Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Help!! My SSL is Gone!


FlyingMonkey

Recommended Posts

I use to have SSL during the checkout process... but for some reason it is gone. I have a dedicated SSL certificate for our site, and it prompts the user that it will be using SSL during the checkout. But the padlock is gone. The SSL still works for the admin, and for a small test image i setup. https://www.carblitesolutions.com/seal.html

 

my site is http://www.carblitesolutions.com

 

Here's my configure.php, it hasn't been changed for months though:

  define('HTTP_SERVER', 'http://www.carblitesolutions.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.carblitesolutions.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.carblitesolutions.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.carblitesolutions.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_IMAGES_LRG', 'images/lrg/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

Thanks for you help.

Most likely your question has been answered, please do a search first.

Link to comment
Share on other sites

Hi FlyingMonkey,

 

I am having exactly the same problem with my site and so far cannot find a solution.

 

This seems as though it is becoming quite widespread, as there are a few posts popping up about the same issue.

 

There does not appear to a solution yet, but I know that there are a couple of things being suggested in the other posts - although none of them work for me.

 

By the way, I just visited the link below and when I click on My Account or Checkout the padlock does appear in the bottom of the browser - not sure if this is the part of the site you said did not work.

 

I am hoping that someone can help us all fix this, as it has been driving me nuts for days and I cannot even set my site up in case I have to use a different solution (although what I have no idea - osCommerce is great apart from this little problem).

 

If I get mine to work then I will let you know how I did it.

 

Does anyone think that it could be to do with an update to any of the server side stuff that osCommerce runs on - maybe there has been an update which the ISP/Hosts are using and it is causing a problem with the image URLs.

Link to comment
Share on other sites

By the way - I have the problem is a completely clean install of osCommerce, so I do not think there is anything that you have changed.

 

Try checking your image properties, as all mine show as HTTP in the location instead of HTTPS.

 

This means that even though the page is running on HTTPS, the images are not and this causes the page to load without the padlock.

 

At least that is what I think is happening - I would be insterested to know if this is correct or me just being a plank!!!

Link to comment
Share on other sites

By the way - I have the problem is a completely clean install of osCommerce, so I do not think there is anything that you have changed.

 

Try checking your image properties, as all mine show as HTTP in the location instead of HTTPS.

 

This means that even though the page is running on HTTPS, the images are not and this causes the page to load without the padlock.

 

At least that is what I think is happening - I would be insterested to know if this is correct or me just being a plank!!!

Acutally, i just fixed it... i use 1and1 shared hosting w/ a geotrust certificate. I'm not sure when the SSL padlock disappeared, but I fixed it by adding this line of code to my application_top.php The problem happen for all three of my sites hosted with them, however I just created the two additional sites so i'm not sure if it was always like that for a while. i highly doubt it though, since i reloaded a previous stable version and the exact same thing happen.

 

I changed it to this:

 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; //added for padlock

Most likely your question has been answered, please do a search first.

Link to comment
Share on other sites

Hi FlyingMonkey,

 

I am the same 1&1, and I got a reply from AlanR about a previous post.

 

Was about to post the answer but you beat me to it.

 

Yet to try it, but it looks like it work for me as it has worked for you.

Link to comment
Share on other sites

Hi FlyingMonkey,

 

I am the same 1&1, and I got a reply from AlanR about a previous post.

 

Was about to post the answer but you beat me to it.

 

Yet to try it, but it looks like it work for me as it has worked for you.

I wonder what they changed... that caused it with our dedicated certificates. I know they upgraded php recently... but i'm not sure.

Most likely your question has been answered, please do a search first.

Link to comment
Share on other sites

  • 2 weeks later...

I looked everywhere for the answer to why the lock on the admin index page didn't work and I tried everyone's code to no avail. I don't know if recent upgrades to PHP depricated the SSL checking code but I found this to work for me.

 

Since the box on the Admin index page that shows your SSL connection is ust for cosmetic purposes (the site can have every page served under your SSL and this box won't make a difference) it's not 100% dynamic. I can't seem to find a newer PHP function that replicates 'SSL_CIPHER_ALGKEYSIZE', so I just set it manually.

 

I replaced the code that generates the SSL box on the admin index with this:

 

$secure = (stristr($_SERVER['SCRIPT_URI'], HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

if ($secure == 'SSL') {

putenv("SSL_CIPHER_ALGKEYSIZE=128");

}

 

if (stristr($_SERVER['SCRIPT_URI'], HTTPS_SERVER)) {

$size = ((getenv('SSL_CIPHER_ALGKEYSIZE')) ? getenv('SSL_CIPHER_ALGKEYSIZE') . '-bit' : '<i>' . BOX_CONNECTION_UNKNOWN . '</i>');

$contents[] = array('params' => 'class="infoBox"',

'text' => tep_image(DIR_WS_ICONS . 'locked.gif', ICON_LOCKED, '', '', 'align="right"') . sprintf(BOX_CONNECTION_PROTECTED, $size));

} else {

$contents[] = array('params' => 'class="infoBox"',

'text' => tep_image(DIR_WS_ICONS . 'unlocked.gif', ICON_UNLOCKED, '', '', 'align="right"') . BOX_CONNECTION_UNPROTECTED);

}

 

Also if you want to make the changes in the main catalog section, in application_top.php replace:

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

OR

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

WITH

 

$request_type = (stristr($_SERVER['SCRIPT_URI'], HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

Link to comment
Share on other sites

I wonder what they changed... that caused it with our dedicated certificates. I know they upgraded php recently... but i'm not sure.

It happened when they upgraded php. Previously the fix was only needed for shared ssl now it's all ssl.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Also if you add this to the top of your admin index.php script, under the include application_top.php line:

$secure = (stristr($_SERVER['SCRIPT_URI'], HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

if ($secure != 'SSL') {

header("Location:https://www.yoururl.com/catalog/admin/index.php");

}

 

it will make sure that your admin section is served as SSL regardless of what you put into the browser location.

Link to comment
Share on other sites

  • 1 month later...

I had the same problem with my cert from GeoTrust running on 1and1 shared.

 

Completely fixed by doing what Martin Lloyd says:

 

getenv('HTTPS') == 'on'

with

getenv('HTTPS') == '1'

 

which I found in the following files.

/includes/application_top.php

/includes/functions/general.php

 

All thanks to him!

Thanks for any help/comments.

 

Regards,

 

Lewis Hill

Link to comment
Share on other sites

  • 3 weeks later...

hi all

 

My site is all up and running for a while...and I decided to re-touch it now I had

all diffrent problems.

 

The biggest problem is the missing padlock as I answer 'Yes' to the dialog to

non-secure items and tried many cures in the forum as suggested but to no avail.

 

I just can not figure where is the non-secure items (??)

 

Please help if anyone come up with other ideas or the fixes

 

My site is at http://www.dbwebtek.com/catalog

 

If you like to make any order , dont worry it is fully functional but in testing mode

, the credit card to test is 4111-1111-1111-1111 , expired on any day for next year.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...