485 replies to this topic

[jws818]

Hey Jason,

I am nearing launch on my site at www.irepairsquad.com and I'm having issues with my SSL.

The page says contains both secure and non secure links.  I have checked all my img sources and
they are set relatively.

I noticed you stated that even the links need to be toward https: urls, but all of the column left links
are only http.  

I'm not sure how to go about changing that or why I would want to b/c I only want the protected pages
to display the https links.

Please help me if you can, I simply want the lock to show up in Firefox.

Thank you!

James

[awarner20]

Dear Jason,

I have set my catalog/includes/configure.php and my catalog/admin/includes/configure.php files exactly as you have instructed.

The site is here.. http://goodfellasgames.com/shop/

If you go to my main shop page, you will find that the links in categories and individual products are pointing to HTTPS and not HTTP. It is my understanding that the settings for the above referenced files are correct and should only allow HTTPS of pages that require input from the customer.

Might you offer some advice for me? Here is the code from my configuration files...

catalog/admin/includes/configure.php

 define('HTTP_SERVER', 'https://goodfellasgames.com'); // eg, http://localhost - should not be empty for productive servers
  define('HTTP_CATALOG_SERVER', 'https://goodfellasgames.com');
  define('HTTPS_CATALOG_SERVER', 'https://goodfellasgames.com');
  define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
  define('DIR_FS_DOCUMENT_ROOT', '/home/content/a/w/a/awarner203/html/shop/'); // where the pages are located on the server
  define('DIR_WS_ADMIN', '/shop/admin/'); // absolute path required
  define('DIR_FS_ADMIN', '/home/content/a/w/a/awarner203/html/shop/admin/'); // absolute pate required
  define('DIR_WS_CATALOG', '/shop/'); // absolute path required
  define('DIR_FS_CATALOG', '/home/content/a/w/a/awarner203/html/shop/'); // absolute path required

catalog/includes/configure.php

define('HTTP_SERVER', 'https://goodfellasgames.com'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://goodfellasgames.com'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'goodfellasgames.com');
  define('HTTPS_COOKIE_DOMAIN', 'goodfellasgames.com');
  define('HTTP_COOKIE_PATH', '/shop/');
  define('HTTPS_COOKIE_PATH', '/shop/');
  define('DIR_WS_HTTP_CATALOG', '/shop/');
  define('DIR_WS_HTTPS_CATALOG', '/shop/');

Thanks,

Adam

[awarner20]

Typo in above post....

This is...
catalog/includes/configure.php

define('HTTP_SERVER', 'http://goodfellasgames.com'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://goodfellasgames.com'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'goodfellasgames.com');
  define('HTTPS_COOKIE_DOMAIN', 'goodfellasgames.com');
  define('HTTP_COOKIE_PATH', '/shop/');
  define('HTTPS_COOKIE_PATH', '/shop/');
  define('DIR_WS_HTTP_CATALOG', '/shop/');
  define('DIR_WS_HTTPS_CATALOG', '/shop/');
  define('DIR_WS_IMAGES', 'images/');

[jpweber]

Adam ...

Your SSL appears to be functioning smoothly; I created an account, no problem.

Regarding your categories, I'm unsure as to why they point to https:// ... you're correct in that they should point to http:// .... not https://

In your shop/includes/configure.php file, remember, your cookie domain should have two dots in it.  So instead of:

  define('HTTP_COOKIE_DOMAIN', 'goodfellasgames.com');
  define('HTTPS_COOKIE_DOMAIN', 'goodfellasgames.com');

It should be

  define('HTTP_COOKIE_DOMAIN', '.goodfellasgames.com');
  define('HTTPS_COOKIE_DOMAIN', '.goodfellasgames.com');

But I don't see how that would cause an issue with your categories.  It appears you're using some sort of template system, and it may have something to do with that.  Other than that, I'd really have to get in there and dig in myself to figure out exactly why it's pointing to https:// ...

[awarner20]

jpweber, on Jan 25 2007, 12:44 PM, said:

Adam ...

