peego Posted June 19, 2004 Share Posted June 19, 2004 Hi, I have my SSL set up and working properly. its already protected by htaccess. I would also like to secure the admin section with SSL since it does store CC#'s. I can change the URL from http://xxx.com/admin to: https://xxx.com/admin but all the links in the admin section are still just http. is there a way that all the links in admin section can be https? thanks. Link to comment Share on other sites More sharing options...
Cerberus Posted June 20, 2004 Share Posted June 20, 2004 make sure your admin/includes/configure.php has the following set: define('HTTP_CATALOG_SERVER', 'https://www.yourdomain.com'); define('HTTPS_CATALOG_SERVER', 'https://www.yourdomain.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module Link to comment Share on other sites More sharing options...
stevel Posted June 20, 2004 Share Posted June 20, 2004 No, that's not correct at all! Those three defines are for the catalog and you don't want HTTP_CATALOG_SERVER to be your https URL. What you want instead is to define HTTP_SERVER in admin/includes/configure.php to be your https URL. You should also open the admin panel using an https URL. Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
djs Posted June 20, 2004 Share Posted June 20, 2004 This requires two simple changes. The first one in admin/includes/configure.php, set the HTTP_SERVER define to be your https URL. This will make all the links within admin secure. Example: define('HTTP_SERVER', 'https://www.stickyweb.biz'); // eg, http://localhost - should not be empty for productive servers Second, in admin/index.php, add the following just after the require of application_top.php: if ($_SERVER['HTTPS'] != "on" && substr(HTTP_SERVER, 0, 5) == 'https') { header("Location: ".tep_href_link(FILENAME_DEFAULT)); } This will make sure you start out with a secure link as well. These instructions work, and work well. Cerberus had the right idea, just the wrong file. Dan Dan Stevens Link to comment Share on other sites More sharing options...
peego Posted June 20, 2004 Author Share Posted June 20, 2004 got it to work now. thanks! Link to comment Share on other sites More sharing options...
Guest Posted February 9, 2005 Share Posted February 9, 2005 Work like a charm. Fantastic and simple to modify. I have seen a lot of posting regarding about securing admin but this is the simplest and correct method. Even if you key in http, after password prompt, it will bring you directly to https. Thanks alot for the tips. Regards, Kevin Link to comment Share on other sites More sharing options...
Cheyun Posted February 11, 2005 Share Posted February 11, 2005 Thank you!! You gave me the quickest solution going. The support dudes on my host couldn't tell me how to do this without messing with the rest of the website! Cheyun Link to comment Share on other sites More sharing options...
♥Monika in Germany Posted February 12, 2005 Share Posted February 12, 2005 Thank you!! You gave me the quickest solution going. The support dudes on my host couldn't tell me how to do this without messing with the rest of the website! Cheyun <{POST_SNAPBACK}> Hi, may I ask if your host offers SSL or if not where you got it and for how much? thanks Monika :-) Monika addicted to writing code ... can't get enough of databases either, LOL! my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum Interactive Media Award July 2007 ~ category E-Commerce my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ... Link to comment Share on other sites More sharing options...
utheissen Posted March 15, 2005 Share Posted March 15, 2005 This requires two simple changes. The first one in admin/includes/configure.php, set the HTTP_SERVER define to be your https URL. This will make all the links within admin secure. Example: define('HTTP_SERVER', 'https://www.stickyweb.biz'); // eg, http://localhost - should not be empty for productive servers Second, in admin/index.php, add the following just after the require of application_top.php: if ($_SERVER['HTTPS'] != "on" && substr(HTTP_SERVER, 0, 5) == 'https') { header("Location: ".tep_href_link(FILENAME_DEFAULT)); } This will make sure you start out with a secure link as well. These instructions work, and work well. Cerberus had the right idea, just the wrong file. Dan <{POST_SNAPBACK}> I tried this and it works partly in SSL mode. But I have the following problems (I am sure it is related to some screwed up config settings by following ll kinds of posings in this matter, very confusing for a newbie like me): 1. with the change in admin/index.php I get the following message: "Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked". So I commented this change out. 2. I made this change in admin/includes/configure.php: define('HTTP_SERVER', 'https://ssl.perfora.net/gobosource.com'); and it works in SSL mode but somehow several links are not working in partcular links related to contributions, such as downloading QBI iif files or adding products to an order within order administration with the order edit contribution. See details in the config file below where I played with the "DIR_WS_CATALOG" settings, without knowing if this is the right place to tweak. when I switch back to the old settings "define('HTTP_SERVER', 'http://www.gobosource.com')" it seems to be