Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

No Padlock - Guess ya'll tired of me


fgwhite

Recommended Posts

Posted

I have been struggling for weeks trying to get my freaking padlock to show-up. I've posted earlier and am still looking for fresh ideas. (See: Previous Post)

 

As far as I can tell I am getting mixed content (not getting the mixed content alert though) on my https pages. I've ruled out problems with my certificate because this page shows the padlock. Additionally, if I go to a page and get the mixed content security alert and chose to display non secured items I get the padlock depending on my choice.

Example.

 

I have also tried this fix "What Changes Are Needed In catalog/includes/application_top.php?" from the FAQs.

 

I can't seem to identify any absolute paths and am running OScommerce primarily straight out the box.

 

My best guess is that if I knew exactly what mods to modify to get rid of the mixed content my problem would be solved.

 

Fresh ideas... Pleeeeeeze!

 

PS. Once I solved this problem I'll quit the Newbie for Dummies club :blink: , change my signature and become an honorary member of the School of Hard Knocks :D

Thanks!

 

Frank

 

Ever wish people could recover from a "fatal error?"

Posted

Frank,

 

don't know if i can help but i'll try :)

 

First:

 

What's the os? this may stop me cold depending on your answer but i'm familiar only with my store's setup and that's linux/apache/php/mysql. i'd be happy to compare notes if yours is similar. I do have ssl working, however I am not using virtual host. I do know that my certificate warning was the same as yours where the site name doesn't match! You might even check with the certificate's issuer, I received great support from mine, right down to flavor of webserver and ssl.

 

Also, did you look at /includes/configure.php? there are some settings in there I had to change for secure url and so forth. maybe someone has already mentioned this to you...

 

Mike

  • 2 weeks later...
Posted

Yikes!

 

Thanks for your offer. I'm running Linux and mysql 3.23.

 

When I do a refresh I can momentarily see the padlock. I've twisted my configure.php file every which way I can and still no lock. If I make my entire site https then the lock shows so I've ruled out a problem with the certificate.

 

As best I can tell my images are causing mixed content and is killing the lock.

 

Help!

Thanks!

 

Frank

 

Ever wish people could recover from a "fatal error?"

Posted

excuse me but it appears that the ssl cert you have was made for "www.whitecapcomputer.com" but if you notice when i go in your shop you direct us to "whitecapcomputer.com" the www. is missing.

 

you now have 2 possibilities get a new cert for whitecapcomputer.com OR if you have access to make dns changes, make your domain "whitecapcomputer.com" point to "www.whitecapcomputer.com" if that is done already then simply modify the link so it points to www...

Designrfix.com | Graphic Design Inspiration & Web Design Resources - @designrfix
Posted

I'm not sure that's and issue. Apparently I was working on the configure file while you were visiting (if the warning that configure.php is writable then it's being edited).

 

I can solve that problem by changing define('HTTP_SERVER', 'http://whitecapcomputer.com');

 

to

 

define('HTTP_SERVER', 'http://www.whitecapcomputer.com');

 

or even

define('HTTP_SERVER', 'http://www.whitecapsolutions.com/whitecapcomputer');

Thanks!

 

Frank

 

Ever wish people could recover from a "fatal error?"

Posted

I have gone through your site, and using netscape 7.1, when i go to create an account, then click on the ssl link on the bottom right of the browser, page info and browser, i am seeing that the majority of the items are not being covered by the ssl encryption, thus the 'padlock' as you call it, is not displayed properly. if somehow, you can create a separate area under whitecapsolutions, then there should be no problem.

take a look at how the links are with netscape 7.1, it is showing that even though your create_account link is https, further tracing shows it is actually pointing to http://... create_account.php instead of https://...create_account.php

 

somehow, even though you are using a shared certificate, it is not doing the full encryption that you expected.

Posted

I'm using Linux Redhat 7.2 and PHP Version 4.3.2

Thanks!

 

Frank

 

Ever wish people could recover from a "fatal error?"

Posted

I only put that note there because if you getenv() isn't working in your code...like around line 41 of osc2.2ms2 where mine says

 

$request_tyupe = (getenv("HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

it'll always give you nonssl.

 

This could be becuase php is running in isapi mode, it could be because register_globals is off.

 

echoing php_sapi_name() will tell you what kind of sapi you're using whether it be apache, isapi, cgi, etc.

