Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Layout problems with SSL


alexd1

Recommended Posts

Sorry to post about this again guys and gals, but this is really beginning to drive me mental.

 

I have been having problems with the layout of pages that are passed through the SSL. Right sided info boxes squeeze towards the left.

 

Well I have been playing about with the configure.php file and when I set SSL to false, the layout of the pages that would otherwise pass through the ssl (such as log in, etc) all appear fine.

 

However, when I set SSL to true, the layout of these pages is not fine. It has been mentioned to me that I need to secure the images ?? (But dont know exactly what that means or how to do it !)

 

I have been trying to get this problem fixed all day, but still no luck. Only now though did I discover that without SSL the pages layout is fine, so I know that there is something going on with the SSL.

 

Can anyone please advise me on how to fix this issue ?? Is it the configure.php file I need to do something to ?? Is it another file ?? I have been going through the documentation all day, but have not found anything that might help me.

 

Any help at all would be most welcome and appreciated.

 

Thank you

 

Alex :unsure:

Link to comment
Share on other sites

sounds more like the host computer along with ssl is having the problem. send an email to the host tech support and have ssl enabled to they can go to the site to look. if possible, i would do it two ways. have one site up without ssl and have another site with same database up with ssl. im assuming the store is not yet live based upon the date you joined the forum

Link to comment
Share on other sites

Thanks for the reply Mibble,

 

Hopefully it is a hosting problem, as I just cannot pinpoint anything in the configure.php files that could be causing this.

 

As yet the shop is not live. I do have it on its own domain, but all I have done so far is to add some of the products and to play about with the colours a little.

 

If I was to make a complete copy of the site, and put it under a different domain, so that I can have one site running with SSL and one without, will this do anything to the data that I have already entered ?? I would not like to lose all of the data I have already entered.

 

Thanks again for your help and advice. It is much appreciated.

 

Alex

Link to comment
Share on other sites

no, it will not, as long as you use one site at a time. the data will be identical. else you can create another database to see what gives. have you added any contributions?

Link to comment
Share on other sites

By contributions, do you mean add-ons for the program ??

So far I havent added anything like that. Its basically the same as I downloaded it, apart from the products and the colour scheme.

 

You can have a look at the site if you want to.

You can find it at www.shop.aroundgreece.com

 

I have just now reset the SSL to true, so if you select the sign in, or register page, you should see the problem that I am having with the layout going slightly strange.

 

You might also notice, that despite the URL being https:// there is no padlock image appearing at the bottom of the screen.

 

Thanks again for helping me out here.

 

Alex

Link to comment
Share on other sites

This is only a suggestion,

 

On viewing the source of your SSL login page:

<!-- currencies //-->
         <tr>
           <td>
<table border="0" width="100%" cellspacing="0" cellpadding="0">
 <tr>
   <td height="14" class="infoBoxHeading"><img src="images/infobox/corner_right_left.gif" border="0" alt="" width="11" height="14"></td>
   <td width="100%" height="14" class="infoBoxHeading">Currencies</td>
   <td height="14" class="infoBoxHeading" nowrap><img src="images/pixel_trans.gif" border="0" alt="" width="11" height="14"></td>
 </tr>

</table>
<table border="0" width="100%" cellspacing="0" cellpadding="1" class="infoBox">
 <tr>
   <td><table border="0" width="100%" cellspacing="0" cellpadding="3" class="infoBoxContents">
 <tr>
   <td><img src="images/pixel_trans.gif" border="0" alt="" width="100%" height="1"></td>
 </tr>
 <tr>
   <td align="center" class="boxText"><form name="currencies" action="http://www.shop.aroundgreece.com/login.php" method="get"><input type="hidden" name="osCsid" value="3576d77c2caeb54ad5339f89c344b5e5" /><select name="currency" onChange="this.form.submit();" style="width: 100%"><option value="USD">US Dollar</option><option value="EUR" SELECTED>Euro</option></select><input type="hidden" name="osCsid" value="3576d77c2caeb54ad5339f89c344b5e5"></form></td>

 </tr>
 <tr>
   <td><img src="images/pixel_trans.gif" border="0" alt="" width="100%" height="1"></td>
 </tr>
</table>
</td>
 </tr>
</            </td>
         </tr>
<!-- currencies_eof //-->

If you notice the third line from the bottom?

However I noticed that upon saving the page locally, it is shows:

<!--            </td-->
   

Now your NONSSL html for that bit is:

            </td>
         </tr>

Which suggests that the files are in different locations maybe, etc?

 

A quick fix to sort out your non-ssl images problem could be to force the html base ref to use an SSL connection (if your running two differemt sets of files).

