Jump to content


  • Content count

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Conclusion to setting SSL Certificates in oscommerce v2.3.3.1 Most copy from others and I keep on try and error to test. Feel free to correct . 1. You need to set a Certificates some hosting provide free cert. ( in cPanel , icon “SSL Certificates”, one need to make sure to check if there is "Force SSL with https redirect” is checked. ) 2. change in "includes/configuration.php", ( and remember to set the permission back to 444 after modify ) define('HTTP_SERVER', 'https://www.domain.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.domain.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.domain.com'); define('HTTPS_COOKIE_DOMAIN', 'www.domain.com'); 3. change in “admin/includes/configuration.php” to : define('HTTP_SERVER', 'https://www.domain.com'); // eg, http://localhost - should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'https://www.domain.com'); define('HTTPS_CATALOG_SERVER', 'https://www.domain.com'); define('ENABLE_SSL_CATALOG', 'true'); 4. Change inside of the store admin panel go to Configuration ->> Sessions: and change to theses values: Force Cookie Use True Check SSL Session ID True Check User Agent True Check IP Address True Prevent Spider Sessions True Recreate Session True 5. Change .htaccess: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" Header unset X-Powered-By Header unset Server Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$"> Header unset X-XSS-Protection </FilesMatch> </ifModule> ============================================= Remark : A. Here is the what many people find problem When you go to https site, but the browser will show your site is not secure. Funny is Microsoft Edge will show secure but NOT for Chrome or Opera. Most sites do not mention changing in "includes/configuration.php" “define('HTTP_SERVER', 'http://www.domain.com') “ to “define('HTTP_SERVER', 'https://www.domain.com') “ Some because the site have external insecure http link . ( e.g. image link to http://xx ) But what I working on is a simply shop. No such error but still have the above ‘your site is not secure.’ This is because inside your page those link still link to insecure http ( e.g. your products link ). Funny is when you click this product, it will go to a secure https site. But when you copy the link , it shows insecure http. Thus just simply make all to https . B. Or losing the CSS, images and layout ( copy from user gassko ) clear the browser cache. =============================================
  2. ahjeff

    Google reCAPTCHA v3

    Yes, the google code lab really useless....so as the developer forum .... If you need to use reCaptcha v3, you can just Register a new site in the admin console. ( you can use same account, they will give you other keys )
  3. ahjeff

    Google reCAPTCHA v3

    i get it now... it will protect the whole site. thanks for your work
  4. thanks,,, but You state " includes/languages/english/hooks/shop/siteWide/jcm_google_recaptcha.php " ??? but Folder , includes/languages/english/hooks/shop/siteWide/ , only have 2 files.....injectFormDisplay.php and injectFormVerify.php.... Do you mean the files in /includes/languages/english/google_recaptcha.php ?
  5. ahjeff

    Google reCAPTCHA v3

    How to implement in contact_us.php and create_account.php .? not all page is needed..
  6. ahjeff

    Google reCAPTCHA v3

    Sorry, I missed that. I mean contact_us.php and create_account.php ... how to implement your module...? there is no options...
  7. ahjeff

    Google reCAPTCHA v3

    How to implement in login.php , contact_us.php ???
  8. ahjeff

    Google reCAPTCHA v3

    can enable in Modules > Boxes. but how to implement in specific page?