20 replies to this topic

[officer]

Please bear with me.

my site was working fine in IE and FF untill I enabled SSL.


Case 1:

Issue 1: This issue involves .swf which is not loading in IE with http/https but loads in FF with http/https.

    In IE all the other pictures/videos are loading with http/https.

Issue 2: There is feedjit live trafic doesn't work in IE but works in FF with http/https

application_top.php has

$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'www.yoyopoint.com') ? 'SSL' : 'NONSSL';

and general.php

if ((ENABLE_SSL == true) && (getenv('HTTP_X_FORWARDED_HOST') == 'www.yoyopoint.com') )


Case 2:

If I change the values as below

application_top.php

$request_type = ($_SERVER['HTTPS'] == 'www.yoyopoint.com') ? 'SSL' : 'NONSSL';

and general.php

if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') )

then

for IE

.swf and feejit starts working in IE with http and for https gives a security warning and do not work also all pictures stops displaying

for FF

http: everything works
https: .swf stops working (feedjit is working)

------------------------------------------------------

all advise/help is appreciated.

[germ]

Click the "SSL Implementaion Help" link in my signature.

[officer]

Thanks for the reply.

I read the post within post

How to install SSL on OSC: A Simple 1-2-3 Instruction, Simple, straighforward instructions

my files/settings were as per the instructions or I made editing where it was not.

and then I continued with your post.

1.  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

In IE a call to https gives unsecure warning and clicking yes does not work as expected.        

cfgchk is fine.

I am troubleshooting with the below lines in place:

application_top.php

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

and general.php

if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') )

then

for IE

http: .swf and feedjit starts working
https gives a security warning and do not work also all pictures stops displaying

for FF

http: everything works
https: .swf stops working (feedjit is working)


call to .swf is with https.

[germ]

osC relies on some variable accessible to PHP to change when SSL is active.

Using my contribution you uploaded to your site I can not find any variable at all that changes when going from HTTP to HTTPS.

Therefore the only thing I can suggest other than switching hosts is this

[officer]

boss it is working fine after the change suggested.


so far looks all right. Thanks for your kind support.

will check in detail later.

[officer]

by the way you know any good host where everything works perfect without much customization.

I was not expecting surprises from network sol. (on missing variables)

Edited by officer, 07 May 2012 - 05:40 PM.

[germ]

Glad it's working for you.


Sorry but it's against forum rules to suggest hosts by name specifically as that's considered "advertising" which is "verboten"

[officer]

ok, I have done some testing.

with Firefox I am satisfied for the whole shopping process.

with IE in the end of shopping process when the checkout_success page appears (your order has been  processed)

then when I clicked on continue,  IE gave me the same security warning and clicking yes lost all the images and formatting.

I have added

   case FILENAME_INDEX:
        case FILENAME_SHOPPING_CART:


any suggestion?

[germ]

Remove the lines you said you added. You're making pages use SSL that don't need to.

At the top of /catalog/checkout_success.php change this code:

tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string));

To this
  
tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string, 'NONSSL'));

[officer]

lines removed

and changed the code to:
tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string, 'NONSSL'));

same issue exists

on clicking continue still it tries to access index.php using https

[germ]

After looking at the code and a little testing on my WAMP server I came up with the code below.

It should solve your problem:


tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string,'NONSSL') . "\n");

[officer]

thanksalot for supporting.

tried the new line but clicking continue still calls the index page with https

IE gave me the same security warning and clicking yes lost all the images and formatting.

[germ]

Well it worked for me.


Try the code below.

if ( strlen($notify_string) )
  header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT . '?' .  $notify_string );
else
  header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT );

[officer]

Please correct me if I am wrong.