Your SSL appears to be functioning smoothly; I created an account, no problem.

Regarding your categories, I'm unsure as to why they point to https:// ... you're correct in that they should point to http:// .... not https://

In your shop/includes/configure.php file, remember, your cookie domain should have two dots in it.  So instead of:

  define('HTTP_COOKIE_DOMAIN', 'goodfellasgames.com');
  define('HTTPS_COOKIE_DOMAIN', 'goodfellasgames.com');

It should be

  define('HTTP_COOKIE_DOMAIN', '.goodfellasgames.com');
  define('HTTPS_COOKIE_DOMAIN', '.goodfellasgames.com');

But I don't see how that would cause an issue with your categories.  It appears you're using some sort of template system, and it may have something to do with that.  Other than that, I'd really have to get in there and dig in myself to figure out exactly why it's pointing to https:// ...

Thanks for the quick reply Jason,

I was unaware of the dot required at the start of the cookie domain, thank you, I will change that soon:)

I'm am using the Dynamenu contrib foudn here at OSC to create the fly-out menus...I dug around, but couldn't see anything that pointed to HTTPS instead of HTTP....

If you'd like to have a look around to investigate, I would be very appreciative. This has become an issue because I am trying to generate an xml sitemap and the one I have access to only follows http...not https....so no categories or products are getting listed in the sitemap;)

I'd be very grateful if you could spare the time to take a look. I can set you up with your own FTP access in a matter of a few minutes if you like????

[awarner20]

awarner20, on Jan 25 2007, 12:57 PM, said:

Thanks for the quick reply Jason,

I was unaware of the dot required at the start of the cookie domain, thank you, I will change that soon:)

I'm am using the Dynamenu contrib foudn here at OSC to create the fly-out menus...I dug around, but couldn't see anything that pointed to HTTPS instead of HTTP....

If you'd like to have a look around to investigate, I would be very appreciative. This has become an issue because I am trying to generate an xml sitemap and the one I have access to only follows http...not https....so no categories or products are getting listed in the sitemap;)

I'd be very grateful if you could spare the time to take a look. I can set you up with your own FTP access in a matter of a few minutes if you like????

I've added the two "dots" before the cookie domain. As you said, that didn't make a difference. I am still interested in knowing why this is happening, and hopefully a solution. If anyone can offer any advice, please help:)

[jpweber]

Well, sure, you can use the e-mail link (not message link) in my profile and I'll see what I can do.  I'm sure it's related to the contribution.

Jason

[jpweber]

Your shop/includes/configure.php file was not correct.  It's now correct, like this:

  define('HTTP_SERVER', 'http://goodfellasgames.com'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://goodfellasgames.com'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', '.goodfellasgames.com');
  define('HTTPS_COOKIE_DOMAIN', '.goodfellasgames.com');

Good luck.

[awarner20]

My problem has been solved with the gracious help of Jason above...Thanks Jason!

[jpweber]

awarner20, on Jan 29 2007, 08:27 AM, said:

I've read several posts about similar issues arriving from the SSL being set at http://yourdomain.com instead of like you have it in your config.... http://www.yourdomain.com

Please don't take my word for it though...I am merely offering one possibility from reading posts on here the last few months...

This has nothing to do with it, Adam.  Having the "www" or no "www" all depends on where the SSL company has assigned the SSL certificate to.  Both are acceptable.  The error is in here:

// define our database connection
define('DB_SERVER', 'localhost');

[awarner20]

jpweber, on Jan 29 2007, 08:32 AM, said:

This has nothing to do with it, Adam.  Having the "www" or no "www" all depends on where the SSL company has assigned the SSL certificate to.  Both are acceptable.  The error is in here:

// define our database connection
define('DB_SERVER', 'localhost');

Sorry Jason,

I'll be more selective about sharing my "guesses" next time...

Good luck medved:)

[beaz]

cmino, on Jan 14 2007, 06:44 AM, said:

Thanks! That solved the problem. You're a brilliant fellow!

i agree! just reading thru this thread to find out why i couldn't get my ssl to 'take' and this advice helped me too. thanks so much jason!

