398 replies to this topic

[TF Solutions]

Mibble, on Aug 4 2005, 02:47 PM, said:

change the top http server ssetting

define('HTTP_SERVER', 'http://funaticalcomau.ozstaging.com');
to
define('HTTP_SERVER', 'https://secure16.ozhosting.com/funatical');

<{POST_SNAPBACK}>

Did that - no change... catalog/admin/includes/configure.php now reads;

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://funaticalcomau.ozstaging.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'https://secure16.ozhosting.com/funatical');
define('HTTPS_CATALOG_SERVER', 'https://secure16.ozhosting.com/funatical/');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

[Riddles]

define('HTTP_SERVER', 'http://funaticalcomau.ozstaging.com'); // eg, http://localhost - should not be empty for productive servers

It's the first line that you need to change ^ the https server not the second http line

[AlanR]

I guess I better add this tip here, it's the logical place after all.

This is for people who are having trouble getting ssl to work, especially shared ssl. The way I've written it is oriented towards a 1&1 server but its use is general and applies to all servers. It's all about setting line 41 in application_top.php for those cases where the standard query does not work.

This is line 41:

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Now that's a very narrow test and lots of servers won't respond with on (or at all) to that. So the trick is to find out how the server does respond.

Create a little file, I named it myenv.php, with these lines:

<?php
  echo 'HTTP HOST: ' . "$HTTP_HOST";
  echo '<br>Server Port: ' . getenv('SERVER_PORT');
  echo '<br>SSL Status: ' . getenv('HTTPS');
  echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');
  echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');
  echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY');
?>

If you put that somewhere on the server, probably root and run it like so:

https://ssl.shared.com/mydomain.com/myenv.php you'll be able to see how the server responds to these queries. You'll need to change this to fit your situation but you get the idea.

Some dedicated ssls respond with a 1 instead of on to No. 3 for example.

Shared servers may respond differently to 4 & 5 but 1&1 gives the same response to both.

Once you know how the server answers these queries you can figure out the best solution for line 41 in application_top.php.

If, for example, you have a dedicated ssl and query 3 returns a 1 then you simply change line 41 to:

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

Frequently on shared servers you'll get no response at all to getenv('HTTPS'). This is where the other responses are useful (and most people have problems).

For example shared 1&1 returns ssl.perfora.net to queries 4 and 5. So setting line 41 line as below does the trick (I'm commenting out the original line for reference).

// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'ssl.perfora.net') ? 'SSL' : 'NONSSL';

Here's another case:

The standard ssl port for dedicated ssl is 443 (the standard http port is 80). I've seen dedicated ssl which returns no response for getenv('HTTPS') but does return a 443. In this case you can set line 41, testing for port 443, like so:

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

The best way to use the script is to run it in both http and https environments and look at the differences in the responses. You want to pick a response which is unique to ssl (your https connection), it's no use to pick something which stays the same in both modes, you want to pick something to make a switch.

[AlanR]

I guess I should add one more thing. I'm so used to it that I forget that others might not know.

How do you know if your ssl is switching on and off as it should? Simple, in source view, near the top of every page you'll see in your browser you'll find this line:

In http (no ssl engaged, regular pages)

<base href="http://www.somedomain.com/catalog/"> (assuming you're using the catalog folder)

In https (ssl engaged - my account, checkout, etc.)

<base href="https://www.somedomain.com/catalog/">

or for shared ssl something like this:

<base href="https://ssl.myhost.com/somedomain/catalog/">

That's it. That's what line 41 is all about, it sets that line. So when you find a broken padlock or the images aren't loading that's the first place you need to look. The goal is to get that switching back and forth as you change from http to https and back.

Edited by AlanR, 08 August 2005, 02:44.

[jsinp]

This post From Alanr Should be stickied.
I have searched for hours to find the solution to my no padlock problem.
I had my site showing https but no lock icon.

I used the test script myenv.php
determined ssl was using port 443 changed line 41 and bingo everything works great on my godaddy hosting.

Thanks for this great post

[dfx]

Hi there,
Glad to see this topic active and hoping for help, much appreciated. I'm pretty sure my problem is very minor - incorrect paths or something like that. I installed SSL (I'm on a shared server), and it installed fine and now tells me that my SSL url is (actual names omitted) https://myhost.net/my-domain
I logged in to my ftp account and there's a folder called SSL above the WWWROOT (I'm on a Windows server apparently.) Thus I'm presuming that my SSL url, https://myhost.net/my-domain points to this folder SSL. The thing is, however, my Catalog (for OSCommerce)directory is under WWWROOT.
So to sum that all up, OSCommerce is under www.mydomain.com/Catalog/index.php BUT I think logically SSL is under www.mydomain.com/../SSL, because it's above the www root right?
I don't get how this is going to work, since my https:// url seems to point to a totally different place above the root. Do I need to install OSCommerce twice in the two different locations?

