Tuan Le Posted December 26, 2003 Share Posted December 26, 2003 I finally got the OSCommerce 2.2 MS2 installed on my Windows 2003 running PHP 4.3.4 and IIS6. :D However, I now run into some problems with the SSL settings in OSCommerce. The SSL certificate is installed correctly on my Windows 2003 box. When I go to a test page ( https://www.piaawarehouse.com/test.php ), it will show the SSL lock at the bottem right hand corner. And here is a picture showing it However, the SSL lock will disappear if I go to an OSCommerce page ( https://www.piaawarehouse.com/catalog/index.php ). But if I click on the place where the SSL lock would be, then the certificate information page will show up. Below is a screen shot of it. :unsure: :unsure: :unsure: My gut feeling is telling me that some thing is not set correctly in the configure.php file under "catalog/includes" directory. Maybe the https catalog/cookie settings? I copied and pasted those settings below. Remember, I am running this on a Windows 2003 box. :( // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.piaawarehouse.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.piaawarehouse.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.piaawarehouse.com'); define('HTTPS_COOKIE_DOMAIN', 'www.piaawarehouse.com'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME'])); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); Link to comment Share on other sites More sharing options...
Tuan Le Posted December 26, 2003 Author Share Posted December 26, 2003 I have tried changing the configure.php file to the settings below but still have the same problem. :unsure: :unsure: :unsure: // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.piaawarehouse.com/catalog'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.piaawarehouse.com/catalog'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.piaawarehouse.com'); define('HTTPS_COOKIE_DOMAIN', 'https://www.piaawarehouse.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME'])); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); Link to comment Share on other sites More sharing options...
bram Posted December 26, 2003 Share Posted December 26, 2003 I'm having the same problem. www.clearjewel.com I'll keep you posted if I figure it out. Link to comment Share on other sites More sharing options...
Tuan Le Posted December 26, 2003 Author Share Posted December 26, 2003 I'm having the same problem. www.clearjewel.com I'll keep you posted if I figure it out. Thanks, I will do the same. :) Are you running on a Windows 2003 box also? Link to comment Share on other sites More sharing options...
bram Posted December 27, 2003 Share Posted December 27, 2003 My host is a linux server. I'm testing on IE 6.0 in Win XP and IE 5.5 for Mac OSX(Panther)/Safari Link to comment Share on other sites More sharing options...
beercan Posted December 27, 2003 Share Posted December 27, 2003 Talegen posted this fix in another forum and it worked for me I got everything working 5x5 now. I'll assume it's a PHP thing for the osCommerce install problem. Also figured out the SSL problem which is a PHP/ISAPI/osCommerce issue. Line 42 of includes/application_top.php has to be changed to $request_type = ($HTTP_SERVER_VARS['SERVER_PORT'] == 443) ? 'SSL' : 'NONSSL'; ... since getenv() doesn't work with ISAPI. HTH Link to comment Share on other sites More sharing options...
bram Posted December 28, 2003 Share Posted December 28, 2003 No luck for me. www.clearjewel.com Link to comment Share on other sites More sharing options...
Guest Posted December 28, 2003 Share Posted December 28, 2003 instead of www.domain.com for the cookie, try .domain.com Link to comment Share on other sites More sharing options...
Guest Posted December 28, 2003 Share Posted December 28, 2003 The original configure.php settings were correct (your revisions are wrong) and would have nothing to do with the lock. A missing lock is usually caused by an image on another site, i.e. <img src="http://some.other.domain.com/image.jpg">. Try viewing source in the browser and searching for src="http: Another possibility is a background in the stylesheet.css file. Hth, Matt Link to comment Share on other sites More sharing options...
Guest Posted December 28, 2003 Share Posted December 28, 2003 If you view source on on your page at login.php you will find something like: <base href="http://www.piaawarehouse.com/"> Non SSL - this is why your lock is not there. Your file should have: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> Matti Link to comment Share on other sites More sharing options...
beercan Posted December 29, 2003 Share Posted December 29, 2003 Well my fix was aimed at windows users that are experiencing the getenv() issue. I struggled with the padlock not showing until I changed that line of code. Link to comment Share on other sites More sharing options...
spectr17 Posted December 29, 2003 Share Posted December 29, 2003 Same no lock problem here. Johnson, I have the 1st code you posted when viewing source at login.php. <base href="http://www.domain.com/">. I've looked at both my logon.php files and don't see where to change it. Am I looking at the right file? We have our own Geotrust SSL certificate if that matters. Thanks ~spectr17 Link to comment Share on other sites More sharing options...
