Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

admin on SSL


wondernet

Recommended Posts

I have bothg xecure and non-secure side of OSC. I want my client to use the admin features on the SSL only. I have uploaded all necessary files to the SSL folder but all the links created refer back to non-SSL area.

 

Is it the /admin/includes/configure.php I need to change, and if so what/how??

Link to comment
Share on other sites

Anyone?

 

If, for example, my store is here http://www.mystore.com and my SSL stuff is here https://www.mystore.com, my admin pages are also supposed to be here https://www.mystore.com/admin/. But on the index.php in the admin area all the links refer back to http://www.mystore.com.

 

I need to have the admin functions available ONLY on SSL side of the site.

Link to comment
Share on other sites

Two changes. One, in admin/includes/configure.php, set the HTTP_SERVER define to be your https URL. This will make all the links within admin secure.

 

Second, in admin/index.php, add the following just after the require of application_top.php:

if ($_SERVER['HTTPS'] != "on" && substr(HTTP_SERVER, 0, 5) == 'https')  {
  header("Location: ".tep_href_link(FILENAME_DEFAULT));
}

Link to comment
Share on other sites

Two changes. One, in admin/includes/configure.php, set the HTTP_SERVER define to be your https URL. This will make all the links within admin secure.

 

Second, in admin/index.php, add the following just after the require of application_top.php:

if ($_SERVER['HTTPS'] != "on" && substr(HTTP_SERVER, 0, 5) == 'https') ?{
? header("Location: ".tep_href_link(FILENAME_DEFAULT));
}

Alternatively, if you are running apache and have access to httpd.conf, in your non-ssl virtual host config add:

 

Redirect /catalog/admin/ https://www.mystore.com/catalog/admin/

 

Make sure and add it near the top, above any <Directory> blocks.

 

This prevents any bypassing of ssl access to /admin/, unlike altering index.php.

-- Bad Penguin

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...