Jump to content
Latest News: (loading..)

Search the Community

Showing results for tags 'ssl'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • News and Announcements
    • News and Announcements
    • Partner Announcements
    • Ambassadors
  • Commercial Support
    • Developer Feedback
  • osCommerce Online Merchant v2.x
    • General Support
    • Installation and Configuration
    • Upgrading from Earlier Versions (v2.x to v2.x)
    • Add-Ons
    • Tips and Tricks
    • Security
  • Development
    • osCommerce Online Merchant v2.4
    • osCommerce Online Merchant Community Bootstrap Edition
    • osCommerce Online Merchant v3.x
    • Development Proposals
  • General
    • OSCOMMERCE.TV
    • Next Steps / Optimizations / Marketing
    • Live Shop Reviews
    • E-Commerce Laws
    • General Discussions
    • PHP / SQL / Web Design
  • oscBooks and oscTemplates's Announcements
  • Mini Template System's Announcements
  • PayPal's Announcements
  • Sage Pay's Announcements
  • Solomono - new level osCommerce templates's Announcements

Found 13 results

  1. Hi. I've been busy trying to make my site fully SSL-friendly. One of the last issues I'm having is that the Add to Cart button is not SSL, and I don't know how to change it. I believe the relevant code in the product_info.php file is this: <?php echo tep_draw_form('cart_quantity', tep_href_link(FILENAME_PRODUCT_INFO, tep_get_all_get_params(array('action')) . 'action=add_product')); ?> How do I make that generate an https:// url? Currently it's generating: <form name="cart_quantity" action="http://www.mydomain.com/productname-2222.html?action=add_product" method="post"> I can't figure out hot to get an "s" in there... Thanks!
  2. I have a very heavily modified install of osC 2.2 MS2 - 060817. Recently I changed the entire shop to use HTTPS. To achieve this, I changed the two configure.php files - the one for the shop and the one for the administration section. The relevant part of the shop's configure.php is now: define('HTTP_SERVER', 'https://www.my*web*shop.nl'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.my*web*shop.nl'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.my*web*shop.nl'); define('HTTPS_COOKIE_DOMAIN', 'www.my*web*shop.nl'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); (...) define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' Administration > Configure > Sessions is this: Session Directory /usr/local/sites/*******/tmp/ Force Cookie Use False Check SSL Session ID False Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session True Now a problem occurs. The osCsid stays in the URL all the time (not really recommended) and logging in is not possible. If I manually remove the osCsid variable form the URL I can login, but obviously this is not something I can expect my customers to do. I found two possible solutions, by changing the settings in Configure > Sessions: 1. Set the value for "Force Cookie Use" to TRUE. Now the osCsid simply never appears in the URL (is that good or bad?) and visitors must have cookies enabled (workable, but not perfect). or 2. Set the value for "Recreate Session" to FALSE. The osCsid variable keeps on appearing in the URL every click (not really good), but at least the visitor can log in. But these are not really the solutions I want. While the site was completely NON-SSL, the osCsid variable showed up only once in the URL, and disappeared the next click. I do not force visitors to use cookies. And I recreate the session. That's how I like it to be. My question: Why is the behavior different when using SSL? Or rather: what should I do/change so that - visitors can log in - the osCsid variable appears only once in the URL - Force cookie use can be FALSE - Recreate Session can be TRUE just like it used to be when the shop was NONSSL. Or if I am asking something impossible, what are the (serious) down sides to Force Cookie Use : True and Recreate Session : False? For example, I read elsewhere on the forum some vague rumors that some payment processors need an osCsid or that not recreating the session could be a security issue. Btw, the shop is so heavily modified that a complete upgrade to osC 2.3.4 BS Edge or so is not an option.
  3. Moving from HTTP to HTTPS

