26 replies to this topic

[MBScott]

I'm not sure why,

but in checkout_shipping.php the button to continue goes to "checkout_payment.php" with no SSL!

Everywhere it says:

	  tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));

it doesn't go to the https page.

I have a good cert, the config file has the right url and ssl is enabled. I don't understand what I'm doing wrong here.


Missy

[germ]

MBScott, on 20 January 2010 - 03:41 PM, said:

I'm not sure why,

but in checkout_shipping.php the button to continue goes to "checkout_payment.php" with no SSL!

Everywhere it says:

	  tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));

it doesn't go to the https page.

I have a good cert, the config file has the right url and ssl is enabled. I don't understand what I'm doing wrong here.


Missy

Does the site switch to SSL for login and create account?

[MBScott]

germ, on 20 January 2010 - 05:37 PM, said:

Does the site switch to SSL for login and create account?

Only because I went in and changed the url's by hand this morning, but before I did that, no.

???

[MBScott]

MBScott, on 20 January 2010 - 05:59 PM, said:

Only because I went in and changed the url's by hand this morning, but before I did that, no.

???

I have gone through and undid the hard coding I had done this morning...  I wanted to make sure the cert was installed and working,etc.   Now that you bring it up, I see that it is never going to SSL at all, anywhere!

Here's the top of my config file:

  define('HTTP_SERVER', 'https://sitename.com');
  define('HTTPS_SERVER', 'https://sitename.com');
  define('ENABLE_SSL', true);
  define('HTTP_COOKIE_DOMAIN', 'sitename.com');
  define('HTTPS_COOKIE_DOMAIN', 'sitename.com');
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/');
  define('DIR_WS_HTTP_CATALOG', '/');
  define('DIR_WS_HTTPS_CATALOG', '/');
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Couldn't be that we haven't been using www could it?

Edited by MBScott, 20 January 2010 - 06:22 PM.

[jazzyrosez]

I am too having a problem with a similar that. Who is your server provider? Mine is through Network Solution. I just tried both www. and no www. and I still getting the warning pop up do you want to display the non secure images.  I was told by Network Solution that they can't help me with this problem because of
"We are sorry to hear that you are having issues with your website. However, we do not support the troubleshooting or insertion of custom code, or "Do It For Me" on your level of hosting package. Your error means you have non-encrypted content on the page, such as an image or a script. If you need help with fixing this, please contact a professional web developer. The server is properly serving secure (https) content."

I am a professional web developer. I think they mean to say professional web programmer. I will hunt to see if I can find anything else and post it here..
https://www.mysitename.com/catalog/images/background.jpg works and is secure.. I guess I will try every images in that folder to see if they work securely.. then if they do then it is the coding..

[germ]

Sometimes the code used to detect SSL in osC doesn't work.

I have this contribution:

SSL Help

Download it, unzip it, then upload the file myenv.php to your catalog folder.

Then access it WITH YOUR HTTPS URL like:

https://www.yoursite.com/catalog/myenv.php

It will output some text to your browser.

Copy/paste that text into your next post.

You MUST use your HTTPS URL or the info provided will be useless.

[jazzyrosez]

Well.. I just thought of one thing... -slaps forehead-
Will continue to hunt.. for anyhting that is a DUH! Will post the file infomation after I fix this one thing..

[jazzyrosez]

myenv.php Version 1.2

SSL Variables

HTTP HOST: [productionoffroad.com]

Server Port: [80]

SSL Status: [Undefined!]

Fowarded Server: [Undefined!]

Fowarded Host: [Undefined!]

Fowarded By: [Undefined!]

$_SERVER['HTTPS']: [Undefined!]

Warning!!!

The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!!
Load: 2

going to play with it a little.. the graphic  I thought maybe throwing off was not..

[jazzyrosez]

myenv.php Version 1.2

SSL Variables

HTTP HOST: [productionoffroad.com]

Server Port: [80]

SSL Status: [Undefined!]

Fowarded Server: [Undefined!]

Fowarded Host: [Undefined!]

Fowarded By: [Undefined!]

$_SERVER['HTTPS']: [Undefined!]

Warning!!!

The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!!
Load: 2
this is with
// set the type of request (secure or not)
$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

Still
myenv.php Version 1.2

SSL Variables

HTTP HOST: [productionoffroad.com]

Server Port: [80]

SSL Status: [Undefined!]

Fowarded Server: [Undefined!]

Fowarded Host: [Undefined!]

Fowarded By: [Undefined!]

$_SERVER['HTTPS']: [Undefined!]

Warning!!!

The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!!
Load: 2
With $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';
cfgchk.php Version 1.2

File Permissions: 4444

Found HTTPS_SERVER:

define('HTTPS_SERVER', 'https://productionoffroad.com');

HTTPS URL passed check!

Found ENABLE_SSL.

define('ENABLE_SSL', true);

SSL enable passed check!

Found HTTPS_COOKIE_DOMAIN:

define('HTTPS_COOKIE_DOMAIN', 'productionoffroad.com');

HTTPS_COOKIE_DOMAIN line parsed!



Parsing application_top.php for SSL detection key...

Found SSL detection key:

$request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';



Done!