 

Anyway, if getenv() fails to retrieve HTTPS....then a few lines below it when it checks for $request_type...it defines DIR_WS_CATALOG which is *problably* where your error is. Don't quote me on that even though the forum will let you..hehe.

 

why doesn't Osc use $_SERVER instead of getenv....don't know. In my humble understanding, PHP is leaning toward superglobals and getting rid of previous globals meaning they want people to use $_GET instead of $HTTP_GET_VARS,

 

$_SERVER instead of getenv() anyone??

Posted

To: mtimdog

 

My scripting experience goes only as far as tweaking perl scripts to run on my server. PHP is completely new to me... and I thought I'd be able to run OSC right "out the can".

 

How do I echo "php_sapi_name()"?

Thanks!

 

Frank

 

Ever wish people could recover from a "fatal error?"

Posted

I just repaired a site and the problem was an incorrect HTTPS_COOKIE_DOMAIN

 

HTH

 

Matti

Posted

Think I found the problem. On my hosting company site they told us due to a SSL issue to change this code:

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

 

 

 

With this code:

 

$request_type = (getenv('HTTPS') == 'on' or getenv('SERVER_PORT') == 443) ? 'SSL' : 'NONSSL';

 

 

 

 

That did not work for me right away. had to make sure my

 

define('HTTPS_COOKIE_DOMAIN',

 

had the correct URL in it [it did not at first].

Posted

Just tried:

$request_type = (getenv('HTTPS') == 'on' or getenv('SERVER_PORT') == 443) ? 'SSL' : 'NONSSL';

 

and

 

$request_type = ($HTTP_SERVER_VARS['SERVER_PORT'] == 443) ? 'SSL' : 'NONSSL';

 

Neither worked.

 

Have resolved to using

define('HTTP_SERVER', 'https://www.whitecapsolutions.com');
thereby forcing the ENTIRE catalog to be secure. What's the disadvantages of doing this?

Thanks!

 

Frank

 

Ever wish people could recover from a "fatal error?"

Posted

Frank, you and I spoke the other day. Your store is on one domain name and you were pointing to the SSL installed on your other domain (whitecapsolutions) to a FOLDER on the site, not a link to the cname, etc., did you ever resove that portion? If your ssl was pointint thru to another doman and folder, you need to copy the store info to the folder, as your ssl is not really going to whitecapcomputer.com

 

I would also upgrade to php 4.3.3 or higher

Posted

fgwhite,

 

Our secure images point to our https site and I'm still not getting a padlock when going to a SSL page. I don't think that is our/your problem.

 

?????

 

Using Netcapse 7.0 the padlock is fine. With IE 6.0 padlock flashes briefly when you got to HTTPS and then disappears.

 

Using

 

Apache/1.3.28 (Unix)

PHP Version: 4.3.2 (Zend: 1.3.0)

MySQL 4.0.15-standard

 

sessions are set to:

 

Session Directory /tmp

Force Cookie Use - True

Check SSL Session ID - True

Check User Agent - False

Check IP Address - False

Prevent Spider Sessions -True

Recreate Session -True

 

application_top.php is

 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

I tried this with no luck in application top

 

$request_type = (getenv('HTTPS') == 'on' or getenv('SERVER_PORT') == 443) ? 'SSL' : 'NONSSL';

 

A buddy has his padlock working and I'll check what his application_top.php settings are.

 

 

As Curly would say, "To the hunt"

~spectr17

Posted

A buddy has same server, osC install and Geotrust SSL certificate and his padlock works. Our still doesn't. Config settings are the same.

 

application_top is the same for both of us.

 

Here is what he has that works, the same as our store.

 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Stump a rooney on this one.

~spectr17

Posted

We found our problem.

 

We had a credit card image in our footer that was calling HTTP . Changing it to HTTPS fixed the missing padlock.

~spectr17

Posted

Spectr17,

 

You added the card image manually?

Thanks!

 

Frank

 

Ever wish people could recover from a "fatal error?"

  • 5 months later...
Posted

How can I get images to be called via https?

Thanks!

 

Frank

 

Ever wish people could recover from a "fatal error?"

  • 2 weeks later...
Posted

I had the same problem with the padlock and found out it was my counter in my footer. After removing it, padlock came back.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...