    Hi, With news, rumors and articles suggesting that Google is starting to de-rank sites that are not HTTPS across the entire site I just want to double check how I do this. I currently have an SSL in place so is it simply a question of amending the 2 configure.php files on the admin and frontend? Any pointers would be very gratefully received! Paul
  4. osCommerce: 2.3.4 PHP: 5.6.22 MySQL: 5.7.17 Hi Guys, I’m quite new to OSCommerce and am currently helping out with somebodies store. I’ve run into a bit of a situation with the Addon SEO URLs 5... We were in the process of forcing https:// connection for every page. For some reason this prevented a user from being able to add products with attributes to the basket via ‘Add to Cart’ action from the Product Page. This wasn’t great, so we reverted and removed our rules for https from the .htaccess file. After thinking we had put everything back to normal, we started getting 404s for every product page, where it could not serve that customised URL from the server. We set SEO URLs 5 and cache to ‘false’. This fixed the issue, but now the URLs are with the cPath and product ID. This isn’t great as Google has already indexes the SEO URLs... I’m assuming the issue lies somewhere with the SEO URLs Addon. If anyone has any info, or could point us in the right direction to start some troubleshooting. That would be much appreciated, Thank you.
  5. Thanks, Jack! The SSL was installed by our IP, Netfirms.com of Canada, could it still be BOM IF: The cert worked fine, without e-mail error messages for at least a month after the store was set up? They seemed to disappear for a while after I turned off the ‘check SSL in admin, we were getting five e-mails with every order. The orders indicated in the e-mail error message was placed without any other problems, AND no error appears on-screen during the checkout process. We also get an error e-mail when someone starts to make an order, and then changes their mind. Does any of this make sense? Thanks again. Lark
  6. ADMIN Login Issue

