sbarrethavm Posted January 19, 2004 Share Posted January 19, 2004 I have installed oscommerce in an oscommerce directory under my main directory. I have created an .htaccess that redirects traffic from mydomain.com to mydomain.com/oscommerce. It looks like this: DirectoryIndex /oscommerce/index.php index.htm Options +FollowSymlinks I have a private ssl and a security certificate installed. Now, when I go to the admin area, I enter the following path: https://www.mydomain.com/oscommerce/admin/index.php I get asked for my password (via apache I believe) enter it and go to the entered URL. Now when I select the pending orders from the admin box on the left: I get asked for a password again and then get switched to this URL: http://www.mydomain.com/oscommerce/admin/o...502e97a29cb159e I am no longer in secure mode! If I go look at a credit card or something, I am not secure? Is there a way to correct this? Have I configured something incorrectly or do I need to change a path somewhere? Any help would be much appreciated, thanks....steve b Link to comment Share on other sites More sharing options...
Guest Posted January 19, 2004 Share Posted January 19, 2004 the top line of your configure.php in admin/includes should be set to https which will now have you go through ssl . . also, see: http://www.oscommerce.com/community/contributions,1788 Link to comment Share on other sites More sharing options...
ornito Posted February 5, 2004 Share Posted February 5, 2004 Hello OK before you jump all over me I have searched these forum and elsewhere for ANYthing on https SSL and it only contradicts itself or doesn't work. Here my situation. We have a certificate installed and run both port 80 and 443 on the same box from the same files. In the config.php in admin I set the regular server to be the https one as recommended in these boards. Well that's nice now all the internal admin links are https. But what I REALLY DESPERATELY need is for the admin LOGIN to run over SSL so the pass never goes wirebound in clear text. I have tried as per the FAQ and the user contributed. I have tried SSLRequireSSL. (server error) also <IfModule> commands and redirects, to NO AVAIL whatsoever. What happens. If you go to http://...../admin it asks for login just like before. Fine except the pass is cleartext. If you go to https://...../admin you get straight in, no password required. This is terrible. unacceptable and horrible. How can I fix this!!!! :( Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.