Edited by jazzyrosez, 21 January 2010 - 02:23 AM.

[MBScott]

Mine says:

myenv.php Version 1.2

NONSSL Variables

HTTP HOST: [sitenamehereiscorrect.com]

Server Port: [80]

SSL Status: [Undefined!]

Fowarded Server: [Undefined!]

Fowarded Host: [Undefined!]

Fowarded By: [Undefined!]

$_SERVER['HTTPS']: [Undefined!]

Load: 1

and it opened a new empty window, in ssl.

Thanks,

Missy

ps... that's a ridiculous bug to have for a shopping cart

Edited by MBScott, 21 January 2010 - 02:22 AM.

[MBScott]

If I use https to access that, I get a blank page.

[germ]

Well that proves that the osC code doesn't recognize the cue from the server that SSL in on.

I'll need both of you to upload the mybigenv.php to your catalog folder. I have one URL, but I'll need the other to help the other person. If you don't want to post it PM it to me. But I can't help without it.

Let me know when the file is uploaded.

[germ]

Jasmine, you need to read this post

The last link in that post is how you'll need to do it.

[jazzyrosez]

Jim,
I was reading that post and rying all those things.. checking things out. cookies are set at false. Those files are all upload. I can see all my images thorugh https://www and without www. I have tried all three SSL variable.. Look at the bottom left hand corner at the footer. That the one graphic I thought would not show, but that was my oops duh ya it would. all my base href is http not https. Network Solution stated all my files are in a secure directory. But re reading the post this morning to see if I forgot something..  I always upload my local working file to my server after a change something to see if it works.. If not then I change back to the orginal and try something else. You know how coding is you can't sit there for hours trying to debug somthing without a break.. Do you need anything else?

P.S. I have seen the Enable _SSL Stated both ways. 'true' and true. which is it? atm I have without ' ' going to change that and see if that works.


Okie talk about weird..  I just do things to test theories out.. but.. I decided to delete the spider.txt and the page loaded... in https but lol there is always a BUT..
Warning: file(includes/spiders.txt) [function.file]: failed to open stream: No such file or directory in /data/9/1/25/101/1351101/user/1448701/htdocs/catalog/includes/application_top.php on line 177

Fatal error: Call to a member function add_current_page() on a non-object in /data/9/1/25/101/1351101/user/1448701/htdocs/catalog/includes/application_top.php on line 312

A Hunting I will go..

Edited by jazzyrosez, 21 January 2010 - 11:47 AM.

[jazzyrosez]

Okie, I decided to see what is in my .htaccess.   I need to locate my apache book.. or school work..

AND...   
# $Id: .htaccess 1739 2007-12-20 00:52:16Z hpdl $
#
# This is used with Apache WebServers
# The following blocks direct HTTP requests in this directory recursively
#
# For this to work, you must include the parameter 'Limit' to the AllowOverride configuration
#
# Example:
#
#<Directory "/usr/local/apache/htdocs">
#  AllowOverride Limit
#
# 'All' with also work. (This configuration is in your apache/conf/httpd.conf file)
#
# This does not affect PHP include/require functions
#
# Example: http://server/catalog/includes/application_top.php will not work

<Files *.php>
Order Deny,Allow
Deny from all
</Files>

This means.. ? -hunts-

[germ]

Jasmine, you're on a server where no PHP variables change when SSL is active.

Follow the link in my last post.

It's your only hope, Obi Wan Kenobi...

[MBScott]

germ, on 21 January 2010 - 12:46 PM, said:

Jasmine, you're on a server where no PHP variables change when SSL is active.

Follow the link in my last post.

It's your only hope, Obi Wan Kenobi...

Link is:

http://youstuffitboxes.com

I'm sorry I didn't post it before, but the client is skittish and I didn't really know if it was allowed!

I really appreciate your help!

Missy

[jazzyrosez]

germ, on 21 January 2010 - 12:46 PM, said:

Jasmine, you're on a server where no PHP variables change when SSL is active.

Follow the link in my last post.

It's your only hope, Obi Wan Kenobi...

LOL.. Question it has been about 3+ years since I did the whole server thing. What is the difference from the admin tool in oscommerce for your server info than the other file?

[jazzyrosez]

jazzyrosez, on 21 January 2010 - 03:28 PM, said:

LOL.. Question it has been about 3+ years since I did the whole server thing. What is the difference from the admin tool in oscommerce for your server info than the other file?

again another duh.. I see now that it is turned off and my cookie session if too. Emailed the hosting provider let you know in 24 hours the end result. Thanks for your help.

[jazzyrosez]

okie finally gotten an email back from them..

I apologize for the issue you've had with your hosting.  Our SSL proxy doesn't allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds.

The only ways around this is to (1) assume the connection is secure by making all the links to the sensitive pages https, or
(2) use a client-side program (like javascript) to detect if it's secure and redirect if it's not. The coding below will do just that. Just modify it to redirect to the correct secure domain and add it into the HTML of any sensitive pages.

<script language="javascript">
if (document.location.protocol != "https:")
{
document.location.href = "https://secure.domain.com" + document.location.pathname;
};
</script>