fiat707 Posted November 21, 2003 Share Posted November 21, 2003 Hi, A while ago, I read a thread with topic SSL-related, but did not expect the similar issue could happen to my osC store. Now I got this SSL-related problem and went back to read every SSL thread I could find in this forum, but no luck finding it! So I am in desperate need of finding that thread or obtaining a refreshed solution for the following problem: If I click either "My Account" or "Check out" at my osC store, it does go to a SSL page showing a padlock, but it also pop-up a warning dialog: "This page includes secure and non-secure elements; do you want to continue to open it? ..." Then if I click "Yes", it loads the page fine, but without the padlock (it disappears). Someone in an earlier thread had the similar issue and stated that the warning dialog is very likely to cause visitors run away from the store (it makes sense) and also due to the disappearing of the padlock, it becomes uncertain that the page is "secured" or not. Does anyone know how to remedy this issue or the link to the earlier thread that has addressed this problem? Thanks for help. KF Link to comment Share on other sites More sharing options...
rabin Posted November 22, 2003 Share Posted November 22, 2003 on your browser click on View > Privacy Report. You'll be list of files that is not https ..... !!!! To correct it avoid hardcoding absolute path. Hope this helps:)) Link to comment Share on other sites More sharing options...
fiat707 Posted November 22, 2003 Author Share Posted November 22, 2003 Hi Rabin, Thanks for reply. Unfortunately, I use IE5.5 and under "View" there is no "Privacy Report". And I don't get that "To correct it avoid hardcoding absolute path." you stated. Could you explain that a bit more detail? (pardon me for newbie) Thanks for helping again. Link to comment Share on other sites More sharing options...
nebnq Posted November 22, 2003 Share Posted November 22, 2003 Hi This thread is a good read, might be related to your problem. http://www.oscommerce.com/forums/index.php?sho...=0entry179418 Cheers Link to comment Share on other sites More sharing options...
fiat707 Posted November 22, 2003 Author Share Posted November 22, 2003 OK, The thread link Ben referred to has the issue to do with the banner in footer.php, but I have totally re-built my footer.php without any banner in it. So thanks, no solution there. However, I pondered on Rabin's tip a bit and finally got it fixed. Rabin was right that in my footer.php (coincidently), I put an absolute src path for an image which became an un-secure element when entering SSL page (all SSL pages require footer.php). So I changed the path and the pop-up dialog was gone! Thanks, Rabin. Now it came the last straw: every step after "checkout" is smooth and securely "locked" until after "Confirm Order". Once I hit that "Confirm Order" and it went to the next page announcing "Congradulation!", if I click the "Continue" button there, it went to "This page cannot be found"! But if I instead click "logoff" and at the "logoff" page hit the "continue" button, it goes to the index (home) page! How can I resolve this "Continue" button issue on the order confirmation page? Has anyone experienced or discovered this problem? Any idea? KF Link to comment Share on other sites More sharing options...
Guest Posted November 22, 2003 Share Posted November 22, 2003 The problem shifting from checkout_success.php to index.php is usually caused by inconsistent configuration settings. In particular, your HTTP_SERVER and HTTPS_SERVER values should map to the same place. Hth, Matt Link to comment Share on other sites More sharing options...
nebnq Posted November 22, 2003 Share Posted November 22, 2003 Hi Just in case someone else has a problem of "Mixed Content" Security Warnings" OK, The thread link Ben referred to has the issue to do with the banner in footer.php, but I have totally re-built my footer.php without any banner in it. So thanks, no solution there. It is stated on this thread 3 times that One important note...Unfortunately the above suggestions will not help with banners or other "offsite" images or scripts. The article is written by Kim Elliot (well Respected in OSC) and is to do with couple of examples of the code neccessary to use the tep_href_link and tep_image functions and get rid of the nasty security warnings you get for having "mixed" content on a secure page that are caused by hardcoding an absolute address or image...... Had to clarify thing for the record Cheers Link to comment Share on other sites More sharing options...
fiat707 Posted November 22, 2003 Author Share Posted November 22, 2003 Hi Matt, You may hit my wound here when you pointed out that HTTP_SERVER and HTTPS_SERVER values should map to the "same" place. Do you mean that the values of both SERVERs have to be same? I am using a shared SSL server which is different from my hosted web server (HTTP_SERVER). It's not like: http://www.mydomain.com and https://www.mydomain.com but like: http://www.mydomain.com and https://www.hostdomain.com So in my case, is there no cure for that "continue" button on Order Confirmation page? If so, there is no need to keep it there to kill the store navigation; Can I remove it or change it to a "logoff" button? How? Thanks for help. Link to comment Share on other sites More sharing options...
