Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Problem with SSL settings in OSCommerce


Tuan Le

Recommended Posts

I finally got the OSCommerce 2.2 MS2 installed on my Windows 2003 running PHP 4.3.4 and IIS6. :D However, I now run into some problems with the SSL settings in OSCommerce.

 

The SSL certificate is installed correctly on my Windows 2003 box. When I go to a test page ( https://www.piaawarehouse.com/test.php ), it will show the SSL lock at the bottem right hand corner. And here is a picture showing it

piaawarehouse001.jpg

 

However, the SSL lock will disappear if I go to an OSCommerce page ( https://www.piaawarehouse.com/catalog/index.php ). But if I click on the place where the SSL lock would be, then the certificate information page will show up. Below is a screen shot of it. :unsure: :unsure: :unsure:

piaawarehouse002.jpg

 

My gut feeling is telling me that some thing is not set correctly in the configure.php file under "catalog/includes" directory. Maybe the https catalog/cookie settings?

 

I copied and pasted those settings below. Remember, I am running this on a Windows 2003 box. :(

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.piaawarehouse.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.piaawarehouse.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.piaawarehouse.com');

define('HTTPS_COOKIE_DOMAIN', 'www.piaawarehouse.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Link to comment
Share on other sites

I have tried changing the configure.php file to the settings below but still have the same problem. :unsure: :unsure: :unsure:

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.piaawarehouse.com/catalog'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.piaawarehouse.com/catalog'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.piaawarehouse.com');

define('HTTPS_COOKIE_DOMAIN', 'https://www.piaawarehouse.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Link to comment
Share on other sites

Talegen posted this fix in another forum and it worked for me

 

I got everything working 5x5 now. I'll assume it's a PHP thing for the osCommerce install problem. Also figured out the SSL problem which is a PHP/ISAPI/osCommerce issue. Line 42 of includes/application_top.php has to be changed to $request_type = ($HTTP_SERVER_VARS['SERVER_PORT'] == 443) ? 'SSL' : 'NONSSL';

 

... since getenv() doesn't work with ISAPI.

 

 

HTH

Link to comment
Share on other sites

The original configure.php settings were correct (your revisions are wrong) and would have nothing to do with the lock. A missing lock is usually caused by an image on another site, i.e. <img src="http://some.other.domain.com/image.jpg">. Try viewing source in the browser and searching for src="http:

 

Another possibility is a background in the stylesheet.css file.

 

Hth,

Matt

Link to comment
Share on other sites

If you view source on on your page at login.php you will find something like:

 

<base href="http://www.piaawarehouse.com/">

 

Non SSL - this is why your lock is not there.

 

Your file should have:

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

Matti

Link to comment
Share on other sites

Same no lock problem here.

 

Johnson, I have the 1st code you posted when viewing source at login.php.

 

<base href="http://www.domain.com/">.

 

I've looked at both my logon.php files and don't see where to change it. Am I looking at the right file?

 

We have our own Geotrust SSL certificate if that matters.

 

Thanks

~spectr17

Link to comment
Share on other sites

Talegen posted this fix in another forum and it worked for me

 

I got everything working 5x5 now. I'll assume it's a PHP thing for the osCommerce install problem. Also figured out the SSL problem which is a PHP/ISAPI/osCommerce issue. Line 42 of includes/application_top.php has to be changed to $request_type = ($HTTP_SERVER_VARS['SERVER_PORT'] == 443) ? 'SSL' : 'NONSSL';

 

... since getenv() doesn't work with ISAPI.

 

 

HTH

I followed the instructions in that thread, step-by-step. However, as soon as apply those changes, I would get a blank main page. And if I replaced them with the original, I would get my page back but no padlock in https. :(

Link to comment
Share on other sites

Same no lock problem here.

 

Johnson, I have the 1st code you posted when viewing source at login.php.

 

<base href="http://www.domain.com/">.

 

I've looked at both my logon.php files and don't see where to change it. Am I looking at the right file?

 

We have our own Geotrust SSL certificate if that matters.

 

Thanks

https setting is in the includes\configure.php file. :)

Link to comment
Share on other sites

Thanks Tuan Le, ;)

 

Should I add the code Johnson posted to my configuration.php file?

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

This is using our own SSL cert on our domain.

 

Here's the code that isn't giving me the padlock from my configuration.php file.

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://mydomain.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://mydomain.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('DIR_FS_DOCUMENT_ROOT', '/home/user/public_html/osCommerce/'); // where the pages are located on the server

define('HTTP_COOKIE_DOMAIN', 'mydomain.com');

define('HTTPS_COOKIE_DOMAIN', 'mydomain.com');

define('HTTP_COOKIE_PATH', '/osCommerce/');

define('HTTPS_COOKIE_PATH', '/osCommerce/');

define('DIR_WS_HTTP_CATALOG', '/osCommerce/');

define('DIR_WS_HTTPS_CATALOG', '/osCommerce/');

define('DIR_WS_CATALOG', '/osCommerce/'); // absolute path required

define('DIR_WS_ADMIN', '/osCommerce/admin/');

define('DIR_FS_ADMIN', '/home/user/public_html/osCommerce/admin/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

~spectr17

Link to comment
Share on other sites

Thanks Tuan Le, ;)

 

Should I add the code Johnson posted to my configuration.php file?

I gave up on figure out how to configure the padlock for the senstive sections of the store. So what I did was configure the whole store as https. And it works. The yellow SSL padlock is now showing at the bottem right hand corner.

 

However, you should be careful doing this is a extremely busy site because it will comsume a little more CPU and memory. However, I think it is OK on a small site.

 

Here is what I changed in the /catalog/includes/configure.php file.

 

define('HTTP_SERVER', 'http://mydomain.com'); // eg, http://localhost - should not be empty for productive servers

 

TO

 

define('HTTP_SERVER', 'http[B]s[/B]://mydomain.com'); // eg, http://localhost - should not be empty for productive servers

Link to comment
Share on other sites

Should I add the code Johnson posted to my configuration.php file?

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

This code should be in your login.php - I expect it is.

 

 

I searched this issue on the web - it is not common to osCommerce and appears to be a server side environment variable issue.

 

Yes, getenv does not work with PHP running in ISAPI mode - there are two issues that appear related, but I believe directly not.

 

I think the second issue is incorrect installation of the certificate.

 

Matti

Link to comment
Share on other sites

Have you tryed this??

 

Replace this code in application_top.php (around line 40): 

 

Code: 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; 

 

with this: 

 

Code: 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; 

Link to comment
Share on other sites

Thanks for the help Johnson. I don't see that code in my login.php or configuration files.

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

A buddy is on the same host and he is also having SSL, SSL cookie and log on issues.

 

Should I go ahead and install that code into my login file to see what happens?

~spectr17

Link to comment
Share on other sites

  • 3 months later...
Replace this code in application_top.php (around line 40): 

 

Code: 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; 

 

with this: 

 

Code: 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; 

 

Andrew

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...