3 replies to this topic

[TwinkleJoy]

Hi.

I installed the Loginbox Best addon (http://addons.oscommerce.com/info/2538) which gives me a login box on my column right. That is, being rendered from index.php. I am not very familiar with SSL, and have been reading through the forum - as far as i understand, one should not put SSL on all pages of OSC, but only on pages where the confi info would be typed in, like login.php.

But since Loginbox Best addon is being rendered from the index.php (a call to column_right.php), this means the customer may type in his/her username and password from index.php, this would then mean i need an SSL for my index.php as well, wouldn't I? That being said, i would need SSL for all other pages since column_right.php is called by every page?!

Has anyone had the same "issue"? how should i go around with this?

Thanks so much in advance!

Twinklejoy

[germ]

A contribution obviously written by someone who doesn't know their osC from a hole in the ground...


Make these code changes:

Old code:

			<form name=\"login\" method=\"post\" action=\"" . tep_href_link(FILENAME_LOGIN, 'action=process') . "\">

New code:

			<form name=\"login\" method=\"post\" action=\"" . tep_href_link(FILENAME_LOGIN, 'action=process', 'SSL') . "\">

Old code:

			   <td align=\"center\" class=\"infoBoxContents\">
				  " . BOX_LOGINBOX_PASSWORD . " <A HREF=\"" . tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'NONSSL') . "\">" . BOX_LOGINBOX_FORGOT_PASSWORD . "</A>

New code:

			   <td align=\"center\" class=\"infoBoxContents\">
				  " . BOX_LOGINBOX_PASSWORD . " <A HREF=\"" . tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL') . "\">" . BOX_LOGINBOX_FORGOT_PASSWORD . "</A>

Old code:

  $info_box_contents[] = array('align' => 'center',
							   'text'  => $loginboxcontent . 
					  '<a href="' . tep_href_link(FILENAME_ACCOUNT, '', 'NONSSL') . '">' . LOGIN_BOX_MY_ACCOUNT . '</a><br>' . 
										  '<a href="' . tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'NONSSL') . '">' . LOGIN_BOX_ACCOUNT_EDIT . '</a><br>' .
										  '<a href="' . tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'NONSSL') . '">' . LOGIN_BOX_ACCOUNT_HISTORY . '</a><br>' .
										  '<a href="' . tep_href_link(FILENAME_ADDRESS_BOOK, '', 'NONSSL') . '">' . LOGIN_BOX_ADDRESS_BOOK . '</a><br>' .
										  '<a href="' . tep_href_link(FILENAME_ACCOUNT_NOTIFICATIONS, '', 'NONSSL') . '">' . LOGIN_BOX_PRODUCT_NOTIFICATIONS . '</a><br>' .
										  '<a href="' . tep_href_link(FILENAME_LOGOFF, '', 'NONSSL') . '"><b>' . LOGIN_BOX_LOGOFF . '</b></a>'
	   				  );

New code:

  $info_box_contents[] = array('align' => 'center',
							   'text'  => $loginboxcontent . 
					  '<a href="' . tep_href_link(FILENAME_ACCOUNT, '', 'SSL') . '">' . LOGIN_BOX_MY_ACCOUNT . '</a><br>' . 
										  '<a href="' . tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL') . '">' . LOGIN_BOX_ACCOUNT_EDIT . '</a><br>' .
										  '<a href="' . tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL') . '">' . LOGIN_BOX_ACCOUNT_HISTORY . '</a><br>' .
										  '<a href="' . tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL') . '">' . LOGIN_BOX_ADDRESS_BOOK . '</a><br>' .
										  '<a href="' . tep_href_link(FILENAME_ACCOUNT_NOTIFICATIONS, '', 'SSL') . '">' . LOGIN_BOX_PRODUCT_NOTIFICATIONS . '</a><br>' .
										  '<a href="' . tep_href_link(FILENAME_LOGOFF, '', 'SSL') . '"><b>' . LOGIN_BOX_LOGOFF . '</b></a>'
	   				  );

And you won't have to worry.

BACKUP THE FILE BEFORE MAKING EDITS!!!

The "SSL" is determined by the "link" not the "page", meaning you can have SSL links on a non SSL page - no problem.

[TwinkleJoy]

Hi germ, Thanks a lot!!!

So basically just have to add the SSL bit to the statements...

If i understand it correctly, the typed in password, for example, will then be passed for processing in SSL accordingly, even if my index.php page (also column_right.php which calls the loginBox) stays as non-SSL, yes?
- sorry i am really newbie in this SSL thingy -

Thanks!!!
twinklejoy

[johanv]

Thanks for this help, I agree why would this contribution be made not to route to https pages?