My config.php looks like this:

// Define the webserver and path parameters
// * DIR_FS_* = C:\Domains\mydomain.org.uk\wwwroot\catalog\
// * DIR_WS_* = http://www.mydomain.org.uk/catalog/
define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers (LEFT THIS EMPTY as it screws up the directory structure)
define('HTTPS_SERVER', ' '); // eg, https://localhost - should not be empty for productive servers (LEFT THIS EMPTY as it screws up the directory structure)
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.mydomain.com);
define('HTTPS_COOKIE_DOMAIN', 'mydomain.com');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', 'http://mydomain.com/catalog/');
define('DIR_WS_HTTPS_CATALOG', 'https://myhost.net/mydomain/catalog/');

..for this last line, I even tried:
('DIR_WS_HTTPS_CATALOG', 'https://myhost.net/mydomain/../wwwroot/catalog/'); , but this just seems to point to myhost.net/wwwroot/catalog .. which is incorrect.

I don't get it. Please do bear with me as I am relatively new and have searched extensively both on the forums and on the web. Any help MUCH appreciated. Thanks very much. Cheers!

[AlanR]

dfx, on Aug 16 2005, 11:14 AM, said:

Hi there,
          Glad to see this topic active and hoping for help, much appreciated. I'm pretty sure my problem is very minor - incorrect paths or something like that. I installed SSL (I'm on a shared server), and it installed fine and now tells me that my SSL url is (actual names omitted)

<{POST_SNAPBACK}>

Please re-post your problem in the installation and configuration forum

See: http://forums.oscommerce.com/index.php?showtopic=30722

Edited by AlanR, 16 August 2005, 22:18.

[AlanR]

There is another change some people should look into if they're using 1&1 or another service with a proxy server which requires the use of the

(getenv('HTTP_X_FORWARDED_HOST')

or

(getenv('HTTP_X_FORWARDED_BY')

tests.

See this thread for details:

http://forums.oscommerce.com/index.php?showtopic=165296

[kewler]

Boy did you cross reference this puppy.

I might add that I replaced every instance of
getenv('HTTPS') == 'on'

with

getenv('HTTP_X_FORWARDED_HOST') == 'ssl.perfora.net'

I have been struggling to get my login page to work and cleaned up a lot in the process.

-did I "OVERKILL" it?

You can navigate just fine, but can't login http://thermalband.com/kewler/catalog/

SSL is enabled now

I can "get" logged in (when I switch SSL state back and forth), and navigate just fine on my ssl area which is

https://ssl.perfora.net/thermalband.com/kewler/catalog/

but I can't login

dunno, what I did wrong.

Kevin

AlanR, on Aug 16 2005, 08:33 PM, said:

There is another change some people should look into if they're using 1&1 or another service with a proxy server which requires the use of the

(getenv('HTTP_X_FORWARDED_HOST')

or

(getenv('HTTP_X_FORWARDED_BY')

tests.

See this thread for details:

http://forums.oscommerce.com/index.php?showtopic=165296

<{POST_SNAPBACK}>

[FlyingKites]

Hi

A client installed his SSL from godaddy. He uses Linkpoint CC processor. It was working. He asked us to turn on SSL and we did. We changed the config file and the linkpoint URLs and it no longer works.

I ran the env.php code from the catalog and got

HTTP HOST: xaxe.com
Server Port: 80
SSL Status:
Fowarded Server:
Fowarded Host:
Fowarded By:

which all looks particularly "blank" to me and not what was expected.

Any takers?


thanks

[kewler]

FlyingKites,

you need to run your env.php from the domain of the https server

i.e. ssl.perfora.net/mydomain.com/catalog/admin/env.php

also, another helpful trick from Allen R is to create a docroot.php

<?php
echo 'Document Root: ' . getenv('DOCUMENT_ROOT');
?>

helps for absolute paths

BTW, what was wrong with mine? bad stupid lines in the end of my application_top.php

only need to make the 2 changes for SSL

Kevin

[FlyingKites]

well it was not from godaddy after all. anyway how can I tell if the certificate has actually been installed properly on his server (outside of oscommerce)? ared there files I should be able to see? should that env.php be telling me something?