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

gregbaboolal

 

Thanks for your reply. I am slightly confused however about what you mean by the files being in different locations. I have the same file structure for the site as I originally downloaded it. I have not made or changed around any of the files or folders at all.

 

A quick fix to sort out your non-ssl images problem could be to force the html base ref to use an SSL connection

 

How would I do this ?? How do I make the program use the SSL connection for everything ??

 

Thanks again

 

Alex

Link to comment
Share on other sites

I have just checked my emails and have received this reply from my web host....

 

Thank you for your call

 

The reason your site is not showing a padlock is because you have some unsecure

things coming into the site. Any links that you create need to start with

"http://sslrelay.com/..........." even if you just have one link that does not

show this your site is not secure. This is proper security and this is what

customers are interested in. If you have any further questions do not hesitate

to contact us.

 

Can anyone explain to me how I would force all links to pass through SSL ?? At the moment, from what I can tell, certain pages are being passed through the SSL, such as log-in, accounts, etc, but obviously there are someother things coming through on these pages which are not being passed through the SSL ??

 

I am really stuck with this. :(

 

Any suggestions ??

 

Alex

Link to comment
Share on other sites

Alex,

 

The SSL problem is cause by the images, and the reason for that is because of the html base ref, view the source of the page it is near the top. I do not know why the $request_tyoe is saying that you are not using a secure connection?

 

Are you running two different sets of osC directories,

 

If so, again, the quick fix is to force the base ref, i.e

 

https://yourdomain.com

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

Thanks for the reply again. I really do appreciate it.

 

I started to play about with the configure.php file again, and what I thought I would try was to set the http the same as https, therefore making the file look like ....

 

* DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'https://sslrelay.com/shop.aroundgreece.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://sslrelay.com/shop.aroundgreece.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

I was actually suprised that this worked. Now, any pages I go to on the site are through the SSL.

 

However, the problem with the layout is still there, but this time, not just on the earlier mentioned pages, but also the pages where you have a description of a product. The right side info boxes squeeze to the left.

 

What is confusing me more this time, is that the Padlock image now appears on all pages, whereas before it was nowhere to be found. The fact the padlock now appears gives me the impression that now everything is done through the SSL, and is just as the guy told me in the email I printed above.

 

However, is now everything is secure, why is the layout not functioning properly ?? I was under the assumption that the layout problems were caused by factors appearing on the pages that were not secure ?? But now, even more pages are displaying incorrectly, even though the padlock image is finally showing ??

 

This is really confusing me now. If its not one thing, its another.

 

Thanks again.

 

Alex

Link to comment
Share on other sites

I have suggested to the cause for the layour problem. The currencies bx occurs throughout the site, so locate the the bit where you have

<!-- </td>-->

or whatever, this may be only occuring in the currencies box, i.e includex/boxes/currencies OR it may be occuring in all files.

"Any fool can know. The point is to understand." -- Albert Einstein

Link to comment
Share on other sites

I have had a look at the currency file, and it is as follows ....

 

<!-- currencies //-->
         <tr>
           <td>
<?php
   $info_box_contents = array();
   $info_box_contents[] = array('text' => BOX_HEADING_CURRENCIES);

   new infoBoxHeading($info_box_contents, false, false);

   reset($currencies->currencies);
   $currencies_array = array();
   while (list($key, $value) = each($currencies->currencies)) {
     $currencies_array[] = array('id' => $key, 'text' => $value['title']);
   }

   $hidden_get_variables = '';
   reset($HTTP_GET_VARS);
   while (list($key, $value) = each($HTTP_GET_VARS)) {
     if ( ($key != 'currency') && ($key != tep_session_name()) && ($key != 'x') && ($key != 'y') ) {
       $hidden_get_variables .= tep_draw_hidden_field($key, $value);
     }
   }

   $info_box_contents = array();
   $info_box_contents[] = array('form' => tep_draw_form('currencies', tep_href_link(basename($PHP_SELF), '', $request_type, false), 'get'),
                                'align' => 'center',
                                'text' => tep_draw_pull_down_menu('currency', $currencies_array, $currency, 'onChange="this.form.submit();" style="width: 100%"') . $hidden_get_variables . tep_hide_session_id());

   new infoBox($info_box_contents);
?>
           </td>
         </tr>
<!-- currencies_eof //-->
<?php
 }
?>

 

I had a quick check of the languages file as well, and the last part of this file is the same as the currency one.

 

Is there a problem with the code above ?? I tried to look for the part of the code which you mentioned but was not able to fine it how you stated.

 

<!-- </td>-->

 

Alex

Link to comment
Share on other sites

I am having exactly the same problem.

