Jump to content

  2. Viewing Profile: Posts: anewsolutions

Hosting Developers Payment Shipping Accounting Templates Marketing Books

Our Partners


Latest News: (loading..)

anewsolutions

Member Since 23 May 2012
OFFLINE Last Active Jun 01 2012 11:36 AM
-----

Posts I've Made

In Topic: SSL Problems - Can't Make Sense of It - HELP!

23 May 2012 - 09:20 PM

View Postgerm, on 23 May 2012 - 09:05 PM, said:

I don't get any "unsecure content" but some images won't display on the SSL pages.

Although if I copy/paste the image URL into the browser address bar and access the image directly (with a HTTPS URL) it displays.

It's been my experience that this behavior is usually caused by "Hotlink Protection" in your web hosts cPanel (or the settings therein).

Bingo! Thanks, Jim - it was indeed Hotlink Protection. I had added this functionality in .htaccess while applying a security-related contribution. Thanks for your swift help, Jim (and Phil).

In Topic: SSL Problems - Can't Make Sense of It - HELP!

23 May 2012 - 08:13 PM

View PostMrPhil, on 23 May 2012 - 06:20 PM, said:

It sounds like you still have some page content (embedded content) still being invoked under http:. View your page source in the browser and see what items are still http:

I've checked through the source quite a few times, but the only http references are on anchor tag hrefs. Any images are displayed using a relative path, eg. "images/picture.gif".

View PostMrPhil, on 23 May 2012 - 06:22 PM, said:

Don't forget that there are at least two routines (application_top.php and general.php) that use this test. Make sure you keep them in sync.

I have a general.js in includes, but no general.php.

In Topic: SSL Problems - Can't Make Sense of It - HELP!

23 May 2012 - 06:19 PM

View PostMrPhil, on 23 May 2012 - 06:14 PM, said:

Make testSSL.php with the following content, and try running it under both http: and https:
<?php
// test various ways of determining if a page is invoked under SSL

//  getenv('HTTPS'): if not false, look for '1' or 'on'
echo "(hoping to see '1' or 'on') getenv('HTTPS') returns ";
if (getenv('HTTPS')) {
  echo "'" . getenv('HTTPS') . "'<br>\n";
} else {
  echo "nothing<br>\n";
}
//  getenv('HTTP_HTTPS'): if not false, look for '1' or 'on'
echo "(hoping to see '1' or 'on') getenv('HTTP_HTTPS') returns ";
if (getenv('HTTP_HTTPS')) {
  echo "'" . getenv('HTTP_HTTPS') . "'<br>\n";
} else {
  echo "nothing<br>\n";
}
//  $_SERVER['HTTPS']: if defined and non-empty and not 'off' (IIS uses 'off' instead of empty)
echo "(hoping to see something other than 'off') \$_SERVER['HTTPS'] returns ";
if (isset($_SERVER['HTTPS'])) {
  echo "'" . $_SERVER['HTTPS'] . "'<br>\n";
} else {
  echo "nothing<br>\n";
}
//  $_SERVER['HTTP_HTTPS']: if defined and non-empty and not 'off' (IIS uses 'off' instead of empty)
echo "(hoping to see something other than 'off') \$_SERVER['HTTP_HTTPS'] returns ";
if (isset($_SERVER['HTTP_HTTPS'])) {
  echo "'" . $_SERVER['HTTP_HTTPS'] . "'<br>\n";
} else {
  echo "nothing<br>\n";
}
//  $_SERVER['SERVER_PORT']: by default, == '443' for SSL, == '80' for non-SSL, but this can change with server setup
echo "(hoping to see '443') \$_SERVER['SERVER_PORT'] returns ";
if (isset($_SERVER['SERVER_PORT'])) {
  echo "'" . $_SERVER['SERVER_PORT'] . "'<br>\n";
} else {
  echo "nothing<br>\n";
}

?>

It will tell you what tests you can use for SSL. Erase or rename the file when you're done, so hackers can't use it to explore (and perhaps, exploit) your system.

Using https:

(hoping to see '1' or 'on') getenv('HTTPS') returns 'on'
(hoping to see '1' or 'on') getenv('HTTP_HTTPS') returns nothing
(hoping to see something other than 'off') $_SERVER['HTTPS'] returns 'on'
(hoping to see something other than 'off') $_SERVER['HTTP_HTTPS'] returns nothing
(hoping to see '443') $_SERVER['SERVER_PORT'] returns '443'

In Topic: SSL Problems - Can't Make Sense of It - HELP!

23 May 2012 - 06:03 PM

Thanks for the responses, chaps. Jim, I have changed the $request_type to 'on' and the content displays without prompting to allow unsecure content. However, there are still two issues to iron out.

1. The certificate information states there is unsecure content present ("Your connection to www.jewellersdoncaster.co.uk is encrypted using 256-bit encryption. However, this page includes other resources which are not secure")
2. Some images have not loaded (Search button, PayPal logo, RapidSSL logo and category menu backgrounds)

  1. osCommerce Support Forum
  2. Viewing Profile: Posts: anewsolutions
  3. Privacy Policy
  4. Forum Rules ·