LANGUAGES . $language . '/images/buttons/' . $image) . '" border="0"  alt="' . tep_output_string($alt) . '"';

 

This makes the images have the full path as for some reason the setup we have seems make IE 5.5 protest with secure non secure warnings

put a

<?PHP phpinfo(); ?>

at the bottom of your index.php file just above

</body>

then you can see the enviroment vars.

 

Hope this helps.

An1j21.

Link to comment
Share on other sites

OOOOps wrong about line 124 DOHHHH

 

I ment line 75

	global $request_type;
   
if ( (empty($src) || ($src == DIR_WS_IMAGES)) && (IMAGE_REQUIRED == 'false') ) {
     return false;
   }

// alt is added to the img tag even if it is null to prevent browsers from outputting
// the image filename as default
   
//echo 'Request_type = ' . $request_type;
   if($request_type == 'SSL') {
 $src = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG. $src;
}

$image = '<img src="' . tep_output_string($src) . '" border="0" alt="' . tep_output_string($alt) . '"';

 

cut & paste is good unless you have the wrong thing .....

 

An1j21

Link to comment
Share on other sites

thanks for great input! i've changed the code in my application_top.php, but i'm a bit confused about the modifications to html_output.php...

 

should i forget you even mentioned line 124??? if so, i should goto line 75 and insert what code - the section from above referencing line 124, or just the code referencing 75?

 

sorry... i'm not too bright!

Link to comment
Share on other sites

OOOUUUCCCHHHHHH!!!!!

 

this is what i got...

 

 

Parse error: parse error in /hsphere/local/home/finalchu/finalchukker.com/catalog/includes/functions/html_output.php on line 118

 

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /hsphere/local/home/finalchu/finalchukker.com/catalog/includes/functions/html_output.php:118) in /hsphere/local/home/finalchu/finalchukker.com/catalog/includes/functions/sessions.php on line 67

 

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /hsphere/local/home/finalchu/finalchukker.com/catalog/includes/functions/html_output.php:118) in /hsphere/local/home/finalchu/finalchukker.com/catalog/includes/functions/sessions.php on line 67

 

Top ? Catalog My Account | Cart Contents | Checkout

 

Fatal error: Call to undefined function: tep_draw_separator() in /hsphere/local/home/finalchu/finalchukker.com/catalog/includes/classes/boxes.php on line 117

 

 

:blink:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...