fiat707 Posted November 22, 2003 Author Share Posted November 22, 2003 Thanks to Matt and no others' solution, I successfully changed the "Continue" button on Order-confirmed page to a "Logoff" link which connects to the secured Log-off page and from there visitors can continue to navigate through the store or leave. In case others may want to do the same, the changed code is on checkout_success.php as follows: Change "<tr> <td align="right" class="main"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td> </tr>" To "<tr> <td align="right" class="main"><a href="<?php echo tep_href_link(FILENAME_LOGOFF, '', 'SSL'); ?>" class="pageHeading"><?php echo HEADER_TITLE_LOGOFF; ?></a></td> </tr>" This will replace the "Continue" button with a "logoff" text link. Link to comment Share on other sites More sharing options...
Genius Posted December 11, 2003 Share Posted December 11, 2003 I do not have the echo statement code but i have a similare problem. when i got the YOUR Account it will take me to a secure site but i do not get to see any of my images that are store in the languages/english/images/buttons/ folder.. the reference to that is ( this in the login.php page) <td align=\"left\"class=\"smalltext\"><b><br>" . tep_image_submit('button_login.gif', IMAGE_BUTTON_LOGIN) . "</b><br><br> i do not have the echo statement.. And not sure if this is related to this but if i log on with my user name and password i do not seem to log on although all the details are correct. Link to comment Share on other sites More sharing options...
Genius Posted December 11, 2003 Share Posted December 11, 2003 Ok i have managed to get the images working but i still get the error message for secure and non secure.. and when i try and log on it tells me if i want to view a secure page or not. Link to comment Share on other sites More sharing options...
sfuhrman Posted December 11, 2003 Share Posted December 11, 2003 You may want to check out the thread i started. I found a solution. Apparently the way that is used to check whether SSL is being used or not was not working, at least on my host (Dreamhost). A one line code change fixed it for me - I also had no hard coded images or links and was still getting the problem. Scott Thread Link Here Link to comment Share on other sites More sharing options...
Genius Posted December 12, 2003 Share Posted December 12, 2003 HI Scott, thanks for the link but i have tired and read your thread and unfortunetly it has not worked for me :(.. Link to comment Share on other sites More sharing options...
Genius Posted December 12, 2003 Share Posted December 12, 2003 Update.. I have managed to get rid of that message when you view a secure page.. in my login.php page i had <?php include(DIR_WS_INCLUDES . 'header_tags.php'); ?> so i removed it and it was fine, BUT when i log on it tells me that i am going to be redirect to a connection that is not secure, when i click Yes it will take me to the http site rather than showing the https.. not sure if that is right... please advise Link to comment Share on other sites More sharing options...
Genius Posted December 12, 2003 Share Posted December 12, 2003 by removing that line mentioned about does not really solve the issue in real terms.. I have managed to find a solution which is located at the following post : http://www.oscommerce.com/forums/index.php?sho...00entry273237 I am sure this will help many of you... though i still have 1 more problem.. i can log on to the secure site fine.. and it will show me the https pages, but if have to click on a product to view or go to a category ( i have DHTML categories installed) it takes me to the http even though i am loggon on, but when i get to the product it seems to log me out and i see the login box on the right... any one.. Link to comment Share on other sites More sharing options...
Guest Posted December 12, 2003 Share Posted December 12, 2003 In my experience this error occurs when you dont have a SSL certificate. Do you have a SSL certificate? Regards Rich Link to comment Share on other sites More sharing options...
Genius Posted December 15, 2003 Share Posted December 15, 2003 I do have a Shared SSL Certificate Link to comment Share on other sites More sharing options...
fiat707 Posted December 15, 2003 Author Share Posted December 15, 2003 Prash, If you have a shared SSL certificate, you should turn "Forced cookie use" FALSE in Admin, which doesn't work with a shared SSL certificate any way, but WILL cause the auto-logoff problem you encountered if you set it to TRUE. KF Link to comment Share on other sites More sharing options...
Genius Posted December 16, 2003 Share Posted December 16, 2003 Hi KF, Where in admin do i set "Forced cookie use" to FALSE. Link to comment Share on other sites More sharing options...
fiat707 Posted December 16, 2003 Author Share Posted December 16, 2003 Go Admin -> Configuration -> Sessions -> Forced Cookie use Link to comment Share on other sites More sharing options...
Genius Posted December 16, 2003 Share Posted December 16, 2003 HI , I do not have Session but i do have Cache Control... and that is set to True and /tmp directory. not sure if that is the same. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.