FlyingMonkey Posted June 9, 2004 Share Posted June 9, 2004 I use to have SSL during the checkout process... but for some reason it is gone. I have a dedicated SSL certificate for our site, and it prompts the user that it will be using SSL during the checkout. But the padlock is gone. The SSL still works for the admin, and for a small test image i setup. https://www.carblitesolutions.com/seal.html my site is http://www.carblitesolutions.com Here's my configure.php, it hasn't been changed for months though: define('HTTP_SERVER', 'http://www.carblitesolutions.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.carblitesolutions.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.carblitesolutions.com'); define('HTTPS_COOKIE_DOMAIN', 'www.carblitesolutions.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_IMAGES_LRG', 'images/lrg/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); Thanks for you help. Most likely your question has been answered, please do a search first. Link to comment Share on other sites More sharing options...
Guest Posted June 9, 2004 Share Posted June 9, 2004 Hi FlyingMonkey, I am having exactly the same problem with my site and so far cannot find a solution. This seems as though it is becoming quite widespread, as there are a few posts popping up about the same issue. There does not appear to a solution yet, but I know that there are a couple of things being suggested in the other posts - although none of them work for me. By the way, I just visited the link below and when I click on My Account or Checkout the padlock does appear in the bottom of the browser - not sure if this is the part of the site you said did not work. I am hoping that someone can help us all fix this, as it has been driving me nuts for days and I cannot even set my site up in case I have to use a different solution (although what I have no idea - osCommerce is great apart from this little problem). If I get mine to work then I will let you know how I did it. Does anyone think that it could be to do with an update to any of the server side stuff that osCommerce runs on - maybe there has been an update which the ISP/Hosts are using and it is causing a problem with the image URLs. Link to comment Share on other sites More sharing options...
Guest Posted June 9, 2004 Share Posted June 9, 2004 By the way - I have the problem is a completely clean install of osCommerce, so I do not think there is anything that you have changed. Try checking your image properties, as all mine show as HTTP in the location instead of HTTPS. This means that even though the page is running on HTTPS, the images are not and this causes the page to load without the padlock. At least that is what I think is happening - I would be insterested to know if this is correct or me just being a plank!!! Link to comment Share on other sites More sharing options...
FlyingMonkey Posted June 9, 2004 Author Share Posted June 9, 2004 By the way - I have the problem is a completely clean install of osCommerce, so I do not think there is anything that you have changed. Try checking your image properties, as all mine show as HTTP in the location instead of HTTPS. This means that even though the page is running on HTTPS, the images are not and this causes the page to load without the padlock. At least that is what I think is happening - I would be insterested to know if this is correct or me just being a plank!!! Acutally, i just fixed it... i use 1and1 shared hosting w/ a geotrust certificate. I'm not sure when the SSL padlock disappeared, but I fixed it by adding this line of code to my application_top.php The problem happen for all three of my sites hosted with them, however I just created the two additional sites so i'm not sure if it was always like that for a while. i highly doubt it though, since i reloaded a previous stable version and the exact same thing happen. I changed it to this: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; //added for padlock Most likely your question has been answered, please do a search first. Link to comment Share on other sites More sharing options...
Guest Posted June 9, 2004 Share Posted June 9, 2004 Hi FlyingMonkey, I am the same 1&1, and I got a reply from AlanR about a previous post. Was about to post the answer but you beat me to it. Yet to try it, but it looks like it work for me as it has worked for you. Link to comment Share on other sites More sharing options...
FlyingMonkey Posted June 9, 2004 Author Share Posted June 9, 2004 Hi FlyingMonkey, I am the same 1&1, and I got a reply from AlanR about a previous post. Was about to post the answer but you beat me to it. Yet to try it, but it looks like it work for me as it has worked for you. I wonder what they changed... that caused it with our dedicated certificates. I know they upgraded php recently... but i'm not sure. Most likely your question has been answered, please do a search first. Link to comment Share on other sites More sharing options...
hatterou812 Posted June 22, 2004 Share Posted June 22, 2004 I looked everywhere for the answer to why the lock on the admin index page didn't work and I tried everyone's code to no avail. I don't know if recent upgrades to PHP depricated the SSL checking code but I found this to work for me. Since the box on the Admin index page that shows your SSL connection is ust for cosmetic purposes (the site can have every page served under your SSL and this box won't make a difference) it's not 100% dynamic. I can't seem to find a newer PHP function that replicates 'SSL_CIPHER_ALGKEYSIZE', so I just set it manually. I replaced the code that generates the SSL box on the admin index with this: $secure = (stristr($_SERVER['SCRIPT_URI'], HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; if ($secure == 'SSL') { putenv("SSL_CIPHER_ALGKEYSIZE=128"); } if (stristr($_SERVER['SCRIPT_URI'], HTTPS_SERVER)) { $size = ((getenv('SSL_CIPHER_ALGKEYSIZE')) ? getenv('SSL_CIPHER_ALGKEYSIZE') . '-bit' : '<i>' . BOX_CONNECTION_UNKNOWN . '</i>'); $contents[] = array('params' => 'class="infoBox"', 'text' => tep_image(DIR_WS_ICONS . 'locked.gif', ICON_LOCKED, '', '', 'align="right"') . sprintf(BOX_CONNECTION_PROTECTED, $size)); } else { $contents[] = array('params' => 'class="infoBox"', 'text' => tep_image(DIR_WS_ICONS . 'unlocked.gif', ICON_UNLOCKED, '', '', 'align="right"') . BOX_CONNECTION_UNPROTECTED); } Also if you want to make the changes in the main catalog section, in application_top.php replace: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; OR $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; WITH $request_type = (stristr($_SERVER['SCRIPT_URI'], HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; Link to comment Share on other sites More sharing options...
AlanR Posted June 22, 2004 Share Posted June 22, 2004 I wonder what they changed... that caused it with our dedicated certificates. I know they upgraded php recently... but i'm not sure. It happened when they upgraded php. Previously the fix was only needed for shared ssl now it's all ssl. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
hatterou812 Posted June 22, 2004 Share Posted June 22, 2004 Also if you add this to the top of your admin index.php script, under the include application_top.php line: $secure = (stristr($_SERVER['SCRIPT_URI'], HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; if ($secure != 'SSL') { header("Location:https://www.yoururl.com/catalog/admin/index.php"); } it will make sure that your admin section is served as SSL regardless of what you put into the browser location. Link to comment Share on other sites More sharing options...
ckyshop.co.uk Posted August 21, 2004 Share Posted August 21, 2004 I had the same problem with my cert from GeoTrust running on 1and1 shared. Completely fixed by doing what Martin Lloyd says: getenv('HTTPS') == 'on' with getenv('HTTPS') == '1' which I found in the following files. /includes/application_top.php /includes/functions/general.php All thanks to him! Thanks for any help/comments. Regards, Lewis Hill Link to comment Share on other sites More sharing options...
nzaustqb Posted September 11, 2004 Share Posted September 11, 2004 hi all My site is all up and running for a while...and I decided to re-touch it now I had all diffrent problems. The biggest problem is the missing padlock as I answer 'Yes' to the dialog to non-secure items and tried many cures in the forum as suggested but to no avail. I just can not figure where is the non-secure items (??) Please help if anyone come up with other ideas or the fixes My site is at http://www.dbwebtek.com/catalog If you like to make any order , dont worry it is fully functional but in testing mode , the credit card to test is 4111-1111-1111-1111 , expired on any day for next year. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.