    Hello all, I am new to the FORUM and a novice on OSCOMMERCE. we recently updated to OQC 2.3.3, and added an SSL certificate and since have not been able to login to the admin part of our site/store. It has locked us out for too many attempts, and does not have a forgot password function. I thought I had the password, but still would not allow entry login. I am wondering if it due to SSL change? Either way, I am wanting to learn how to login back in not knowing the password? Many thanks!
  7. This is my first time on the forum, and a novice for sure. We acquired our business and it was already running OSCommerce for the store. Recently we added the SSL certificate through our hosting provider Godaddy, and the store stopped working altogether. I used www.whynopadlock.com to identify some issues and searched the forums to change the configuration.php files to get whynopadlock to a clean state, but the shopping cart still will not work, it takes you from product info pages to Whats in my Cart, and the cart is empty. Using "Inspect" on Chrome, provided the following Mixed Content Error: Mixed Content: The page at 'https://bransonbean.com/store/catalog/product_info.php?products_id=2241&osCsid=occv79lapdgbs1r293t35oo4r1' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://bransonbean.com/store/catalog/advanced_search_result.php'. This endpoint should be made available over a secure connection. Which clearly seems there are still some http links somewhere in the code. The above info on Inspect shows another spot where it is going to http instead of Https... Any help would be appreciated.
  8. Hi. I've got a problem with an ancient osCommerce installation which I believe is MS2. It's old and creaky, but it's been at least functional for a very long time. Now I ran into big problems when I tried to get our new SSL certificate working with this installation. I can get it to work alright, different browsers tell me that the site is secure. The problem is that when SSL works, customers can't log in. An attempt to login only directs the user back to the login page with no error message. Trying to use a wrong password does result in a password / user mismatch error, though. I know this version of osCommerce is very old, but updating is a pain and we're currently planning on building a new shop from the ground up. We'd just need to get SSL working for however long it takes for us to get a brand new site up and running. Here's what I have in my catalog's configure.php right now. This works, customers can log in ok, but SSL is off. define('HTTP_SERVER', 'http://www.mydomainhere.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.mydomainhere.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', false); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', '.mydomainhere.com'); define('HTTPS_COOKIE_DOMAIN', '.mydomainhere.com'); define('HTTP_COOKIE_PATH', '/shop/'); define('HTTPS_COOKIE_PATH', '/shop/'); define('DIR_WS_HTTP_CATALOG', '/shop/'); define('DIR_WS_HTTPS_CATALOG', '/shop/'); This is how I tried to get it to work. Site appears secure, login breaks. define('HTTP_SERVER', 'https://www.mydomainhere.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.mydomainhere.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', '.mydomainhere.com'); define('HTTPS_COOKIE_DOMAIN', '.mydomainhere.com'); define('HTTP_COOKIE_PATH', '/shop/'); define('HTTPS_COOKIE_PATH', '/shop/'); define('DIR_WS_HTTP_CATALOG', '/shop/'); define('DIR_WS_HTTPS_CATALOG', '/shop/'); With the SSL configuration above osCsid also seems to stay in the URLs. Refreshing the page doesn't do anything to it. If I manually delete the automatically appearing osCsid from the page url and load up login.php by itself, login works. I also noticed that if I login as a customer using the non-SSL configuration and then log out and switch to the configuration that enables SSL, I can log in again as long as the old cookies are present. If I erase the cookies, osCsid appears in the address bar and login breaks. I'm not really familiar with SSL certificates. All I know is that this is from GeoTrust and the domain matches (www. included) with this site. But I guess the certificate itself is not the problem, since it does appear to work. Here are my settings from the admin side: Force cookies = false (setting this to true only gives the osC error page about enabling cookies) Check SSL session ID = true (false when SSL is off) Check user agent = false Check IP address = false Prevent spider sessions = true Recreate session = true In the error log I'm getting a lot of stuff like this. Could this be a part of the problem? The PHP version on the server is 5.3.29, I thought it's 5.4 that is incompatible? PHP Deprecated: Function session_is_registered() is deprecated PHP Deprecated: Function session_register() is deprecated PHP Deprecated: Function session_is_registered() is deprecated PHP Deprecated: Function eregi() is deprecated Any ideas? Any help would be appreciated, I've googled for hours without finding a solution. Thanks.
  9. I have problem with my store. I'm using SSL and in the "sessions" configuration 2 options enabled: force cookie usage and prevent sessions start by bots. I noticed a strange behavior: When a logged in user watch products and logs out - next time he logs in the previously watched products are in his shopping cart :( Could you please suggest me where I can have a bug? Thank you.
  10. Hi all, i have all shop whit https secure ssl certificate but i foun one problem. All on admin works fine only fail modules_content.php when i click on modules content the page show this. My shop is 2.3.4 bootstrap gold whit IMPROVED CONTENT MODULES ADMIN FOR 2.3.4 RESPONSIVE installed http://addons.oscommerce.com/info/9458/v,23 Tanks for your help Error! Unable to determine the page link! Function used: tep_href_link('', '', 'SSL')
  11. Hello, I use osCommerce 2.3.1 with ULTIMATE Seo Urls 5 PRO ( version 1.1 ) and i switched my website to HTTPS/SSL. My problem is that ULTIMATE Seo Urls still rewrites the URLs to HTTP. Where can I change that? osc-er
  12. osC OpenSSL Encryption with jCryption - Support thread - Without a SSL certificate the data posted on your shop might be visible to third parties, e.g. your admin username and password. With this Add-On all form data will be encrypted using OpenSSL before it's posted to the server and then decrypted on your server, greatly enhancing the security for you and your customers. How does this work client requests RSA public key from server client encrypts a randomly generated key with the RSA public key server decrypts key with the RSA private key and stores it in the session server encrypts the decrypted key with AES and sends it back to the client client decrypts it with AES, if the key matches the client is in sync with the server and is ready to go everything else is encrypted using AES Source: http://www.jcryption.org/#howitworks Features for this Revision: Support for and tested on osCommerce 2.3.4 Should work for most osCommerce versions with minimum modification. Tested successfully on Google Chrome, Firefox and IE Encrypts all Form Data with OpenSSL Works on both catalog and admin side of shop Uses jCryption library. Screenshots included in package. Download Add-On here: http://addons.oscommerce.com/info/9333
  13. Sage Pay Question

    I have taken over a OSCommerce run site that is hosted on a linux server through lunar pages. We use Sage Pay to clear credit cards through the site. Recently sage pay did a security certificate update to sha-1 to sha-2. Since this change we've not been able to clear transactions through the site. Sage has essentially zero customer support for linux, so I am left swimming to find a fix. I was told that if we were to change the "post location" for our transactions, this will be a fix. They said to do to change the following. current post location is https://va.eftsecure.net change to https://gateway.sagepayments.net. I made this change here in my site. This is on line 220 on the attached page. /public_html/includes/modules/payment/ When I make this change as reflected in the attached, I get the following error when I try to make transactions. Payment Error There has been an error processing your credit card. Please try again. Server Error 405 - HTTP verb used to access this page is not allowed. The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access. Server Error 405 - HTTP verb used to access this page is not allowed. The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access. apache 2.2.24 mysql 5.5.30 php 5.3.27 osCommerce Online Merchant v2.2 RC2a I have no doubt that many of the versions from server to OSCommerce are very much out of date. Is there anything I need to do? Any help would be great. Thanks!net1-backup.php
×