fgwhite Posted December 14, 2003 Posted December 14, 2003 I have been struggling for weeks trying to get my freaking padlock to show-up. I've posted earlier and am still looking for fresh ideas. (See: Previous Post) As far as I can tell I am getting mixed content (not getting the mixed content alert though) on my https pages. I've ruled out problems with my certificate because this page shows the padlock. Additionally, if I go to a page and get the mixed content security alert and chose to display non secured items I get the padlock depending on my choice. Example. I have also tried this fix "What Changes Are Needed In catalog/includes/application_top.php?" from the FAQs. I can't seem to identify any absolute paths and am running OScommerce primarily straight out the box. My best guess is that if I knew exactly what mods to modify to get rid of the mixed content my problem would be solved. Fresh ideas... Pleeeeeeze! PS. Once I solved this problem I'll quit the Newbie for Dummies club :blink: , change my signature and become an honorary member of the School of Hard Knocks :D Thanks! Frank Ever wish people could recover from a "fatal error?"
Yikes! Posted December 14, 2003 Posted December 14, 2003 Frank, don't know if i can help but i'll try :) First: What's the os? this may stop me cold depending on your answer but i'm familiar only with my store's setup and that's linux/apache/php/mysql. i'd be happy to compare notes if yours is similar. I do have ssl working, however I am not using virtual host. I do know that my certificate warning was the same as yours where the site name doesn't match! You might even check with the certificate's issuer, I received great support from mine, right down to flavor of webserver and ssl. Also, did you look at /includes/configure.php? there are some settings in there I had to change for secure url and so forth. maybe someone has already mentioned this to you... Mike
fgwhite Posted December 28, 2003 Author Posted December 28, 2003 Yikes! Thanks for your offer. I'm running Linux and mysql 3.23. When I do a refresh I can momentarily see the padlock. I've twisted my configure.php file every which way I can and still no lock. If I make my entire site https then the lock shows so I've ruled out a problem with the certificate. As best I can tell my images are causing mixed content and is killing the lock. Help! Thanks! Frank Ever wish people could recover from a "fatal error?"
voided Posted December 28, 2003 Posted December 28, 2003 excuse me but it appears that the ssl cert you have was made for "www.whitecapcomputer.com" but if you notice when i go in your shop you direct us to "whitecapcomputer.com" the www. is missing. you now have 2 possibilities get a new cert for whitecapcomputer.com OR if you have access to make dns changes, make your domain "whitecapcomputer.com" point to "www.whitecapcomputer.com" if that is done already then simply modify the link so it points to www... Designrfix.com | Graphic Design Inspiration & Web Design Resources - @designrfix
fgwhite Posted December 28, 2003 Author Posted December 28, 2003 I'm not sure that's and issue. Apparently I was working on the configure file while you were visiting (if the warning that configure.php is writable then it's being edited). I can solve that problem by changing define('HTTP_SERVER', 'http://whitecapcomputer.com'); to define('HTTP_SERVER', 'http://www.whitecapcomputer.com'); or even define('HTTP_SERVER', 'http://www.whitecapsolutions.com/whitecapcomputer'); Thanks! Frank Ever wish people could recover from a "fatal error?"
voided Posted December 28, 2003 Posted December 28, 2003 ya, i just noticed it.. theres no padlock at all now weird :} Designrfix.com | Graphic Design Inspiration & Web Design Resources - @designrfix
beercan Posted December 29, 2003 Posted December 29, 2003 try the fix I posted in this thread http://www.oscommerce.com/forums/index.php?showtopic=71443 If you are using w2k or 2003 it should work for you, it did for me. BTW the credit for the fix goes to talgen. Sean
Guest Posted December 29, 2003 Posted December 29, 2003 I have gone through your site, and using netscape 7.1, when i go to create an account, then click on the ssl link on the bottom right of the browser, page info and browser, i am seeing that the majority of the items are not being covered by the ssl encryption, thus the 'padlock' as you call it, is not displayed properly. if somehow, you can create a separate area under whitecapsolutions, then there should be no problem. take a look at how the links are with netscape 7.1, it is showing that even though your create_account link is https, further tracing shows it is actually pointing to http://... create_account.php instead of https://...create_account.php somehow, even though you are using a shared certificate, it is not doing the full encryption that you expected.
mtimdog Posted December 30, 2003 Posted December 30, 2003 Note: the getenv() function does not work in ISAPI mode for PHP. WHat OS are you using and what version of PHP??
fgwhite Posted December 30, 2003 Author Posted December 30, 2003 I'm using Linux Redhat 7.2 and PHP Version 4.3.2 Thanks! Frank Ever wish people could recover from a "fatal error?"
