images looking in https:// when they're at http://

[Rob is Busy]

It's looking for the images in https:// when they're at http:// address. I've tried fixing it in the includes/configure.php and admin/includes/configure.php and I've got nothing.

 

http://www.robsdesign.com/explore/

 

If somebody knows something I don't, share the knowledge. ^^

 

I also get about 300 Security Alerts. How can I get rid of those?

[AlanR]

You need to post those files here. You've got something basic set wrong.

 

I get an 'identity' alert on ssl which is not an osC fault. Something's off in your cert.

[Rob is Busy]

includes/configure.php

 

<?php
/*
?osCommerce, Open Source E-Commerce Solutions
?http://www.oscommerce.com

?Copyright (c) 2003 osCommerce

?Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
?define('HTTP_SERVER', 'http://robsdesign.com'); // eg, http://localhost - should not be empty for productive servers
?define('HTTPS_SERVER', 'https://robsdesign.com'); // eg, https://localhost - should not be empty for productive servers
?define('ENABLE_SSL', false); // secure webserver for checkout procedure?
?define('HTTP_COOKIE_DOMAIN', 'robsdesign.com');
?define('HTTPS_COOKIE_DOMAIN', 'robsdesign.com');
?define('HTTP_COOKIE_PATH', '/explore/');
?define('HTTPS_COOKIE_PATH', '/explore/');
?define('DIR_WS_HTTP_CATALOG', '/explore/');
?define('DIR_WS_HTTPS_CATALOG', '/explore/');
?define('DIR_WS_IMAGES', 'images/');
?define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
?define('DIR_WS_INCLUDES', 'includes/');
?define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
?define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
?define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
?define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
?define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

?define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
?define('DIR_FS_CATALOG', '/home/busyrob/public_html/explore/');
?define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
?define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
?define('DB_SERVER', 'localhost'); // eg, localhost - should not be NULL for productive servers
?define('DB_SERVER_USERNAME', '******');
?define('DB_SERVER_PASSWORD', '******');
?define('DB_DATABASE', '******');
?define('USE_PCONNECT', 'false'); // use persistent connections?
?define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

 

 

 

admin/includes/configure.php

 

<?php
/*
?osCommerce, Open Source E-Commerce Solutions
?http://www.oscommerce.com

?Copyright (c) 2003 osCommerce

?Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
?define('HTTP_SERVER', 'http://robsdesign.com'); // eg, http://localhost - should not be empty for productive servers
?define('HTTP_CATALOG_SERVER', 'http://robsdesign.com');
?define('HTTPS_CATALOG_SERVER', 'https://robsdesign.com');
?define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module
?define('DIR_FS_DOCUMENT_ROOT', '/home/busyrob/public_html/explore/'); // where the pages are located on the server
?define('DIR_WS_ADMIN', '/explore/admin/'); // absolute path required
?define('DIR_FS_ADMIN', '/home/busyrob/public_html/explore/admin/'); // absolute pate required
?define('DIR_WS_CATALOG', '/explore/'); // absolute path required
?define('DIR_FS_CATALOG', '/home/busyrob/public_html/explore/'); // absolute path required
?define('DIR_WS_IMAGES', 'images/');
?define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
?define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
?define('DIR_WS_INCLUDES', 'includes/');
?define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
?define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
?define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
?define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
?define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
?define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
?define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
?define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
?define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
?define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
?define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers
?define('DB_SERVER_USERNAME', '******');
?define('DB_SERVER_PASSWORD', '******');
?define('DB_DATABASE', '******');
?define('USE_PCONNECT', 'false'); // use persisstent connections?
?define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

[Guest]

Anyone have a solution to this issue? I am having the EXACT same troubles.

 

wheels still spinning... :blink:

[AlanR]

I think this is a server set-up problem.

 

If you look at the source in http://robsdesign.com you'll find at the top.

 

<base href="https://robsdesign.com/explore/">

 

Someone may know more than me but that's coming from a system call to the server environment.

 

Ask your host about this.

[AlanR]

Line 40 of index.php is

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

Try swapping these two around.

 

ie:

 

<base href="<?php echo (($request_type == 'SSL') ? HTTP_SERVER : HTTPS_SERVER) . DIR_WS_CATALOG; ?>">

[Rob is Busy]

That was the fix. Thanks, Alan.

[Rob is Busy]

Ok... it didn't work completely. It worked for some of the pages. Product Reviews, Product Info, and Click to Enlarge links are all still pointing at https://. >_<

[AlanR]

I just looked and that base href definition occurs in a bunch of files. Give me a few minutes and I'll check for a single place to fix them. I could replace them all at once but you probably can't.