I think I need index.php always nonssl

any calls to it with https and then it crashes.


in application_top

I have moved up the line "default: $request_type.."


switch ( basename($PHP_SELF) ) {

default: $request_type = 'NONSSL';  
case FILENAME_ACCOUNT:
   ..............

it is helping atleast not to crash the index.php page  but now flash doesnot appear.

how can I make index.php nonssl



also in your last advice I put the line of code below

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'update')) {
$notify_string = '';

if (isset($HTTP_POST_VARS['notify']) && !empty($HTTP_POST_VARS['notify'])) {
  $notify = $HTTP_POST_VARS['notify'];

  if (!is_array($notify)) {
$notify = array($notify);
  }

  for ($i=0, $n=sizeof($notify); $i<$n; $i++) {
if (is_numeric($notify[$i])) {
  $notify_string .= 'notify[]=' . $notify[$i] . '&';
}
  }

  if (!empty($notify_string)) {
$notify_string = 'action=notify&' . substr($notify_string, 0, -1);
  }
  
  if ( strlen($notify_string) )
  header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT . '?' .  $notify_string );
  else
  header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT );

}

// tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string));
tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string,'NONSSL') . "\n");
  }

Edited by officer, 09 May 2012 - 07:09 PM.

[MrPhil]

First of all, are you satisfied that the osC code is discovering whether a page is SSL or not is working correctly? Some servers return '1' instead of 'on' for getenv('HTTPS'), while others require a different variable name, and still others have $_SERVER['HTTPS'] defined while others don't. Flash aside, does your store appear to be using SSL (https) on the correct pages?

switch ( basename($PHP_SELF) ) {

default: $request_type = 'NONSSL';
case FILENAME_ACCOUNT:
..............

What are you doing here? You are aware that the default case will fall through into the FILENAME_ACCOUNT case, unless you put a break; in there?

Was the original problem that certain SSL-enabled pages were no longer serving up certain content (Flash)? Were you getting browser warnings that there was insecure content on those pages? Whatever code you added to display Flash will either have to be removed/disabled on SSL pages, or you will need to modify it so that it invokes whatever it's invoking via https: instead of http:. If this is to your own site, do you even need to give httpX://your domain, or can you just give the HTML path to the file?

Sorry if these questions seem all too obvious, but sometimes people get themselves all tangled up trying use a complex solution when a very easy one is possible.

[germ]

Minor correction.

The replacment code should be:

	if ( strlen($notify_string) )
	  header('Location: ' . HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_DEFAULT . '?' .  $notify_string );
	else
	  header('Location: ' . HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_DEFAULT );

The only difference being if you have a non-root install the old code throws you back to the root.

The index should NEVER be SSL, and as far as I can tell with the code I posted it isn't. It never is on my WAMP server.

Maybe you should switch hosts and stop fighting problems caused by an inept server.

[officer]

Thanks for the help.

to make the things simple I have removed my site and reinstalled the oscommerece default site.

I enabled the ssl.

testng the site with ssl enabled sending me to https:// index page

my configuration is same as below



(6) In includes/configure.php, set the SSL to "true"; it should look something like this near the top, if you assigned the SSL to www.yoursite.com:
define('HTTP_SERVER', 'http://www.yoursite.com');
define('HTTPS_SERVER', 'https://www.yoursite.com');
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', '.yoursite.com');
define('HTTPS_COOKIE_DOMAIN', '.yoursite.com');

(7) In admin/includes/configure.php, set the SSL to "true" and add an "s" after all the http's. So it'll look something like this, if assigned to www.yoursite.com:
define('HTTP_SERVER', 'https://www.yoursite.com/');
define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com/');
define('HTTPS_CATALOG_SERVER', 'https://www.yoursite.com/');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

[MrPhil]

You should never have https: on an HTTP_ entry. That will make all pages under SSL, which you don't want. What are you trying to do?

It sounds like either you aren't picking up SSL when you should (see above discussion on getenv('HTTPS'), etc.), or you have a hard coded http: URL being used on an SSL page. Embedded content (images, css, js, flash, etc.) need to be https: if used on an SSL (https) page, or you'll get a browser error about insecure content. If a resource is on your site, omit the http://domain and just use the path (absolute or relative) for the URL. I would hope that osC is smart enough to just give the path and filename for embedded content, but maybe it isn't. The browser will figure out the right thing to do. http: page links are OK, but might give a warning that you are leaving a secure page.

[officer]

MrPhil I have default osCommerce package loaded and enabled ssl with the above settings. there are no other changes made in the code whatsoever.

I did a test purchase. on confirming the order the index page comes up with https.

[MrPhil]

Your configure.php file(s) are incorrect. You have https: on the HTTP_ entries. Fix that.