Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Secure and non secure items. argh!


sfuhrman

Recommended Posts

Posted

Hi everyone,

 

Our site, http://www.easycookin.com, display the explorer message "this page contains secure and non-secure items" through the checkout process. We are not using a shared SSL certificate. I have checked to make sure that I am not using any hard-coded URLs in the header or anything, and I still can't figure this out.

 

Anyone have any suggestions?

Posted

Below is the relevant section of my configuration.php. Everything seems to be right...

 

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://easycookin.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://easycookin.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'easycookin.com');

define('HTTPS_COOKIE_DOMAIN', 'easycookin.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/easycook/easycookin.com/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Posted

Yes, it does suck. I have seen a lot of people have this problem, so I am pretty puzzled that there is not a solution out there somewhere. I have also tried commenting out all the "base href" lines in the php, and that helped a little but I am still getting a secure/non-secure message after the login screem on the shipping screen, then it goes back to secure on the credit card screen. pretty crappy. if anyone has any help please let us know!

Posted

That's not the problem, chfields.

 

The problem is that images WITHIN oscommerce are causing the errors. When you go to the SSL area of the site (https://), any images coming from http:// will cause these errors.

 

So then there's the whole problem of having two copies of oscommerce, one on http:// and one on https://

 

Are you supposed to have two sets of every PHP file, two images folders, two includes folders, two admin folders???

 

I changed my config file so that all images always come from HTTPS, no matter what. That way there are no non-secure item errors. I also kept only one copy of admin on HTTPS. But then admin can only affect files on https. Admin can only upload images to the images folder on https. (Which is fine since I made OsC get all images from there anyway.) But then if I change a language template, that would need to come from https, too.

 

So you end up putting the whole friggin' shopping cart in https.

 

So basically, what's the point in having an http AND an https area of the same cart?

Posted

No, I have no images coming from anywhere outside of my site. I don't even have seperate secure and non-secure directories. http://www.easycookin.com/catalog/ and https://www.easycookin.com/catalog/ both go to the exact same spot on my server,just one is secure and one is not. The base url just does not seem to be set right. It seems like a ton of people are having this same problem too.

Posted

So, obviously, a lot of the problem is that the line

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

Is not doing the right thing because the $request_type variable is not being set right. On my server it always reports "NONSSL".

 

There is a better way, I would think, to detect if SSL is in use. I think it may work to place the following line before all the <base href... lines above in all the php files in /catalog that contain it.

 

 if($GLOBALS["SERVER_PORT"]==443) $request_type == 'SSL';

 

Any thoughts?

Posted

I should have included the php tags for the inserted code. Here is the line with the tags added.

 

<?php if($GLOBALS["SERVER_PORT"]==443) $request_type == 'SSL';  ?>

Posted

I found a fix that works perfectly for me thus far! Yipee.

 

If you are experiencing the same problem, try adding one line of code to /catalog/includes/application_top.php:

 

find this line of code, ~line 41:

 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

and add this line below it:

if($GLOBALS["SERVER_PORT"]==443) $request_type = 'SSL';

 

It worked perfectly for me. Let me know if it works for you. Apparently the getenv doesn't work on all hosts.

Posted

HI scott.

 

Please could you assist me with setting up SSL on the checkout pages as i would like them to be secure and not the whole site..

 

At the moment i have all my pages in html and when i get to the checkout process i have a payment gateway with secpay, so when the transaction is done then it returns to my checkout page and it show non secure and secure items so i need some help in setting up those checkout page to secure..

 

I would very much appreciate you help.

 

many thanks

  • 2 weeks later...
Posted

Ok i have managed to get those non secure issue out so i can get into https pages okay.. BUt when i log on using my login page.. when i click login button, it prompts me if i want to be redirected to a non secure site.. if i say no it just stays there if i say YES then it will take me to Http site but not log me in...

 

where to i set to say that i when logon in secure mode it should take me to secure site pages..

i have checked my configure.php file and that is pointing to the https site.

 

any thoughts

  • 1 month later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...