Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL issue


fiat707

Recommended Posts

Hi,

 

A while ago, I read a thread with topic SSL-related, but did not expect the similar issue could happen to my osC store. Now I got this SSL-related problem and went back to read every SSL thread I could find in this forum, but no luck finding it! So I am in desperate need of finding that thread or obtaining a refreshed solution for the following problem:

 

If I click either "My Account" or "Check out" at my osC store, it does go to a SSL page showing a padlock, but it also pop-up a warning dialog: "This page includes secure and non-secure elements; do you want to continue to open it? ..." Then if I click "Yes", it loads the page fine, but without the padlock (it disappears). Someone in an earlier thread had the similar issue and stated that the warning dialog is very likely to cause visitors run away from the store (it makes sense) and also due to the disappearing of the padlock, it becomes uncertain that the page is "secured" or not. Does anyone know how to remedy this issue or the link to the earlier thread that has addressed this problem?

 

Thanks for help.

 

KF

Link to comment
Share on other sites

Hi Rabin,

 

Thanks for reply. Unfortunately, I use IE5.5 and under "View" there is no "Privacy Report". And I don't get that "To correct it avoid hardcoding absolute path." you stated. Could you explain that a bit more detail? (pardon me for newbie)

 

Thanks for helping again.

Link to comment
Share on other sites

OK, The thread link Ben referred to has the issue to do with the banner in footer.php, but I have totally re-built my footer.php without any banner in it. So thanks, no solution there.

 

However, I pondered on Rabin's tip a bit and finally got it fixed. Rabin was right that in my footer.php (coincidently), I put an absolute src path for an image which became an un-secure element when entering SSL page (all SSL pages require footer.php). So I changed the path and the pop-up dialog was gone! Thanks, Rabin.

 

Now it came the last straw: every step after "checkout" is smooth and securely "locked" until after "Confirm Order". Once I hit that "Confirm Order" and it went to the next page announcing "Congradulation!", if I click the "Continue" button there, it went to "This page cannot be found"!

But if I instead click "logoff" and at the "logoff" page hit the "continue" button, it goes to the index (home) page! How can I resolve this "Continue" button issue on the order confirmation page? Has anyone experienced or discovered this problem? Any idea?

 

KF

Link to comment
Share on other sites

The problem shifting from checkout_success.php to index.php is usually caused by inconsistent configuration settings. In particular, your HTTP_SERVER and HTTPS_SERVER values should map to the same place.

 

Hth,

Matt

Link to comment
Share on other sites

Hi

Just in case someone else has a problem of "Mixed Content" Security Warnings"

 

OK, The thread link Ben referred to has the issue to do with the banner in footer.php, but I have totally re-built my footer.php without any banner in it. So thanks, no solution there.

 

It is stated on this thread 3 times that

One important note...Unfortunately the above suggestions will not help with banners or other "offsite" images or scripts.

 

The article is written by Kim Elliot (well Respected in OSC) and is to do with

couple of examples of the code neccessary to use the tep_href_link and tep_image functions and get rid of the nasty security warnings you get for having "mixed" content on a secure page that are caused by hardcoding an absolute address or image......

 

 

Had to clarify thing for the record

 

Cheers

Link to comment
Share on other sites

Hi Matt,

 

You may hit my wound here when you pointed out that HTTP_SERVER and HTTPS_SERVER values should map to the "same" place. Do you mean that the values of both SERVERs have to be same? I am using a shared SSL server which is different from my hosted web server (HTTP_SERVER). It's not like: http://www.mydomain.com and https://www.mydomain.com but like: http://www.mydomain.com and https://www.hostdomain.com

 

So in my case, is there no cure for that "continue" button on Order Confirmation page? If so, there is no need to keep it there to kill the store navigation; Can I remove it or change it to a "logoff" button? How?

 

Thanks for help.

Link to comment
Share on other sites

Thanks to Matt and no others' solution, I successfully changed the "Continue" button on Order-confirmed page to a "Logoff" link which connects to the secured Log-off page and from there visitors can continue to navigate through the store or leave. In case others may want to do the same, the changed code is on checkout_success.php as follows:

 

Change

 

"<tr>

<td align="right" class="main"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>

</tr>"

 

To

 

"<tr>

<td align="right" class="main"><a href="<?php echo tep_href_link(FILENAME_LOGOFF, '', 'SSL'); ?>" class="pageHeading"><?php echo HEADER_TITLE_LOGOFF; ?></a></td>

</tr>"

 

This will replace the "Continue" button with a "logoff" text link.

Link to comment
Share on other sites

  • 3 weeks later...

I do not have the echo statement code but i have a similare problem.

 

when i got the YOUR Account it will take me to a secure site but i do not get to see any of my images that are store in the languages/english/images/buttons/ folder..

the reference to that is ( this in the login.php page)

	<td align=\"left\"class=\"smalltext\"><b><br>"  . tep_image_submit('button_login.gif', IMAGE_BUTTON_LOGIN) . "</b><br><br>

 

i do not have the echo statement..

 

And not sure if this is related to this but if i log on with my user name and password i do not seem to log on although all the details are correct.

Link to comment
Share on other sites

You may want to check out the thread i started. I found a solution. Apparently the way that is used to check whether SSL is being used or not was not working, at least on my host (Dreamhost). A one line code change fixed it for me - I also had no hard coded images or links and was still getting the problem.

 

Scott

 

Thread Link Here

Link to comment
Share on other sites

Update.. I have managed to get rid of that message when you view a secure page.. in my login.php page i had

<?php include(DIR_WS_INCLUDES . 'header_tags.php'); ?>

so i removed it and it was fine,

 

BUT when i log on it tells me that i am going to be redirect to a connection that is not secure, when i click Yes it will take me to the http site rather than showing the https.. not sure if that is right... please advise

Link to comment
Share on other sites

by removing that line mentioned about does not really solve the issue in real terms..

 

I have managed to find a solution which is located at the following post :

http://www.oscommerce.com/forums/index.php?sho...00entry273237

 

I am sure this will help many of you...

 

though i still have 1 more problem.. i can log on to the secure site fine.. and it will show me the https pages, but if have to click on a product to view or go to a category ( i have DHTML categories installed) it takes me to the http even though i am loggon on, but when i get to the product it seems to log me out and i see the login box on the right...

 

any one..

Link to comment
Share on other sites

Prash,

 

If you have a shared SSL certificate, you should turn "Forced cookie use" FALSE in Admin, which doesn't work with a shared SSL certificate any way, but WILL cause the auto-logoff problem you encountered if you set it to TRUE.

 

KF

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...