 

Despite my currencies.php being "out of the box" when I load my categories page the table alignment is wrong (the footer is appearing under the right-side column). The generated- html code shows 2 lines in error:

 

<!-- currencies //-->
         <tr>
           <td>
<table border="0" width="100%" cellspacing="0" cellpadding="0">
 <tr>
   <td height="14" class="infoBoxHeading"><img src="images/infobox/corner_right_left.gif" border="0" alt="" width="11" height="14"></td>
   <td width="100%" height="14" class="infoBoxHeading">Currencies</td>
   <td height="14" class="infoBoxHeading" nowrap><img src="images/pixel_trans.gif" border="0" alt="" width="11" height="14"></td>
 </tr>
</table>
<table border="0" width="100%" cellspacing="0" cellpadding="1" class="infoBox">
 <tr>
   <td><table border="0" width="100%" cellspacing="0" cellpadding="3" class="infoBoxContents">
 <tr>
   <td><img src="images/pixel_trans.gif" border="0" alt="" width="100%" height="1"></td>
 </tr>
 <tr>
   <td align="center" class="boxText"><form name="currencies" action="http://davesbookshop.co.uk/catalogue/index.php" method="get"><input type="hidden" name="osCsid" value="26ae594dc08ca3fb8a1cd50153a3b43b" /><select name="currency" onChange="this.form.submit();" style="width: 100%"><option value="USD">US Dollar</option><option value="EUR">Euro</option><option value="GBP" SELECTED>UK Sterling</option></select><input type="hidden" name="cPath" value="21"><input type="hidden" name="osCsid" value="26ae594dc08ca3fb8a1cd50153a3b43b"></form></td>
 </tr>
 <tr>
   <td><img src="images/pixel_trans.gif" border="0" alt="" width="100%" height="1"></td>
 </tr>
</table>
</td>
 </tr>
</            </td>
         </tr>
<!-- currencies_eof //-->

You can see the

</            </td>

as per Alex's code but you will also note the

<input type="hidden" name="osCsid" value="26ae594dc08ca3fb8a1cd50153a3b43b" />

a few lines above it. This is obviously being generated, somehow, by infoBox().

 

I get exactly the same code generated whether I use http: or https:.

 

Note that on the index.php page I get the correct code generated:

<!-- currencies //-->
         <tr>
           <td>
<table border="0" width="100%" cellspacing="0" cellpadding="0">
 <tr>
   <td height="14" class="infoBoxHeading"><img src="images/infobox/corner_right_left.gif" border="0" alt="" width="11" height="14"></td>
   <td width="100%" height="14" class="infoBoxHeading">Currencies</td>
   <td height="14" class="infoBoxHeading" nowrap><img src="images/pixel_trans.gif" border="0" alt="" width="11" height="14"></td>
 </tr>
</table>
<table border="0" width="100%" cellspacing="0" cellpadding="1" class="infoBox">
 <tr>
   <td><table border="0" width="100%" cellspacing="0" cellpadding="3" class="infoBoxContents">
 <tr>
   <td><img src="images/pixel_trans.gif" border="0" alt="" width="100%" height="1"></td>
 </tr>
 <tr>
   <td align="center" class="boxText"><form name="currencies" action="http://davesbookshop.co.uk/catalogue/index.php" method="get"><select name="currency" onChange="this.form.submit();" style="width: 100%"><option value="USD">US Dollar</option><option value="EUR">Euro</option><option value="GBP" SELECTED>UK Sterling</option></select><input type="hidden" name="osCsid" value="47aa5d620ee7c5f9c8efea45e868ced7"></form></td>
 </tr>
 <tr>
   <td><img src="images/pixel_trans.gif" border="0" alt="" width="100%" height="1"></td>
 </tr>
</table>
</td>
 </tr>
</table>
           </td>
         </tr>
<!-- currencies_eof //-->

so the problem must be related to the use of the session id (?)

 

 

Now, if you weren't confused enough already...I get a similar problem with new_products module again generating duff code (sometimes but not always!):

