373 replies to this topic

[golfman2006]

When I run cfgchk.php I get this:

Found HTTPS_COOKIE_DOMAIN:

define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com');

HTTPS_COOKIE_DOMAIN line parsed!

Just wanted to find out if this was an error or not as the other two lines for SSL and HTTPS Server give the message of "passed check" and this says "line parsed". Please advise?

[germ]

I color coded the lines.

GREEN is GOOD

RED is BAD

That line is GREEN

(Hoping you're not colorblind)

It's just an informative message.

[kbking]

Hi
Clever tools you've created! Thanks!

I'm not sure why the file unsecure.php produces this message:

Quote

unsecure.php Version 1.1

Site not specified!

I might have misconfigured something or missed some instruction... I don't know. I simply point my browser to the unsecure.php. Would you mind shed some light, thank you!

[germ]

From the "read me" file included in the contrib:

unsecure.php - A program to help find "unsecure" items on SSL Pages. To test a page access the file with your browser like this:

http://www.yourdomain.com/unsecure.php?site=https://site.com

Or:

http://www.yourdomain.com/unsecure.php?site=https://site.com/page.php

[kbking]

Thank you! Sorry to have bothered you, should have noticed that.

I get "Unable to open..." etc, and I see that a hyphen in my shared ssl domain name is missing. It might be any of the security contributions that I'm using that are causing it?

[germ]

In the file change this code:

if ( $HTTP_GET_VARS['site'] ) {
  $site = preg_replace("/[^ {}a-zA-Z0-9_.-\/:]/i", "", $HTTP_GET_VARS['site']);

To:

if ( $HTTP_GET_VARS['site'] ) {
  $site = preg_replace("/[^ {}a-zA-Z0-9_.\/:-]/i", "", $HTTP_GET_VARS['site']);

I will fix that bug next time I upload the contribution.

[janhworman]

germ, on May 1 2009, 04:44 PM, said:

In the file change this code:

if ( $HTTP_GET_VARS['site'] ) {
  $site = preg_replace("/[^ {}a-zA-Z0-9_.-\/:]/i", "", $HTTP_GET_VARS['site']);

To:

if ( $HTTP_GET_VARS['site'] ) {
  $site = preg_replace("/[^ {}a-zA-Z0-9_.\/:-]/i", "", $HTTP_GET_VARS['site']);

I will fix that bug next time I upload the contribution.

I have had the same problem showing an error attempting top open a file when using the coded file unsecure.php that you included in your download.

I have tried the change you listed above, but it still doesn't show any issues.

I can get the site to load fine now on the index.php site based on your previous postings, but now, when I click on any other link it converts to a non-secure site link.

my site is https://www.ministryresourcecentral.com/c4c...talog/index.php

I still have the files installed in the catalog folder from your SSL help file.

I would appreciate any advice as I am needing to get this corrected ASAP - I need to go live this week!

Thank you very much!

[germ]

Quote

when I click on any other link it converts to a non-secure site link.

It's supposed to work like that.

I can find nothing "unsecure" or wrong with the way your SSL is working.

[iyah]

I have been trying for weeks to get my SSL working correctly. Both internet explorer and firefox are scaring away my customers. IE gives a warning about unsecured and secured contents and firefox shows an over the lock.

Here is what I get when I run the unsecure.php :
unsecure.php Version 1.1

Site not specified!


Here is MY URL

Thanks

[germ]

Correct implementation of the contribution: click me

[iyah]

iyah, on Jul 26 2009, 05:30 PM, said:

I have been trying for weeks to get my SSL working correctly. Both internet explorer and firefox are scaring away my customers. IE gives a warning about unsecured and secured contents and firefox shows an over the lock.

Here is what I get when I run the unsecure.php :
unsecure.php Version 1.1

Site not specified!


Here is MY URL

Thanks

Forgot to mention that I tried all the changes mentioned in application top.php but willing to try them again.
I also just noticed that the in firefox seems to be gone but IE still showing that annoying message. How can I get rid of that message?

[germ]

Remove the http links to images and/or scripts.

[iyah]

germ, on Jul 26 2009, 05:37 PM, said:

Remove the http links to images and/or scripts.