[Guest]

what have you modified in the code, other than configure.php files? you should not have to modify anything at all relating to ssl in the code, except for the configure.php files. if you do modify other things, then all bets are off as far as the security/checking for your site.

 

undo all changes you made regarding your ssl to get back to scratch, then look at your server error and log files to see what is going on there. also, enable sql logging in the admin section of osCommerce, then see what it is doing there after a few clicks.

[Guest]

just for grins, what are the property/attributes of your images folder?

[AlanR]

OK, I found it.

 

I should have checked further last night but it was late.

 

Line 41 of application top is where $request_type is defined.

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Swap these around, ie:

 

$request_type = (getenv('HTTPS') == 'on') ? 'NONSSL' : 'SSL';

 

Make sure to change the previous (non) fix back to what it was

 

in index.php

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

[thecodingmonkey]

screw all that just download some code comparing software and compare your modifed version of those pages to a fresh install of oscommerce then just fixed the messed up lines nothing worse than having to start from scratch that or just download your intire site including database and find a less crappy host that knows how to install an ssl cert

[AlanR]

you should not have to modify anything at all relating to ssl in the code, except for the configure.php files. if you do modify other things, then all bets are off as far as the security/checking for your site.

You're right, since the stock set-up works great on every site I've set-up. But I suspect that in this case we've got some sysadmin in the hosting company who's made some kind of mistake.

[AlanR]

screw all that just download some code comparing software and compare your modifed version of those pages to a fresh install of oscommerce then just fixed the messed up lines nothing worse than having to start from scratch that or just download your intire site including database and find a less crappy host that knows how to install an ssl cert

He's made no changes at all, except for one. This is a new install.

[AlanR]

and find a less crappy host that knows how to install an ssl cert

Good point! :lol:

 

http://www.robsdesign.com/

https://www.robsdesign.com/

 

Read their company profile.

[Guest]

Interesting ideas and comments.

 

My first thought was that it definately had to be the server set up. I have setup several builds and flavors of oscommerce - never have I had this issue.

 

However, other applications such as gallery and help center live, installed under the same account dont have this (default to https) issue. I even set up help center live to use ssl with no trouble at all.

 

I have searched through several groups looking for anyhone having similar issues - but everything I found lead me back to the application itself.

 

I put together a temporary hack to work around the ssl images problem:

 

Rplacing:

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

With:

 

if(getenv('SERVER_PORT') == 80) {
$request_type = 'NONSSL';
} elseif(getenv('SERVER_PORT') == 443) {
$request_type = 'SSL';
}

 

It's a nasty hack - but it's doing the trick Image wise - for the moment.

 

All form submissions are still going to https - regardless of their setting (NONSSL).

 

I continue to search for the solution to this issue - my gut still tells me it's a server issue... damn WHM..

[Rob is Busy]

BOOM!! That all worked. Alan = Hero of the Day

[Guest]

curious to know if you are having form submit issues?

[AlanR]

BOOM!! That all worked. Alan = Hero of the Day

Yeah, but remember that this is a cludge to get around an error in your hosting set-up. If they fix their system it should break again and you'll need to set it up the original way which works 99% of the time.

 

Save a link to this thread somewhere so that you can see what you've done.

[Christian Lescuyer]

Line 40 of index.php is

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

Try swapping these two around.

This seems quite wrong. If $request_type is indeed 'SSL', you do need to use the HTTPS server. The question is, why do we get 'SSL'?

 

$request_type is set in application_top.php (line 41) with getenv('HTTPS').

Which server do you use? IIS, Apache? If Apache, is PHP used as a module or CGI?

[AlanR]

Line 40 of index.php is

 

This seems quite wrong. If $request_type is indeed 'SSL', you do need to use the HTTPS server. The question is, why do we get 'SSL'?

This has been addressed, read backwards through the thread. It's alomost certainly an error on the part of the server admin setting up ssl.

[Christian Lescuyer]

Oops, you're right. :blink:

 

I'd still like to know the server config, though.

[Guest]

I am using apache / RHE / PHP module.

 

More info on my situation. I have installed an additional ssl oscommerce site on this same server for another client. The new oscommerce install is functioning perfectly with ssl in every way.

 

However the original shop I posted about is still having this (defaulting to SSL issue) issue. To further my frustration, this same (defaulting to ssl) shop code works perfectly on the original server it came from with no modification.

 

I just dont get it..

 

Maybe Alan is right - maybe it is a problem with the cert?

[Guest]

recompiled apache/php - all better now.