[jpweber]

cmino, on Jan 14 2007, 02:39 AM, said:

Actually, I am noticing now that your suggestions solved my https problem, but it seemed to have caused a problem in the admin area. I can get to my main admin index page on my browser, but can't get any further in than that. Could that be related to the fact that  I changed the admin/includes/local/configure.php file to configure_old.php ?  Thanks

Copy your database information (the 6 or 7 lines at the bottom of your admin/includes/local/configure_old.php file, and paste them into your admin/includes/configure.php file, overwriting the database information that isn't working.

[medved]

jpweber, on Jan 29 2007, 08:28 AM, said:

change to:

// define our database connection
  define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

This is because your host set it up how they do it, now how oscommerce does it.  Their mistake.  Good luck and keep me posted.

hi thanks for replay to use localhost helped, but pages that should use SSL are not working: account.php is not working. do you know why?

[medved]

what about this part

 define('HTTPS_COOKIE_PATH', '');
  define('DIR_WS_HTTP_CATALOG', '/catalog/');
  define('DIR_WS_HTTPS_CATALOG', '');

is it ok?

[jpweber]

Yes.  You're almost there, okay? Here's what you have to do to includes/configure.php:

  define('DIR_WS_HTTPS_CATALOG', '');

change to

  define('DIR_WS_HTTPS_CATALOG', '/');

Let me know when you're done; you should be all set.

[medved]

jpweber, on Jan 29 2007, 12:14 PM, said:

Yes.  You're almost there, okay? Here's what you have to do to includes/configure.php:

  define('DIR_WS_HTTPS_CATALOG', '');

change to

  define('DIR_WS_HTTPS_CATALOG', '/');

Let me know when you're done; you should be all set.

I did but it didn't work so i did it this way

  define('DIR_WS_HTTPS_CATALOG', '/catalog/');

Now the path is ok but the site is not working with https. it works only with http.

[medved]

ok it is workin, i don't know why but ok. just small problem: it is showing a pop up window saing that this page has secure and non-secure items. how can i fix this popup window please help.

[jpweber]

medved, on Jan 29 2007, 01:24 PM, said:

ok it is workin, i don't know why but ok. just small problem: it is showing a pop up window saing that this page has secure and non-secure items. how can i fix this popup window please help.

I was just going to say ... it certainly appears to be working on my end.

The non-secure items popup warning (in Internet Explorer):

Somewhere on that page, you have an http:// external link.  If I was a betting man, I'd say it's that flash banner  you have in your header.  That said ...

I'd go to your catalog/includes/header.php file and find out where that Flash coding is.  It will look something similar to this:

<EMBED src="thevisiondepot.swf" width=400 height=208 align=middle swLiveConnect=true pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" LOOP=FALSE bgcolor=#808080 name="thevisiondepot">
</EMBED>

change all http:// links to https:// links so it looks like this:

<EMBED src="thevisiondepot.swf" width=400 height=208 align=middle swLiveConnect=true pluginspage="https://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" LOOP=FALSE bgcolor=#808080 name="thevisiondepot">
</EMBED>

Save the revised catalog/includes/header file, and upload it to the proper directory on your server.  Then you will not receive this popup message warning in IE.

Keep us updated.

[medved]

jpweber, on Jan 29 2007, 02:13 PM, said:

I was just going to say ... it certainly appears to be working on my end.

The non-secure items popup warning (in Internet Explorer):

Somewhere on that page, you have an http:// external link.  If I was a betting man, I'd say it's that flash banner  you have in your header.  That said ...


Save the revised catalog/includes/header file, and upload it to the proper directory on your server.  Then you will not receive this popup message warning in IE.

Keep us updated.

Yes you are right . it's the flash. thank you so much for help. you are my hero. I did the chnges you mentioned in the flash and it works now. thank you very much.

And how can i make contact_us.php SSL protected? please.