Jump to content
Latest News: (loading..)

Search the Community

Showing results for tags 'ssl'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • News and Announcements
    • News and Announcements
    • Partner Announcements
    • Ambassadors
  • Commercial Support
    • Developer Feedback
  • osCommerce Online Merchant v2.x
    • General Support
    • Installation and Configuration
    • Upgrading from Earlier Versions (v2.x to v2.x)
    • Add-Ons
    • Tips and Tricks
    • Security
  • Development
    • osCommerce Online Merchant v2.4
    • osCommerce Online Merchant Community Bootstrap Edition
    • osCommerce Online Merchant v3.x
    • Development Proposals
  • General
    • Next Steps / Optimizations / Marketing
    • Live Shop Reviews
    • E-Commerce Laws
    • General Discussions
    • PHP / SQL / Web Design
  • Club osC's Announcements
  • PayPal's Announcements
  • Sage Pay's Announcements
  • Solomono - new level osCommerce templates's Announcements
  • German Community's OSCOM v2.x
  • German Community's Allgemein
  • German Community's OSCOM v3.x

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Real Name




Found 11 results

  1. pafranklin

    Moving from HTTP to HTTPS

    Hi, With news, rumors and articles suggesting that Google is starting to de-rank sites that are not HTTPS across the entire site I just want to double check how I do this. I currently have an SSL in place so is it simply a question of amending the 2 configure.php files on the admin and frontend? Any pointers would be very gratefully received! Paul
  2. Nachdem ich auf SSL umgestellt habe, geht der mobile Shop auf dem Handy nicht mehr (auf dem Desktop geht der mobile shop): Meldung: zu oft weitergeleitet ERR_TOO_MANY_REDIRECTS Ich finde jedoch die Nadel im Heuhaufen nicht. Wer kann mir helfen, in welcher Datei ein falscher Eintrag ist?
  3. Hi. I've been busy trying to make my site fully SSL-friendly. One of the last issues I'm having is that the Add to Cart button is not SSL, and I don't know how to change it. I believe the relevant code in the product_info.php file is this: <?php echo tep_draw_form('cart_quantity', tep_href_link(FILENAME_PRODUCT_INFO, tep_get_all_get_params(array('action')) . 'action=add_product')); ?> How do I make that generate an https:// url? Currently it's generating: <form name="cart_quantity" action="http://www.mydomain.com/productname-2222.html?action=add_product" method="post"> I can't figure out hot to get an "s" in there... Thanks!
  4. This is my first time on the forum, and a novice for sure. We acquired our business and it was already running OSCommerce for the store. Recently we added the SSL certificate through our hosting provider Godaddy, and the store stopped working altogether. I used www.whynopadlock.com to identify some issues and searched the forums to change the configuration.php files to get whynopadlock to a clean state, but the shopping cart still will not work, it takes you from product info pages to Whats in my Cart, and the cart is empty. Using "Inspect" on Chrome, provided the following Mixed Content Error: Mixed Content: The page at 'https://bransonbean.com/store/catalog/product_info.php?products_id=2241&osCsid=occv79lapdgbs1r293t35oo4r1' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://bransonbean.com/store/catalog/advanced_search_result.php'. This endpoint should be made available over a secure connection. Which clearly seems there are still some http links somewhere in the code. The above info on Inspect shows another spot where it is going to http instead of Https... Any help would be appreciated.
  5. I have a very heavily modified install of osC 2.2 MS2 - 060817. Recently I changed the entire shop to use HTTPS. To achieve this, I changed the two configure.php files - the one for the shop and the one for the administration section. The relevant part of the shop's configure.php is now: define('HTTP_SERVER', 'https://www.my*web*shop.nl'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.my*web*shop.nl'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.my*web*shop.nl'); define('HTTPS_COOKIE_DOMAIN', 'www.my*web*shop.nl'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); (...) define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' Administration > Configure > Sessions is this: Session Directory /usr/local/sites/*******/tmp/ Force Cookie Use False Check SSL Session ID False Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session True Now a problem occurs. The osCsid stays in the URL all the time (not really recommended) and logging in is not possible. If I manually remove the osCsid variable form the URL I can login, but obviously this is not something I can expect my customers to do. I found two possible solutions, by changing the settings in Configure > Sessions: 1. Set the value for "Force Cookie Use" to TRUE. Now the osCsid simply never appears in the URL (is that good or bad?) and visitors must have cookies enabled (workable, but not perfect). or 2. Set the value for "Recreate Session" to FALSE. The osCsid variable keeps on appearing in the URL every click (not really good), but at least the visitor can log in. But these are not really the solutions I want. While the site was completely NON-SSL, the osCsid variable showed up only once in the URL, and disappeared the next click. I do not force visitors to use cookies. And I recreate the session. That's how I like it to be. My question: Why is the behavior different when using SSL? Or rather: what should I do/change so that - visitors can log in - the osCsid variable appears only once in the URL - Force cookie use can be FALSE - Recreate Session can be TRUE just like it used to be when the shop was NONSSL. Or if I am asking something impossible, what are the (serious) down sides to Force Cookie Use : True and Recreate Session : False? For example, I read elsewhere on the forum some vague rumors that some payment processors need an osCsid or that not recreating the session could be a security issue. Btw, the shop is so heavily modified that a complete upgrade to osC 2.3.4 BS Edge or so is not an option.