What do you mean? For example should I make changes on the slider on my header? If so what should I change in:

leftrightslide[0]='<a href="http://mydomain/folder//catalog/product_info.php?cPath=28&products_id=49"><img src="http://mysite/folder//catalog/images/pouch.gif" border=0 width="75" height="75"></a>'

[germ]

These links:

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/Money_order.jpg" border="0"></a><br><br> 

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/cheque.gif" border="0"></a><br><br> 

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/western union.gif" border="0"></a>

Should be:

<a href="#"><img src="images/Money_order.jpg" border="0"></a><br><br> 

<a href="#"><img src="images/cheque.gif" border="0"></a><br><br> 

<a href="#"><img src="images/western union.gif" border="0"></a>

And the image part of the links in the slideshow should be like this:

<img src="images/pouch.gif" border=0 width="75" height="75">

(No http reference)

And in the stylesheet:

background-image: url('http://iyahroots.com/rasta-products//catalog/images/logo1.jpg');

Needs to be:

background-image: url('images/logo1.jpg');

[iyah]

germ, on Jul 26 2009, 06:19 PM, said:

These links:

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/Money_order.jpg" border="0"></a><br><br> 

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/cheque.gif" border="0"></a><br><br> 

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/western union.gif" border="0"></a>

Should be:

<a href="#"><img src="images/Money_order.jpg" border="0"></a><br><br> 

<a href="#"><img src="images/cheque.gif" border="0"></a><br><br> 

<a href="#"><img src="images/western union.gif" border="0"></a>

And the image part of the links in the slideshow should be like this:

<img src="images/pouch.gif" border=0 width="75" height="75">

(No http reference)

And in the stylesheet:

background-image: url('http://iyahroots.com/rasta-products//catalog/images/logo1.jpg');

Needs to be:

background-image: url('images/logo1.jpg');

Thanks so much. There is a problem I think with relative paths. I am using Netfirms as my host and I have always noticed that relative paths do not work.

[germ]

1. Change hosts

2. Remove the "unsecure" items.

3. Put up with the problem.

[iyah]

germ, on Jul 26 2009, 07:04 PM, said:

1. Change hosts

2. Remove the "unsecure" items.

3. Put up with the problem.

YOU ARE RIGHT!!

I need to change host. Thanks for all the help at least I will get it fixed now.

[germ]

If you're talking about "relative links" within a page this thread may shed some light on that.

And the whole osC concept is based on "relative links" when pertaining to images.

If you look at the HTML source, in the <head> section you'll see something like:

<base href="http://yoursite.com/catalog/">

Then look at an image link:

<img src="images/oscommerce.gif" width="204" height="50" border="0" alt=" osCommerce " title=" osCommerce ">

So the browser takes the:

<base href="http://yoursite.com/catalog/">

And adds that to the image link and knows to find the image at:

<img src="http://yoursite.com/catalog/images/oscommerce.gif" width="204" height="50" border="0" alt=" osCommerce " title=" osCommerce ">

So when you implement SSL, the only part of the page that changes to make the images "secure" is the <base href>

[iyah]

iyah, on Jul 26 2009, 07:00 PM, said:

Thanks so much. There is a problem I think with relative paths. I am using Netfirms as my host and I have always noticed that relative paths do not work.

This may help someone else using netfirms. Found the fix on Netfirms's support page HERE.

[lordofcb]

germ, on Jul 27 2009, 02:41 AM, said:

If you're talking about "relative links" within a page this thread may shed some light on that....

You seem to know your SSL, well I know NOTHING about how it is supposed to work. But anyways, I purchased a Comodo SSL certificate through my hosting company for my oscommerce after a sales rep suggested it. I have been reading what you have written and the part about the external references (like my banners and such) make sense. But i need to know if what they have done makes any sense at all... I hope I can explain this clearly..
I have a domain xyz.com where they installed this SSL product.. they did it today and adjusted my configure.php file for me. So, i went to my catalog, and banners not displaying etc.. but even worse, when I try to sign in as a user, or create a new user, nothing will work... also, there are many more problems that suddenly popped up..
I also have a new version of oscommerce i put into xyz.com/oscommercenew/catalog, as soon as they installed the SSL i lost all access to it, getting 400 or 500 internal error messages.. then next, even more trouble..
i have loads of other webpages on the same domain, like xyz/folder1/xxx.html, xyz/folder2/aaa.html etc etc... and now when i browse to any of them everything is going off the https://xyz.com domain, and all sorts of stuff in all those other programs isn't working right.
My question is I guess.. is them installing an SSL product on my domain suppose to effect every single thing like that???
I didn't think my entire domain would default to https: pages