working fine. maybe we should rename "configure.php" to "go_figure.php" for users like me. :blush: more: I applied a change somewhere in a php file in order to get the padlocks to show when ssl is active would have to search for the details. Server root is: _SERVER["DOCUMENT_ROOT"] /homepages/xx/xxxxxxxxx/htdocs/gobosource Questions: 1. How to change my config in order to get the links to work? 2. Cookies: Shall I define a cookie path or not, for a shared certificate. I see confusing postings. My server info tells me: session.cookie_path /shop/catalog/admin/ 3. Any other configration related hints? Here my config files. I am posting both, so hopefully somebody who knows what they are doing (unlike me) can give me some hints. Your help is greatly appreciated. Uli /admin/includes/configure.php >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'https://ssl.perfora.net/gobosource.com'); // eg, http://localhost - should not be empty for productive servers // Switches admin back to non SSL mode // define('HTTP_SERVER', 'http://www.gobosource.com'); define('HTTP_CATALOG_SERVER', 'http://www.gobosource.com'); define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/gobosource.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', '/homepages/46/d90146093/htdocs/gobosource'); // where the pages are located on the server define('DIR_WS_ADMIN', '/shop/catalog/admin/'); // absolute path required define('DIR_FS_ADMIN', '/homepages/46/d90146093/htdocs/gobosource/shop/catalog/admin/'); // absolute pate required // with this setting, i.e the link for adding a product in order editor generates this link // https://ssl.perfora.net/shop/catalog/admin/..._product&step=1 // instead it should say: //https://ssl.perfora.net/gobosource.com/shop/catalog/admin/edit_orders.php?oID=11059&action=add_product&step=1 define('DIR_WS_CATALOG', '/shop/catalog/'); // absolute path required // with this setting the above link for the order editor works but i.e. links in order confirmation emails have "gobosource.com" twice // https://ssl.perfora.net/gobosource.com/gobo...?order_id=11059 // define('DIR_WS_CATALOG', '/gobosource.com/shop/catalog/'); // absolute path required define('DIR_FS_CATALOG', '/homepages/xx/xxxxxxxx/htdocs/gobosource/shop/catalog/'); // absolute path required define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); // define our database connection define('DB_SERVER', 'db146.perfora.net'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'xxxxxxxxxxxx'); define('DB_SERVER_PASSWORD', 'xxxxxxxxxxx'); define('DB_DATABASE', 'xxxxxxxxxxxxx'); define('USE_PCONNECT', 'false'); // use persisstent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' // iii 030813 added: Option Type Feature and File Uploading define('PRODUCTS_OPTIONS_TYPE_SELECT', 0); define('PRODUCTS_OPTIONS_TYPE_TEXT', 1); define('PRODUCTS_OPTIONS_TYPE_RADIO', 2); define('PRODUCTS_OPTIONS_TYPE_CHECKBOX', 3); define('PRODUCTS_OPTIONS_TYPE_FILE', 4); define('PRODUCTS_OPTIONS_VALUE_TEXT_ID', 0); //Must match id for user defined "Text" value in db table TABLE_PRODUCTS_OPTIONS_VALUES // for upload links // define('DIR_WS_CATALOG_IMAGES_UPLOADS', DIR_WS_CATALOG_IMAGES . 'uploads/'); define('DIR_WS_CATALOG_IMAGES_UPLOADS', HTTP_CATALOG_SERVER . '/shop/catalog/images/uploads/'); define('DIR_FS_CATALOG_IMAGES_UPLOADS', DIR_FS_CATALOG_IMAGES . 'uploads/'); ?> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> catalog/includes/configure.php >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.gobosource.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://ssl.perfora.net/gobosource.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.gobosource.com'); define('HTTPS_COOKIE_DOMAIN', ''); // define('HTTPS_COOKIE_DOMAIN', 'ssl.perfora.net/gobosource.com'); define('HTTP_COOKIE_PATH', '/shop/catalog/'); define('HTTPS_COOKIE_PATH', ''); // define('HTTPS_COOKIE_PATH', '/shop/catalog/'); define('DIR_WS_HTTP_CATALOG', '/shop/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/shop/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/homepages/xx/xxxxxxx/htdocs/gobosource/shop/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // file upload changes define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/'); define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS); // define our database connection define('DB_SERVER', 'xxxxxx.perfora.net'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'xxxxxxx'); define('DB_SERVER_PASSWORD', 'xxxxxxxxxxx'); define('DB_DATABASE', 'xxxxxxxxxx'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql' // CLR 020605 defines needed for Product Option Type feature. define('PRODUCTS_OPTIONS_TYPE_SELECT', 0); define('PRODUCTS_OPTIONS_TYPE_TEXT', 1); define('PRODUCTS_OPTIONS_TYPE_RADIO', 2); define('PRODUCTS_OPTIONS_TYPE_CHECKBOX', 3); // iii 030813 added: File Uploading: FILE type and UPLOAD_PREFIX define('PRODUCTS_OPTIONS_TYPE_FILE', 4); define('UPLOAD_PREFIX', 'upload_'); define('TEXT_PREFIX', 'txt_'); define('PRODUCTS_OPTIONS_VALUE_TEXT_ID', 0); //Must match id for user defined "Text" value in db table TABLE_PRODUCTS_OPTIONS_VALUES define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/'); define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS); ?> >>>>>>>>>>>>>>>>>>>>>>>>>> Thanks Uli Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.