mtimdog Posted December 30, 2003 Posted December 30, 2003 I only put that note there because if you getenv() isn't working in your code...like around line 41 of osc2.2ms2 where mine says $request_tyupe = (getenv("HTTPS') == 'on') ? 'SSL' : 'NONSSL'; it'll always give you nonssl. This could be becuase php is running in isapi mode, it could be because register_globals is off. echoing php_sapi_name() will tell you what kind of sapi you're using whether it be apache, isapi, cgi, etc. Anyway, if getenv() fails to retrieve HTTPS....then a few lines below it when it checks for $request_type...it defines DIR_WS_CATALOG which is *problably* where your error is. Don't quote me on that even though the forum will let you..hehe. why doesn't Osc use $_SERVER instead of getenv....don't know. In my humble understanding, PHP is leaning toward superglobals and getting rid of previous globals meaning they want people to use $_GET instead of $HTTP_GET_VARS, $_SERVER instead of getenv() anyone??
mtimdog Posted December 30, 2003 Posted December 30, 2003 forgot to say what file i was talking about..oops application_top.php of course.
fgwhite Posted January 2, 2004 Author Posted January 2, 2004 To: mtimdog My scripting experience goes only as far as tweaking perl scripts to run on my server. PHP is completely new to me... and I thought I'd be able to run OSC right "out the can". How do I echo "php_sapi_name()"? Thanks! Frank Ever wish people could recover from a "fatal error?"
Guest Posted January 2, 2004 Posted January 2, 2004 I just repaired a site and the problem was an incorrect HTTPS_COOKIE_DOMAIN HTH Matti
uslackeru Posted January 2, 2004 Posted January 2, 2004 Think I found the problem. On my hosting company site they told us due to a SSL issue to change this code: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; With this code: $request_type = (getenv('HTTPS') == 'on' or getenv('SERVER_PORT') == 443) ? 'SSL' : 'NONSSL'; That did not work for me right away. had to make sure my define('HTTPS_COOKIE_DOMAIN', had the correct URL in it [it did not at first].
fgwhite Posted January 3, 2004 Author Posted January 3, 2004 Just tried: $request_type = (getenv('HTTPS') == 'on' or getenv('SERVER_PORT') == 443) ? 'SSL' : 'NONSSL'; and $request_type = ($HTTP_SERVER_VARS['SERVER_PORT'] == 443) ? 'SSL' : 'NONSSL'; Neither worked. Have resolved to using define('HTTP_SERVER', 'https://www.whitecapsolutions.com'); thereby forcing the ENTIRE catalog to be secure. What's the disadvantages of doing this? Thanks! Frank Ever wish people could recover from a "fatal error?"
Guest Posted January 3, 2004 Posted January 3, 2004 Frank, you and I spoke the other day. Your store is on one domain name and you were pointing to the SSL installed on your other domain (whitecapsolutions) to a FOLDER on the site, not a link to the cname, etc., did you ever resove that portion? If your ssl was pointint thru to another doman and folder, you need to copy the store info to the folder, as your ssl is not really going to whitecapcomputer.com I would also upgrade to php 4.3.3 or higher
fgwhite Posted January 3, 2004 Author Posted January 3, 2004 Yes. I moved the entire store to the top level domain at http://whitecapsolutions.com/catalog. The copy at http://whitecapcomputer.com/catalog now points to the first mentioned location. Thanks! Frank Ever wish people could recover from a "fatal error?"
spectr17 Posted January 4, 2004 Posted January 4, 2004 fgwhite, Our secure images point to our https site and I'm still not getting a padlock when going to a SSL page. I don't think that is our/your problem. ????? Using Netcapse 7.0 the padlock is fine. With IE 6.0 padlock flashes briefly when you got to HTTPS and then disappears. Using Apache/1.3.28 (Unix) PHP Version: 4.3.2 (Zend: 1.3.0) MySQL 4.0.15-standard sessions are set to: Session Directory /tmp Force Cookie Use - True Check SSL Session ID - True Check User Agent - False Check IP Address - False Prevent Spider Sessions -True Recreate Session -True application_top.php is // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; I tried this with no luck in application top $request_type = (getenv('HTTPS') == 'on' or getenv('SERVER_PORT') == 443) ? 'SSL' : 'NONSSL'; A buddy has his padlock working and I'll check what his application_top.php settings are. As Curly would say, "To the hunt" ~spectr17
spectr17 Posted January 5, 2004 Posted January 5, 2004 A buddy has same server, osC install and Geotrust SSL certificate and his padlock works. Our still doesn't. Config settings are the same. application_top is the same for both of us. Here is what he has that works, the same as our store. // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; Stump a rooney on this one. ~spectr17
spectr17 Posted January 7, 2004 Posted January 7, 2004 We found our problem. We had a credit card image in our footer that was calling HTTP . Changing it to HTTPS fixed the missing padlock. ~spectr17
fgwhite Posted January 7, 2004 Author Posted January 7, 2004 Spectr17, You added the card image manually? Thanks! Frank Ever wish people could recover from a "fatal error?"
fgwhite Posted July 5, 2004 Author Posted July 5, 2004 How can I get images to be called via https? Thanks! Frank Ever wish people could recover from a "fatal error?"
Guest Posted July 14, 2004 Posted July 14, 2004 I had the same problem with the padlock and found out it was my counter in my footer. After removing it, padlock came back.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.