373 replies to this topic

[germ]

Quote

My question is I guess.. is them installing an SSL product on my domain suppose to effect every single thing like that???

No.

[lordofcb]

germ, on Sep 22 2009, 07:52 AM, said:

No.

I thought so, it sure doesn't seem right to me. I did a bit more investigating and notice what they have done.. they have put a file folder in my root called ssl.conf, inside that folder are 3 certificate type files. Then, for some reason unknown to me, they have added a 3rd level domain under my domain called cx9.xwebshoting.com, now every page i attempt to browse too has the following happen to it...
If i enter into browser http:\\xyz.com\homepage.html it converts it to https:\\xyz.com.cx9.xwebhosting.com\homepage.html then it reports certificate erro and continuing to the page goes to an internal 500 error.

[scdesigns]

I'm having SSL issues, my stylesheet and images are being blocked in IE.

I changed the path to my stylesheet in login.php to a https:// link to test it and it works, but my images are still blocked.

I've uploaded your contribution but can't seem to get the unsecure.php to work.

Your files are here.

Any help would be great, i've been scratching my head for most of the afternoon.

Cheers,
Dave

[germ]

Bad news.


You're on one of those servers where nothing changes in the "environment" that is visible to PHP.

osC relies on being able to detect when SSL is active by checking some server variable that has a different value (or doesn't exist) when SSL is active.

The server you are on has no such variable.

You could put is a support ticket and ask them why and if they could arrange something for you. If you look at this page $SERVER['HTTPS'] is "standard
PHP but they have that turned off or unavailale on your server.

You could try this. If you try that be aware that it may not work all the time if you actually manually tyoe in a https url to the store. But it should work fine if all you do is click links on the pages.

[scdesigns]

That works perfectly. I know it's not ideal, but it gets me out of trouble while i hassle the crap out of this horrible hosting company.

You're a legend, thank you so much for your help!

[sweetpatoodies]

Hi,
I'm trying to use the ssl implementation contribution to track down a problem with my HTTPS pages showing secure and unsecure images when accessed using IE8 and Vista. I've installed the contribution, but am getting this error message when I try to use the unsecure.php file (I'm probably missing some simple point).

Forbidden
You don't have permission to access /store_tole_decorative_painting/unsecure.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.41 Server at www.decorativepaintingstore.com Port 443

Any idea what I'm doing wrong?
Sharon

[germ]

The store isn't recognizing the cue from the server hat SSL is on or the config file(s) are wrong.

Read the first post in this thread closely.

It has things for you to CHECK and TRY.

My answer has nothing to do with your question (sorry about that ) but EVERYTHING to do with your SSL problem.

[sweetpatoodies]

Yes, I've read the first post. I sure my configure file is ok. I've had tech support at my host company check and they say the configure file is perfect. What I'm thinking it might be is the application-top.php file. My file has this line in it:

// set the type of request (secure or not)
$request_type = (stristr(getenv('HTTP_X_FORWARDED_HOST'), "https://www.decorativepaintingstore.com")) ? 'SSL' : 'NONSSL';

The part that is different than what you've said it should be is the "(stristr)" I've tried removing this and changing it to the statement you have listed, but then I get other error messages.

[germ]

Use this code:

// set the type of request (secure or not)
  $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

[sweetpatoodies]

germ, on 20 October 2009, 03:28, said:

Use this code:

// set the type of request (secure or not)
  $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

******
I just tried that before you replied, but when I use the login.php page, enter a name and password, then click continue, it just loops back to itself and won't let me log in as a customer.

[sweetpatoodies]

Just as another double check... here's the data in my includes/configure.php file:

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.decorativepaintingstore.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.decorativepaintingstore.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.decorativepaintingstore.com');
define('HTTPS_COOKIE_DOMAIN', 'https://www.decorativepaintingstore.com');
define('HTTP_COOKIE_PATH', '/store_tole_decorative_painting/');
define('HTTPS_COOKIE_PATH', '/store_tole_decorative_painting/');
define('DIR_WS_HTTP_CATALOG', '/store_tole_decorative_painting/');
define('DIR_WS_HTTPS_CATALOG', '/store_tole_decorative_painting/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG', '/home/decorati/public_html/store_tole_decorative_painting/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

[sweetpatoodies]

sweetpatoodies, on 20 October 2009, 03:48, said:

******
I just tried that before you replied, but when I use the login.php page, enter a name and password, then click continue, it just loops back to itself and won't let me log in as a customer.

