SSL works but images dont

[Guest]

Im having a problem with my SSL. I had it working with images before and all of a sudden they stopped working. I have added some contribs but havent changed anything to do with images. I right click on the broken image and the address it says the image is at is correct and works on its own. I am also currently working on another oscommerce site which the images work fine in ssl :blink:

 

https://host101.ipowerweb.com/~reloadga/

 

thanks for any and all help,

 

I

[wvmlt]

Check in catalog/includes/configure.php and admin/includes/config.php and make sure you have the right paths set.

[Guest]

Well, I compared the configuration files between the two sites and they are exactly the same (with respect to domain names and such) - both sites are hosted with the same company and were set up in the same way. I checked permissions on all images and folders in my site and still nothing works :unsure:

 

--I

[Guest]

Well I figured it out. Anyone who has hosting with ipowerweb has an option to prevent others from hot linking images from your site (linking directly to images on your site to cut down on their bandwidth) - I had turned it off for my site and the server thought the shared SSL server was trying to steal images :rolleyes:

 

thanks to wvmlt for replying anyway B)

 

--I

[jatapani]

Anyone who has hosting with ipowerweb has an option to prevent others from hot linking images from your site

 

Hey that could be my problem... My site is hosted at EasyWeb but they don't offer an admin page, is that how you did it or just asked the support crew?

 

Damn it, if this solves my problem that would be cool.

[strced]

:) Thanks reload for posting the root cause and soloution for the problem you were having...I was having the same problem with https and couldn't figure it out until I found your post. I just put the https url on my allowed list and it all works again....Thanks Again

[jenawade]

Awesome, that fixed my problem, too! :D

[sdrattler1]

:rolleyes: :rolleyes:

Well I figured it out. Anyone who has hosting with ipowerweb has an option to prevent others from hot linking images from your site (linking directly to images on your site to cut down on their bandwidth) - I had turned it off for my site and the server thought the shared SSL server was trying to steal images :rolleyes:

 

thanks to wvmlt for replying anyway B)

 

--I

:rolleyes: Thanks for your post! I had the same issue - just added ssl late last night - Added the HTTPS urls to my hotlink protection and the images reapeared! Thank you! -Tim-

[jamiedia]

I'm having a similar problem but that doesnt seem to be it. I have used a shared ssl for ages and have just installed a ssl certificate now the images wont upload. I get a 406 not acceptable error! The resource cannot be displayed and its got me stumped does anyone have any ideas?

[jhande]

Well I figured it out. Anyone who has hosting with ipowerweb has an option to prevent others from hot linking images from your site (linking directly to images on your site to cut down on their bandwidth) - I had turned it off for my site and the server thought the shared SSL server was trying to steal images :rolleyes:

 

thanks to wvmlt for replying anyway B)

 

--I

 

WOW such a life saver... thank you!

 

I had the same problem with images not showing up and I'm with BlueHost.com.

Same feature for hot linking which I never bothered with, until now LOL.

Just added my https root address and wa-la.

 

Wish I found this post earlier.

 

Now does anyone know how to stink my hair back in my head? (w00t)

[jhande]

I'm having a similar problem but that doesnt seem to be it. I have used a shared ssl for ages and have just installed a ssl certificate now the images wont upload. I get a 406 not acceptable error! The resource cannot be displayed and its got me stumped does anyone have any ideas?

 

Did you also make the necessary changes in your configuration.php file to reflect the new secure path?

[Measha06]

I have paid for an SSL certificate to be installed by Vodahost, they have completed the work they say but there is no Rapid SSL logo. I asked where it was and was told that is up to me to put on the site. they have sent me a zipped folder with the image in but I really do not know what to do with it, how to get it on the site or where to put it, plus I presume it should have some sort of link connected to it. Can anybody advise what where when and how to sort this, as there seems little use in having paid for this for the security of customers if they do not know I have done this.

 

Hoping for a speedy response from anybody, somebody who has already completed this step.

[Guest]

Check in catalog/includes/configure.php and admin/includes/config.php and make sure you have the right paths set.

This might be what I need. I'll check it out. My images are saving to a stray folder when I add a new product. Ta!