<!-- new_products //-->
<table border="0" width="100%" cellspacing="0" cellpadding="0">
 <tr>
   <td height="14" class="infoBoxHeading"><img src="images/infobox/corner_left.gif" border="0" alt="" width="11" height="14"></td>
   <td height="14" class="infoBoxHeading" width="100%">New Items</td>
   <td height="14" class="infoBoxHeading"><img src="images/infobox/corner_right_left.gif" border="0" alt="" width="11" height="14"></td>
 </tr>
</table>
<table border="0" width="100%" cellspacing="0" cellpadding="1" class="infoBox">
 <tr>
   <td><table border="0" width="100%" cellspacing="0" cellpadding="4" class="infoBoxContents">
 <tr>
   <td align="center" class="smallText" width="33%" valign="top"><a href="http://davesbookshop.co.uk/catalogue/product_info.php?products_id=29&osCsid=47aa5d620ee7c5f9c8efea45e868ced7"><img src="images/Mvc-048f.jpg" border="0" alt="Widget" title=" Widget " width="100" height="80"></a><br><a href="http://davesbookshop.co.uk/catalogue/product_info.php?products_id=29&osCsid=47aa5d620ee7c5f9c8efea45e868ced7">Widget</a><br>?3.00</td>
 </tr>
</table>
</td>
 </tr>
</<!-- new_products_eof //-->

Spot the spurious </ on the last line again.

 

Regards,

Dave :(

 

Note - for info, the server is my own and is running Apache 2.0.40, PHP4, RH9.

Link to comment
Share on other sites

You got my curiosity - I went to:

www.shop.aroundgreece.com

 

(nice clean layout, I like the blue color!)

 

And clicked on "My Account" - I scrolled to the very bottom of the page, and at the extreme bottom left of the footer banner I see "//", which also shows on the source code:

<br>

</body>

</html>

 

//

 

But go back to "Top", don't see the "//" and look at source code:

</table>

<!-- footer_eof //-->

<br>

 

 

</body>

</html>

 

 

Don't know what it means. but could this be relevant?

"When you're up to your neck in alligators, it's hard to remember that you came to drain the swamp!"

Link to comment
Share on other sites

ps...

But I don't see any "padlock" or any shift or squeezing of the RH boxes to the left, the images appear to stay in tne same places to me as I go from the "home" page to the "account" page and back. I think I'm seeing the "//" on all the secure pages. FWIW (For What It's Worth!)

"When you're up to your neck in alligators, it's hard to remember that you came to drain the swamp!"

Link to comment
Share on other sites

I'm another UK based user who is having the exact same problem.... and I'm using the 1&1 hosting domain which includes the https://sslrelay.... package. I really don't think this is an issue with the particular coding of both site. I've emailed 1&1 for their advice and I'll post their response.

 

If anyone else has any ideas regarding this, your thoughts are greatly appreciated!

 

It's always good to see it's not just me :blink:

Link to comment
Share on other sites

  • 3 weeks later...

To all, this thread is one of the closest I've seen to identifing the issue with certain web hosters and I think I might have found the reason, although a complete solution may not be possible.

 

I am also with 1 & 1 and found that the rendering issue and other issues were due to commands in the php code -- the getenv command was the specific problem I found. This command is valid in PHP 4.2.3, however, the variables being returned such as HTTPS, SSL_SESSION_ID and many others are not supported until PHP 4.3.0.

 

The one thing that kind of confuses me is why the main osCommerce site claims to be backward compatible all the back to PHP 3 with obvious limitations to SSL and rendering problems.

 

Basically the getenv command is pulling back null values for the arguments in the code and causing issues such as the pad lock or security lock icon not showing properly even in an 'https' connection. This then creates the message that indicates that the user will be redirected when they go back to http.

 

I found someone elses change in another thread for the pad lock issue by changing the following line the application_top.php -->

 

// set the type of request (secure or not)

// old line

// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

// end old line

// new line

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

// end new line

 

Basically the main change is the use of the eregi command instead of getenv. I'm not an expert on PHP but this might be the solution that can be used in every place where an invalid PHP environment variable is being returned improperly by getenv.

 

Let me know what you guys think. The above code change fixed my problem with SSL not showing the lock properly, however, it caused other rendering issues -- specifically the Currency info box drop down gets squeezed.

 

Basically I think the problem is that PHP 4.2.3 is just not compatible with some of the code in osCommerce. PHP 4.3.0 supposedly is the first release to support true HTTPS and SSL.

 

I'll let everyone know if I can fix the other variables as well in a similar way.

 

Jeff

Link to comment
Share on other sites

  • 2 weeks later...

Found this somewhere or other. It fixed the alignment problem for me but YMMV :rolleyes:

 

The missing table ( </table> ) messes with the alignment of the tables and the index.php page when loading column_right.php.

 

The fix is below:

Around line 330 of index.php you need to add another </table> to correct the problem. See below for snip:

 

Line 328: <?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>

Line 329: <!-- right_navigation_eof //-->

Line 330:    </table></table></td>

Line 331:  </tr>

Line 332: </table>

Line 334: <!-- body_eof //-->

 

Makes it easier than downloading another index.php file.

 

Hope this helps some.

Rgds,

Dave.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...