373 replies to this topic

[ffl]

Germ,
I am having problems with my site. everything was working to my knowledge and we were able to check out. my provider (Network Solutions) changed or upgraded their PHP and I started getting errors about eregi and have been fixing them with preg_match. at the same time I have been checked for PCI compliance. they say my cert is not correct. all my browsers say that there is a valid ssl cert in place but I the SSL checks in OsCom don't pass, but I get the Blue Bar and Locked Lock. I have installed your checker files can you check this for me.

David
I PMed my site address to you.

[germ]

I can find nothing wrong with your SSL.

[ffl]

if I check the $_SERVER['HTTPS'] environment variable it returns NULL . Does this indicate a not secure connection?

[MrPhil]

Are you using IIS rather than Apache for a server? Different servers use different ways to deal with SSL. Some have getenv('HTTPS') returning 'on' or '1', while others require you to look at the port number (see previous page). You may have to do some snooping around your code to see where $_SERVER['HTTPS'] gets set, and possibly set it manually, or at least investigate (with your host) why it's NULL instead of some expected value. I don't even see $_SERVER['HTTPS'] used in the vanilla code -- is this used in an add-on? See http://us.php.net/manual/en/reserved.variables.server.php . Note that this listing warns that there is no guarantee that any of these $_SERVER elements will be defined!

[germ]

ffl, on 07 March 2012, 14:09, said:

if I check the $_SERVER['HTTPS'] environment variable it returns NULL . Does this indicate a not secure connection?

Your config file is screwed up because the shop is SSL all the time. Read this.

It applies to you as well.

[Santi67]

I have enabled SSL in oscommerce installation. In our secure pages (eg )https://farma10.com/farmacia-online/login.php IE and Chrome warn about non secure content. I check that all image and link pathes are relative.
In IE I can see that it does not load the stylesheet (the page is displayed with the images but without styles). If I see the source code from IE, I see

 [/color]
 <base href="http://farma10.com/farmacia-online/">
[color="#000000"]

when it should be with the 's'. After reading this threat I think the problem is in application_top.php but any change that you propose for

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

didn't work.
Could you please guide me to solve the problem?
My includes/configure.php:

  define('HTTP_SERVER', 'http://farma10.com');
  define('HTTPS_SERVER', 'https://farma10.com');
  define('ENABLE_SSL', true);
  define('HTTP_COOKIE_DOMAIN', '.farma10.com');
  define('HTTPS_COOKIE_DOMAIN', '.farma10.com');
  define('HTTP_COOKIE_PATH', '/farmacia-online/');
  define('HTTPS_COOKIE_PATH', '/farmacia-online/');
  define('DIR_WS_HTTP_CATALOG', '/farmacia-online/');
  define('DIR_WS_HTTPS_CATALOG', '/farmacia-online/');
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');[/color]
[color="#000000"]

My myenv.php[b]:

Version 1.2[/b][/color]
[color="#000000"]SSL Variables[/color]
[color="#000000"]HTTP HOST: [][/color]
[color="#000000"]Server Port: [80][/color]
[color="#000000"]SSL Status: [Undefined!][/color]
[color="#000000"]Fowarded Server: [farma10.com][/color]
[color="#000000"]Fowarded Host: [farma10.com][/color]
[color="#000000"]Fowarded By: [Undefined!][/color]
[color="#000000"]$_SERVER['HTTPS']: [Undefined!][/color]
[color="#000000"]Warning!!![/color]
[color="#000000"]The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!![/color]
[color="#000000"]

NONSSL Variables
HTTP HOST: []
Server Port: [80]
SSL Status: [Undefined!]
Fowarded Server: [Undefined!]
Fowarded Host: [Undefined!]
Fowarded By: [Undefined!]
$_SERVER['HTTPS']: [Undefined!]
Load: 1

My cfgchk.php:

[b]File Permissions:[/b] [b]0444[/b]

Found HTTPS_SERVER:

[b]define('HTTPS_SERVER', 'https://farma10.com');[/b]

[b]HTTPS URL passed check![/b]

Found ENABLE_SSL.

[b]define('ENABLE_SSL', true);[/b]

[b]SSL enable passed check![/b]

Found HTTPS_COOKIE_DOMAIN:

[b]define('HTTPS_COOKIE_DOMAIN', '.farma10.com');[/b]

[b]HTTPS_COOKIE_DOMAIN line parsed![/b]



Parsing application_top.php for SSL detection key...

Found SSL detection key:

[b]$request_type = (getenv('HTTPS') == 'on') ? [/b][b]'SSL' : 'NONSSL';[/b]



Done!

Thank you,
Santi

[germ]

Click Me

[Santi67]

I contacted the server and they informed me that the variable used is HTTP_HTTPS. I placed in application_top:

$request_type = ($_SERVER['HTTP_HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

and works perfectly.
Thank you very much, Jim.
Santi

[glenn_watson]

Hi Germ,

[glenn_watson]

Hi Germ,
I have been having the same issue as above, where all browsers are giving a mixed content warning when entering the cart. The shop is still under development but it's release has been delayed due to this problem. I have installed all of your test files in the cataloge can you please have a look at what is causing this problem? I will pm you my site if you could please help.
Thanks,
Glenn

[germ]

You must be on one of those servers that have different folders for SSL and NONSSL.

You'll need to copy the contribution files to the SSL folders for them to work.

[glenn_watson]

Hi Yes you are correct. The hosting company set up a secure folder and copied all of my shop from the public folder to the secure folder. I just realized they copied the files before I modded the configure files, could this be the issue? I just uploades your test file to the secure folder could you please have a look?
Thanks for the help, I was really getting fustrated dealing with Bell Hosting (3 techs and 3 different answers).

[germ]

Looks like you've diagosed the problem correctly.

From what I can see if you copy the /shop/includes/configure.php file from the NONSSL folder to the SSL folder you'll probably be good to go

[glenn_watson]

Yes I was just coming back to tell you I copied the admin/includes/configure.php as well and now I am getting the Google green bar!
Thank you so much for pointing me in the correct direction!!!!
Glenn