[codieskid]

Hi there

 

I have got the same problem and my hosting is with Media temple. www.rccarshop.co.uk/catalog

 

So do I need to go into the admin account in my media temple server and add https to my safe list or allow hot linking on the site for the ssl to work and the images to show. Its really weird. Everything was working fine and then suddenly the images wouldn't show and i got the unsure site message when accessing https://

[porpoise1954]

My problem is along similar lines.

 

Have just installed SSL certificate (through 1and1 hosting) and it's working fine except.....

 

If I change the configure.php according to instructions elsewhere in these forums, I get the secure/insecure pop-up warning box and if selecting "do not include insecure items", I get the relevant pages without the images. The images on the http pages are fine. Currently, the only way I can get the images to show on the https pages is to make the whole site https in configure.php - which is obviously overkill.

 

It seems like the SSL conditional code within the osC files isn't working like it says on the tin.

 

Anyone have any ideas on a simple fix that doesn't involve going through every file that's included within the https pages to change all the <img src tags to https://mysite.com/images/file.jpg

[Guest]

My problem is along similar lines.

 

Have just installed SSL certificate (through 1and1 hosting) and it's working fine except.....

 

If I change the configure.php according to instructions elsewhere in these forums, I get the secure/insecure pop-up warning box and if selecting "do not include insecure items", I get the relevant pages without the images. The images on the http pages are fine. Currently, the only way I can get the images to show on the https pages is to make the whole site https in configure.php - which is obviously overkill.

 

It seems like the SSL conditional code within the osC files isn't working like it says on the tin.

 

Anyone have any ideas on a simple fix that doesn't involve going through every file that's included within the https pages to change all the <img src tags to https://mysite.com/images/file.jpg

Maybe post your configure.php file without the database info.

[♥Vger]

I guess I better add this tip here, it's the logical place after all.

 

This is for people who are having trouble getting ssl to work, especially shared ssl. The way I've written it is oriented towards a 1&1 server but its use is general and applies to all servers.

 

It's all about setting line 41 in application_top.php for those cases where the standard query does not work.

 

This is line 41:

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Now that's a very narrow test and lots of servers won't respond with on (or at all) to that. So the trick is to find out how the server does respond.

 

Create a little file, I named it myenv.php, with these lines:

 

CODE

<?php

echo 'HTTP HOST: ' . "$HTTP_HOST";

echo '<br>Server Port: ' . getenv('SERVER_PORT');

echo '<br>SSL Status: ' . getenv('HTTPS');

echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');

echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');

echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY');

?>

 

If you put that somewhere on the server, probably root and run it like so:

 

https://ssl.shared.com/mydomain.com/myenv.php you'll be able to see how the server responds to these queries. You'll need to change this to fit your situation but you get the idea.

 

Some dedicated ssls respond with a 1 instead of on to No. 3 for example.

 

Shared servers may respond differently to 4 & 5 but 1&1 gives the same response to both.

 

Once you know how the server answers these queries you can figure out the best solution for line 41 in application_top.php.

 

If, for example, you have a dedicated ssl and query 3 returns a 1 then you simply change line 41 to:

 

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

Frequently on shared servers you'll get no response at all to getenv('HTTPS'). This is where the other responses are useful (and most people have problems).

 

For example shared 1&1 returns ssl.perfora.net to queries 4 and 5. So setting line 41 line as below does the trick (I'm commenting out the original line for reference).

 

// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'ssl.perfora.net') ? 'SSL' : 'NONSSL';

 

Here's another case:

 

The standard ssl port for dedicated ssl is 443 (the standard http port is 80). I've seen dedicated ssl which returns no response for getenv('HTTPS') but does return a 443. In this case you can set line 41, testing for port 443, like so:

 

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

The best way to use the script is to run it in both http and https environments and look at the differences in the responses. You want to pick a response which is unique to ssl (your https connection), it's no use to pick something which stays the same in both modes, you want to pick something to make a switch.

 

One more thing:

================================================================================

=========================

 

How do you know if your ssl is switching on and off as it should? Simple, in source view, near the top of every page you'll see in your browser you'll find this line:

 

In http (no ssl engaged, regular pages)

 

<base href="http://www.somedomain.com/catalog/"> (assuming you're using the catalog folder)

 

In https (ssl engaged - my account, checkout, etc.)