But also wanted to say with this change to the application-top.php when I look at the page source the <base href= now shows "https://www.decorativepaintingstore.com/store_tole_decorative_painting/">, so that is good. Now if I can only find out why, it won't process the login.

[germ]

Change what I said to change and change this:

define('HTTPS_COOKIE_DOMAIN', 'https://www.decorativepaintingstore.com');

to

define('HTTPS_COOKIE_DOMAIN', 'www.decorativepaintingstore.com');

or

define('HTTPS_COOKIE_DOMAIN', '.decorativepaintingstore.com');

[sweetpatoodies]

germ, on 20 October 2009, 23:05, said:

Change what I said to change and change this:

define('HTTPS_COOKIE_DOMAIN', 'https://www.decorativepaintingstore.com');

to

define('HTTPS_COOKIE_DOMAIN', 'www.decorativepaintingstore.com');

or

define('HTTPS_COOKIE_DOMAIN', '.decorativepaintingstore.com');

****
I made the changes you suggested, but when I clicked on MY ACCOUNT to get to the login page, the COOKIE USAGE page came up saying I needed to enable cookies, even though I already have cookies enabled on my browser. Same happened whether I had the https cookie domain defined as "www.decorativepaintingstore.com", ".decorativepaintingstore.com" or I even tried "decorativepaintingstore.com"

[germ]

In your admin make sure "Force Cookie Use" is false.

Then make the changes I said to make (I'm not saying that again).

If you can't do what I say you're wasting your time and mine.

The way you have it now it will never work.

Quote

Found HTTPS_COOKIE_DOMAIN:

define('HTTPS_COOKIE_DOMAIN', 'https://www.decorativepaintingstore.com');

HTTPS_COOKIE_DOMAIN line parsed!



Parsing application_top.php for SSL detection key...

Found SSL detection key:

$request_type = (stristr(getenv('HTTP_X_FORWARDED_HOST'), ".sslpowered.com")) ? 'SSL' : 'NONSSL';

[sweetpatoodies]

germ, on 21 October 2009, 02:25, said:

In your admin make sure "Force Cookie Use" is false.

Then make the changes I said to make (I'm not saying that again).

If you can't do what I say you're wasting your time and mine.

The way you have it now it will never work.

First I'll say thank you. I appreciate your time and suggestions. Without people like you, people like me who aren't as familiar with oscommerce and php language would be totally lost... your last suggestion to change "Force Cookie Use" to "false" in the admin panel seemed to do the trick, along with change you suggested to the includes/application-top.php file. I didn't reload the edited configure.php file because it seems to be working without that change.

Second, I DID make the changes you told me to make each time, then installed, and tested them. When they didn't work, I restored the 2 files I had been using because my store was working ok in Firefox, Safari, and earlier versions of IE. I have an active store and couldn't afford to leave it in a totally broken state while I continued to test options to fix the problem that was cropping up in IE8.

Again, thanks for your help. I've checked the site out on a Windows Vista computer using IE8 and I'm not longer getting error messages and all my images are showing up on https pages.

[germ]

I still think the cookie domain is screwed:

Quote

Found HTTPS_COOKIE_DOMAIN:

define('HTTPS_COOKIE_DOMAIN', 'https://www.decorativepaintingstore.com');

HTTPS_COOKIE_DOMAIN line parsed!

[sweetpatoodies]

germ, on 21 October 2009, 03:14, said:

I still think the cookie domain is screwed:

I can change it to "www.decorativepaintingstore.com" if you think that will make a difference. Is there something I can do or check to tell if it does or not?

[germ]

sweetpatoodies, on 21 October 2009, 03:19, said:

I can change it to "www.decorativepaintingstore.com" if you think that will make a difference. Is there something I can do or check to tell if it does or not?

I would suggest that change.

The way to check it is this:

Add some things to the cart, THEN login.

If the cart empties - the cookie is wrong (most likely).

If the things are still in the cart after logging in - it was a good change.

[sweetpatoodies]

germ, on 21 October 2009, 03:23, said:

I would suggest that change.

The way to check it is this:

Add some things to the cart, THEN login.

If the cart empties - the cookie is wrong (most likely).

If the things are still in the cart after logging in - it was a good change.

I changed it to "www.decorativepaintingstore.com". Added items to cart, then logged in and items stayed in cart. (Although they also stayed in cart when it was set at "https://www.decorativepaintingstore.com".) I'll leave it as you suggested; it seems to be running smoothly.

Thanks again... I would never have figured this one out on my own.