sfuhrman Posted November 27, 2003 Posted November 27, 2003 Hi everyone, Our site, http://www.easycookin.com, display the explorer message "this page contains secure and non-secure items" through the checkout process. We are not using a shared SSL certificate. I have checked to make sure that I am not using any hard-coded URLs in the header or anything, and I still can't figure this out. Anyone have any suggestions?
sfuhrman Posted November 27, 2003 Author Posted November 27, 2003 Below is the relevant section of my configuration.php. Everything seems to be right... // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://easycookin.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://easycookin.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'easycookin.com'); define('HTTPS_COOKIE_DOMAIN', 'easycookin.com'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/easycook/easycookin.com/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
Guest Posted November 29, 2003 Posted November 29, 2003 Sucks that no one has replied to this post yet. I have the same kind of post here: http://www.oscommerce.com/forums/index.php?showtopic=68122
sfuhrman Posted December 1, 2003 Author Posted December 1, 2003 Yes, it does suck. I have seen a lot of people have this problem, so I am pretty puzzled that there is not a solution out there somewhere. I have also tried commenting out all the "base href" lines in the php, and that helped a little but I am still getting a secure/non-secure message after the login screem on the shipping screen, then it goes back to secure on the credit card screen. pretty crappy. if anyone has any help please let us know!
chfields Posted December 1, 2003 Posted December 1, 2003 Do you have any banners or images from outside OSC???
Guest Posted December 1, 2003 Posted December 1, 2003 That's not the problem, chfields. The problem is that images WITHIN oscommerce are causing the errors. When you go to the SSL area of the site (https://), any images coming from http:// will cause these errors. So then there's the whole problem of having two copies of oscommerce, one on http:// and one on https:// Are you supposed to have two sets of every PHP file, two images folders, two includes folders, two admin folders??? I changed my config file so that all images always come from HTTPS, no matter what. That way there are no non-secure item errors. I also kept only one copy of admin on HTTPS. But then admin can only affect files on https. Admin can only upload images to the images folder on https. (Which is fine since I made OsC get all images from there anyway.) But then if I change a language template, that would need to come from https, too. So you end up putting the whole friggin' shopping cart in https. So basically, what's the point in having an http AND an https area of the same cart?
sfuhrman Posted December 1, 2003 Author Posted December 1, 2003 No, I have no images coming from anywhere outside of my site. I don't even have seperate secure and non-secure directories. http://www.easycookin.com/catalog/ and https://www.easycookin.com/catalog/ both go to the exact same spot on my server,just one is secure and one is not. The base url just does not seem to be set right. It seems like a ton of people are having this same problem too.
sfuhrman Posted December 1, 2003 Author Posted December 1, 2003 Here is what images are causing the problems... Note that NONE of these are hard coded with absolute paths.
sfuhrman Posted December 2, 2003 Author Posted December 2, 2003 Does anyone have any idea how to get these images to come from the SSL URL instead of the non SSL URL? :blink:
sfuhrman Posted December 2, 2003 Author Posted December 2, 2003 So, obviously, a lot of the problem is that the line <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> Is not doing the right thing because the $request_type variable is not being set right. On my server it always reports "NONSSL". There is a better way, I would think, to detect if SSL is in use. I think it may work to place the following line before all the <base href... lines above in all the php files in /catalog that contain it. if($GLOBALS["SERVER_PORT"]==443) $request_type == 'SSL'; Any thoughts?
sfuhrman Posted December 2, 2003 Author Posted December 2, 2003 I should have included the php tags for the inserted code. Here is the line with the tags added. <?php if($GLOBALS["SERVER_PORT"]==443) $request_type == 'SSL'; ?>
sfuhrman Posted December 2, 2003 Author Posted December 2, 2003 I found a fix that works perfectly for me thus far! Yipee. If you are experiencing the same problem, try adding one line of code to /catalog/includes/application_top.php: find this line of code, ~line 41: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; and add this line below it: if($GLOBALS["SERVER_PORT"]==443) $request_type = 'SSL'; It worked perfectly for me. Let me know if it works for you. Apparently the getenv doesn't work on all hosts.
Genius Posted December 2, 2003 Posted December 2, 2003 HI scott. Please could you assist me with setting up SSL on the checkout pages as i would like them to be secure and not the whole site.. At the moment i have all my pages in html and when i get to the checkout process i have a payment gateway with secpay, so when the transaction is done then it returns to my checkout page and it show non secure and secure items so i need some help in setting up those checkout page to secure.. I would very much appreciate you help. many thanks
Genius Posted December 12, 2003 Posted December 12, 2003 HI Scott i have tried ammending my file but i still get the errors
Genius Posted December 12, 2003 Posted December 12, 2003 Ok i have managed to get those non secure issue out so i can get into https pages okay.. BUt when i log on using my login page.. when i click login button, it prompts me if i want to be redirected to a non secure site.. if i say no it just stays there if i say YES then it will take me to Http site but not log me in... where to i set to say that i when logon in secure mode it should take me to secure site pages.. i have checked my configure.php file and that is pointing to the https site. any thoughts
JoelMerrick Posted February 11, 2004 Posted February 11, 2004 I was using a piece of flash that had the codebase set to http://www.macromedia.com/.. etc When the page is parsed in IE it must do a connection or at least think it needs to (even if you have flash installed) Removed the http:// stuff and the error disappered :)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.