 

<base href="https://www.somedomain.com/catalog/">

 

or for shared ssl something like this:

 

<base href="https://ssl.myhost.com/somedomain/catalog/">

 

That's it. That's what line 41 is all about, it sets that line. So when you find a broken padlock or the images aren't loading that's the first place you need to look. The goal is to get that switching back and forth as you change from http to https and back.

 

Vger

[porpoise1954]

Maybe post your configure.php file without the database info.

 

Here it is:

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.site.co.uk/'); // eg, [url="http://localhost"]http://localhost[/url] - should not be empty for productive servers [color="#ff0000"](this is where I have to make it https: so the images show but of course this makes the whole site https)[/color]
 define('HTTPS_SERVER', 'https://www.site.co.uk/'); // eg, [url="https://localhost"]https://localhost[/url] - should not be empty for productive servers
 define('ENABLE_SSL', false); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.site.co.uk');
 define('HTTPS_COOKIE_DOMAIN', 'www.site.co.uk');
 define('HTTP_COOKIE_PATH', '');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '');
 define('DIR_WS_HTTPS_CATALOG', '');
 define('DIR_WS_IMAGES', 'images/');

The CATALOG path is blank because the shop is in the site root

[♥Vger]

define('HTTP_SERVER', 'http://www.site.co.uk');

define('HTTPS_SERVER', 'https://www.site.co.uk');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.site.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'www.site.co.uk');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

Make sure your SSL Cert is made out to www.site.co.uk and not just to site.co.uk. If the ssl cert is made out to site.co.uk then amend the http and https_cookie_domain settings accordingly.

 

If that still doesn't work then there's either a problem with the coding of your site or with the way your hosting handles ssl.

 

Vger

[porpoise1954]

define('HTTP_SERVER', 'http://www.site.co.uk');

define('HTTPS_SERVER', 'https://www.site.co.uk');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.site.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'www.site.co.uk');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

Make sure your SSL Cert is made out to www.site.co.uk and not just to site.co.uk. If the ssl cert is made out to site.co.uk then amend the http and https_cookie_domain settings accordingly.

 

If that still doesn't work then there's either a problem with the coding of your site or with the way your hosting handles ssl.

 

Vger

 

Thanks Vger - That forward slash could be the issue, everything else seems to be correct. I'll have to wait 'til tomorrow to try it again, as I have to get our payment service provider to switch it over on their system as well so that the post to their server will be accepted from the https url.

[porpoise1954]

<br /> <br />Thanks Vger - That forward slash could be the issue, everything else seems to be correct. I'll have to wait 'til tomorrow to try it again, as I have to get our payment service provider to switch it over on their system as well so that the post to their server will be accepted from the https url.<br />

<br /><br /><br />

 

Unfortunately, that isn't it - that just introduces 2 lots of / at the end of the domain

 

e.g. Http://site.co.uk//images..............

 

as my base url already has the forward slash at the end of the domain name

[mcalautt]

Im having a problem with my SSL. I had it working with images before and all of a sudden they stopped working. I have added some contribs but havent changed anything to do with images. I right click on the broken image and the address it says the image is at is correct and works on its own. I am also currently working on another oscommerce site which the images work fine in ssl :blink:

 

https://host101.ipowerweb.com/~reloadga/

 

thanks for any and all help,

 

I

 

My site loads fine with https in firefox. but in IE, none of the images display.

I dont have hotlink enabled..

 

any suggestions ?

 

https://www.petescycleandsled.com/catalog/

[mcalautt]

it doesnt seem to matter if i enable or disable hotlink protection.

still wont load in IE>

 

:-(

[mcalautt]

MY BAD>

 

i fixed it.

I really only wanted SSL for the login for customers and checkout anyway..

you can enable it in configure.php and add the SSL url .

 

cat configure.php

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.example.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.example.com/catalog/'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure? <-------------------------------------------------

define('HTTP_COOKIE_DOMAIN', 'www.example.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/examp/public_html/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'exa_ple');

define('DB_SERVER_PASSWORD', 'example');

define('DB_DATABASE', 'exa_ple');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

[hwang168]

Vger

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Frequently on shared servers you'll get no response at all to getenv('HTTPS').

 

 

I changed application_top.php line 41 code as below, solved security warning problem:

 

$request_type = (getenv('HTTPS') == '') ? 'SSL' : 'NONSSL';

 

Thank all members here!