opalmirror

I observed the same problem with the Administration Access Levels Accounts 2. I borrowed BlackOps' technique (below) for using an array, and since there was no preexisting admin/includes/config.php on my system (and since it didn't seem to have any affect), I placed all modifications in admin/includes/functions/html_output.php itself. First near the top: $force_ssl_list = array( FILENAME_CUSTOMERS, FILENAME_ORDERS, FILENAME_ORDERS_PACKINGSLIP, FILENAME_ORDERS_INVOICE, FILENAME_CREATE_ACCOUNT, FILENAME_CREATE_ACCOUNT_PROCESS, FILENAME_CREATE_ACCOUNT_SUCCESS, FILENAME_CREATE_ORDER_PROCESS, FILENAME_CREATE_ORDER, FILENAME_EDIT_ORDERS, FILENAME_LOGIN, FILENAME_STATS_CUSTOMERS ); define('ENABLE_SSL', true); define('HTTPS_SERVER', 'https://metolius.loowit.net'); Note this makes the login and customers stats pages also SSL-only. Then later in the file at the top of tep_href_link: global $force_ssl_list; and I replace: if ($connection == 'NONSSL') { with: if ($connection == 'NONSSL' && !in_array($page, $force_ssl_list)) { and I replace: } elseif ($connection == 'SSL') { with: } elseif ($connection == 'SSL' || in_array($page, $force_ssl_list)) { Now all works well... James