  6. osCommerce: 2.3.4 PHP: 5.6.22 MySQL: 5.7.17 Hi Guys, I’m quite new to OSCommerce and am currently helping out with somebodies store. I’ve run into a bit of a situation with the Addon SEO URLs 5... We were in the process of forcing https:// connection for every page. For some reason this prevented a user from being able to add products with attributes to the basket via ‘Add to Cart’ action from the Product Page. This wasn’t great, so we reverted and removed our rules for https from the .htaccess file. After thinking we had put everything back to normal, we started getting 404s for every product page, where it could not serve that customised URL from the server. We set SEO URLs 5 and cache to ‘false’. This fixed the issue, but now the URLs are with the cPath and product ID. This isn’t great as Google has already indexes the SEO URLs... I’m assuming the issue lies somewhere with the SEO URLs Addon. If anyone has any info, or could point us in the right direction to start some troubleshooting. That would be much appreciated, Thank you.
  7. Bei Aktivierung des SSL Zertifikats (Let´s encrypt it) werden die SSL Seiten korrekt aufgerufen. Sobald es um den Kundenbereich geht (Login, Checkout, etc.) kann ich mich nicht einloggen. Die configure.php scheint ok: define('HTTP_SERVER', 'http://www.domain.de'); define('HTTPS_SERVER', 'https://domain.de'); define('ENABLE_SSL', false); define('HTTP_COOKIE_DOMAIN', 'www.domain.de'); define('HTTPS_COOKIE_DOMAIN', 'domain.de'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/');
  8. Hi all, i have all shop whit https secure ssl certificate but i foun one problem. All on admin works fine only fail modules_content.php when i click on modules content the page show this. My shop is 2.3.4 bootstrap gold whit IMPROVED CONTENT MODULES ADMIN FOR 2.3.4 RESPONSIVE installed http://addons.oscommerce.com/info/9458/v,23 Tanks for your help Error! Unable to determine the page link! Function used: tep_href_link('', '', 'SSL')
  9. Hello, I use osCommerce 2.3.1 with ULTIMATE Seo Urls 5 PRO ( version 1.1 ) and i switched my website to HTTPS/SSL. My problem is that ULTIMATE Seo Urls still rewrites the URLs to HTTP. Where can I change that? osc-er
  10. osC OpenSSL Encryption with jCryption - Support thread - Without a SSL certificate the data posted on your shop might be visible to third parties, e.g. your admin username and password. With this Add-On all form data will be encrypted using OpenSSL before it's posted to the server and then decrypted on your server, greatly enhancing the security for you and your customers. How does this work client requests RSA public key from server client encrypts a randomly generated key with the RSA public key server decrypts key with the RSA private key and stores it in the session server encrypts the decrypted key with AES and sends it back to the client client decrypts it with AES, if the key matches the client is in sync with the server and is ready to go everything else is encrypted using AES Source: http://www.jcryption.org/#howitworks Features for this Revision: Support for and tested on osCommerce 2.3.4 Should work for most osCommerce versions with minimum modification. Tested successfully on Google Chrome, Firefox and IE Encrypts all Form Data with OpenSSL Works on both catalog and admin side of shop Uses jCryption library. Screenshots included in package. Download Add-On here: http://addons.oscommerce.com/info/9333
  11. brianscwhitaker

    Sage Pay Question

    I have taken over a OSCommerce run site that is hosted on a linux server through lunar pages. We use Sage Pay to clear credit cards through the site. Recently sage pay did a security certificate update to sha-1 to sha-2. Since this change we've not been able to clear transactions through the site. Sage has essentially zero customer support for linux, so I am left swimming to find a fix. I was told that if we were to change the "post location" for our transactions, this will be a fix. They said to do to change the following. current post location is https://va.eftsecure.net change to https://gateway.sagepayments.net. I made this change here in my site. This is on line 220 on the attached page. /public_html/includes/modules/payment/ When I make this change as reflected in the attached, I get the following error when I try to make transactions. Payment Error There has been an error processing your credit card. Please try again. Server Error 405 - HTTP verb used to access this page is not allowed. The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access. Server Error 405 - HTTP verb used to access this page is not allowed. The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access. apache 2.2.24 mysql 5.5.30 php 5.3.27 osCommerce Online Merchant v2.2 RC2a I have no doubt that many of the versions from server to OSCommerce are very much out of date. Is there anything I need to do? Any help would be great. Thanks!net1-backup.php