Edited by FlyingKites, 21 August 2005, 13:37.

[AlanR]

kewler, on Aug 21 2005, 08:15 AM, said:

FlyingKites,

you need to run your env.php from the domain of the https server

<{POST_SNAPBACK}>

Yes, those results don't look like they came from an https url at all.

[AlanR]

FlyingKites, on Aug 21 2005, 09:36 AM, said:

how can I tell if the certificate has actually been installed properly on his server (outside of oscommerce)?

<{POST_SNAPBACK}>

Simple.

Just look at any old plain html page on the server through the https address.

If you can see it without getting an error and you get a solid padlock the ssl address is working.

[itchyfanny]

Has anyone come across this problem..

When I have shared SSL working correctly (padlock closed) it will not display ANY images in the catalog SSL side, thats logos, 1pixel.gif's, icons, product images etc etc.

Also, in the admin side when secured it gives this error and dispays no images..

Error: Catalog images directory does not exist: //public_html/store/images/

I am probably wrong but it looks to me like a path error? I have moved '/' about in the config.php's but to no avail.

I have tried as many as I can of the different configs kindly posted here and the base 'on' on line 41 seems to be the best for my server setup with the results from AlanR's helpful myenv.php report.

I installed a vanilla osC to test again and its still the same..

Anyone had this problem and managed to fix it?

Any help gratefully recieved.

[itchyfanny]

With regard to the no images in SSL mode.

I see now that any images residing in the 'includes/languages/english/images/' directory are displaying ok

[AlanR]

itchyfanny, on Aug 23 2005, 01:05 AM, said:

Has anyone come across this problem..

When I have shared SSL working correctly (padlock closed) it will not display ANY images in the catalog SSL side, thats logos, 1pixel.gif's, icons, product images etc etc

<{POST_SNAPBACK}>

Repost your question in Installation & Configuration. If we turn this thread into a clone of an I&C thread it becomes less useful for future readers, they'll have too many posts to wade through.

[thpek]

Need help on the SSL configuration here. My site is under testing with a test SSL cert. The security locks disappear immediately after the page is loaded eg. at the login page. Below is my configure.php settings:

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.blueseatackle.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://blueseatackle.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.blueseatackle.com');
define('HTTPS_COOKIE_DOMAIN', 'blueseatackle.com');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG', '/domains/blueseatackle.com/wwwroot/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Hope some expert can solve my problem.

[chrisytsma]

Hi all.

I am pretty sure I know what I am doing with the SSL and all. But I do have a question.

I am questioning whether I should have my certificate made for 'www.mydomain.com' or just 'mydomain.com'

I am assuming, that given the changes to the code, if a user were at http://www.mydomain.com and proceeded to checkout, they would be sent to https://mydomain.com.

Quote

define('HTTP_SERVER', 'http://www.yourdomain.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://yourdomain.com'); // eg, https://localhost - should not be empty for productive servers

so everything would work out fine.

But for people on the other side of the world, buying my products, they may need the www prefix before mydomain.com. So consider that they need the www and that they are surfing http://www.mydomain.com. They go to checkout and are reditrected to https://mydomain.com (no www). Wouldnt this create a problem for them in not being able to access my site?

So if this is true, which it very well may not be (I have never tried to access a U.S. site from the other side of the world or vice versa as far as i know).....

If this is true, then should I have my certificate made for www.mydomain.com? and change the HTTPS_SERVER code to include the www prefix?

Someone knowledgable help me please

Thank you in advance,
Chris

[David Pook]

This has been a great source of information. Thank you to everyone.

Having spent the last hour reading, i now have my index page showing as https. BRILLIANT.

BUT..........

When i click on one of my products and all other pages are showing as http

WHY ?

I changed my configuration to read the https server define information.... and everything else i need to change....or so i thought.
Take a look at my config file and if someone could check it for me ?....I think its correct, but not sure why the rest of the site is not showing as http except the index page?

  define('HTTP_SERVER', 'http://www.belly-unique.com'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://secure.hosts.co.uk/~belly-unique.com'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'www.belly-unique.com');
  define('HTTPS_COOKIE_DOMAIN', 'https://secure.hosts.co.uk/~belly-unique.com');
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', 'belly-unique.com');
  define('DIR_WS_HTTP_CATALOG', '/catalog/');
  define('DIR_WS_HTTPS_CATALOG', '/catalog/');
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Thanking you ALL in advance for any help with this