Tuan Le Posted December 29, 2003 Author Share Posted December 29, 2003 Talegen posted this fix in another forum and it worked for me I got everything working 5x5 now. I'll assume it's a PHP thing for the osCommerce install problem. Also figured out the SSL problem which is a PHP/ISAPI/osCommerce issue. Line 42 of includes/application_top.php has to be changed to $request_type = ($HTTP_SERVER_VARS['SERVER_PORT'] == 443) ? 'SSL' : 'NONSSL'; ... since getenv() doesn't work with ISAPI. HTH I followed the instructions in that thread, step-by-step. However, as soon as apply those changes, I would get a blank main page. And if I replaced them with the original, I would get my page back but no padlock in https. :( Link to comment Share on other sites More sharing options...
Tuan Le Posted December 29, 2003 Author Share Posted December 29, 2003 Same no lock problem here. Johnson, I have the 1st code you posted when viewing source at login.php. <base href="http://www.domain.com/">. I've looked at both my logon.php files and don't see where to change it. Am I looking at the right file? We have our own Geotrust SSL certificate if that matters. Thanks https setting is in the includes\configure.php file. :) Link to comment Share on other sites More sharing options...
Tuan Le Posted December 30, 2003 Author Share Posted December 30, 2003 TTT....anyone ? :( Link to comment Share on other sites More sharing options...
spectr17 Posted December 30, 2003 Share Posted December 30, 2003 Thanks Tuan Le, ;) Should I add the code Johnson posted to my configuration.php file? <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> This is using our own SSL cert on our domain. Here's the code that isn't giving me the padlock from my configuration.php file. // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://mydomain.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://mydomain.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('DIR_FS_DOCUMENT_ROOT', '/home/user/public_html/osCommerce/'); // where the pages are located on the server define('HTTP_COOKIE_DOMAIN', 'mydomain.com'); define('HTTPS_COOKIE_DOMAIN', 'mydomain.com'); define('HTTP_COOKIE_PATH', '/osCommerce/'); define('HTTPS_COOKIE_PATH', '/osCommerce/'); define('DIR_WS_HTTP_CATALOG', '/osCommerce/'); define('DIR_WS_HTTPS_CATALOG', '/osCommerce/'); define('DIR_WS_CATALOG', '/osCommerce/'); // absolute path required define('DIR_WS_ADMIN', '/osCommerce/admin/'); define('DIR_FS_ADMIN', '/home/user/public_html/osCommerce/admin/'); // absolute path required define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); ~spectr17 Link to comment Share on other sites More sharing options...
Tuan Le Posted December 30, 2003 Author Share Posted December 30, 2003 Thanks Tuan Le, ;) Should I add the code Johnson posted to my configuration.php file? I gave up on figure out how to configure the padlock for the senstive sections of the store. So what I did was configure the whole store as https. And it works. The yellow SSL padlock is now showing at the bottem right hand corner. However, you should be careful doing this is a extremely busy site because it will comsume a little more CPU and memory. However, I think it is OK on a small site. Here is what I changed in the /catalog/includes/configure.php file. define('HTTP_SERVER', 'http://mydomain.com'); // eg, http://localhost - should not be empty for productive servers TO define('HTTP_SERVER', 'http[B]s[/B]://mydomain.com'); // eg, http://localhost - should not be empty for productive servers Link to comment Share on other sites More sharing options...
Guest Posted December 30, 2003 Share Posted December 30, 2003 Should I add the code Johnson posted to my configuration.php file? <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> This code should be in your login.php - I expect it is. I searched this issue on the web - it is not common to osCommerce and appears to be a server side environment variable issue. Yes, getenv does not work with PHP running in ISAPI mode - there are two issues that appear related, but I believe directly not. I think the second issue is incorrect installation of the certificate. Matti Link to comment Share on other sites More sharing options...
Guest Posted December 30, 2003 Share Posted December 30, 2003 Have you tryed this?? Replace this code in application_top.php (around line 40): Code: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; with this: Code: $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; Link to comment Share on other sites More sharing options...
spectr17 Posted January 1, 2004 Share Posted January 1, 2004 Thanks for the help Johnson. I don't see that code in my login.php or configuration files. <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> A buddy is on the same host and he is also having SSL, SSL cookie and log on issues. Should I go ahead and install that code into my login file to see what happens? ~spectr17 Link to comment Share on other sites More sharing options...
meandrew Posted April 8, 2004 Share Posted April 8, 2004 Replace this code in application_top.php (around line 40): Code: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; with this: Code: $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; Andrew Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.