Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

The SSL In OsCommerce Guide For The Innocent


Simplyeasier

Recommended Posts

hello alan my catalog side is working properly. but the admin shows "you are not protected...." at first page.

next when i click on modules-->payments link a page opens with the pad lock , but no payment methods are there. the list is empty. when i go to "tools" link , it gives error "backups directory is not created.."

still the padlock is there.

 

here is my configure.php:

 

define('HTTP_SERVER', 'http://www.bathroomsupplies.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://ss63.shared.server-system.net/~bathroomsupplies.co.uk/'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.bathroomsupplies.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'ss63.shared.server-system.net/~bathroomsupplies.co.uk/');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

 

AND here is adminn/icludes/configure.php (i named the "admin" as "adminn" don't wory it's right):==

 

define('HTTP_SERVER', 'https://ss63.shared.server-system.net/~bathroomsupplies.co.uk/'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.bathroomsupplies.co.uk');

define('HTTPS_CATALOG_SERVER', 'https://ss63.shared.server-system.net/~bathroomsupplies.co.uk/');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

 

define('DIR_WS_ADMIN', 'adminn/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

 

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

 

And when i runs https://ss63.shared.server-system.net/~bath...co.uk/myenv.php

the answer is:

 

HTTP HOST: ss63.shared.server-system.net

Server Port: 443

SSL Status: on

Fowarded Server:

Fowarded Host:

Fowarded By:

 

And when i runs http://ss63.shared.server-system.net/~bath...co.uk/myenv.php

the answer is:

 

HTTP HOST: ss63.shared.server-system.net

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

 

my line 41 is:

========

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

can you help me.

please help me

Link to comment
Share on other sites

  • Replies 401
  • Created
  • Last Reply
Your base href isn't switching.

 

<base href="http://www.mysite.co.uk/">

 

You better post the results from myenv.php and the line from application_top.php

 

Hi Alan,

 

Normal http myenv.php results in:

$HTTP_HOST = www.mysite.uk

$HTTPS_HOST =

getenv('SERVER_PORT') = 80

getenv('HTTPS') =

getenv('HTTP_X_FORWARDED_SERVER') =

getenv('HTTP_X_FORWARDED_HOST') =

getenv('HTTP_X_FORWARDED_BY') =

$_SERVER['HTTPS'] =

getenv('DOCUMENT_ROOT') = /home/mysite/public_html

$DOCUMENT_ROOT = /home/mysite/public_html

 

SSL https myenv.php results in:

$HTTP_HOST = www.mysite.co.uk

$HTTPS_HOST =

getenv('SERVER_PORT') = 443

getenv('HTTPS') = on

getenv('HTTP_X_FORWARDED_SERVER') =

getenv('HTTP_X_FORWARDED_HOST') =

getenv('HTTP_X_FORWARDED_BY') =

$_SERVER['HTTPS'] = on

getenv('DOCUMENT_ROOT') = /home/mysite/public_html

$DOCUMENT_ROOT = /home/mysite/public_html

 

And this is what the line in application_top.php looks like:

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

And...thanks in advance.

 

Cheers,

 

Nagsy

Link to comment
Share on other sites

PS I also tried changing the request type to check for port 443 in application_top.php when in SSL mode, but still no joy.
I don't know what the problem is. Most likely something you've changed in your code.

 

I'd install a basic test installation in a different directory and once that's working you may understand what's going wrong.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

I don't know what the problem is. Most likely something you've changed in your code.

 

I'd install a basic test installation in a different directory and once that's working you may understand what's going wrong.

 

Ok.....thanks for your help anyway.

 

Nagsy

Link to comment
Share on other sites

hello alan !

my catalog side is working fine with my shared ssl and also my admin is now working well but only a single issue remains.

 

When i go to my admin page the page is shown:

"You are not protected by a secure ssl conection" + No padlock is there.

But when i click on "Administration" link at the top of same page.

this page is now shown to be protected by a 256_bit connection.all other links are also working fine.

Can any one answer me.??

Link to comment
Share on other sites

hello alan !

my catalog side is working fine with my shared ssl and also my admin is now working well but only a single issue remains.

 

When i go to my admin page the page is shown:

"You are not protected by a secure ssl conection" + No padlock is there.

But when i click on "Administration" link at the top of same page.

this page is now shown to be protected by a 256_bit connection.all other links are also working fine.

Can any one answer me.??

http://www.oscommerce.com/forums/index.php?s=&...ndpost&p=744686

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

hey i'm haveing some problems with SSL, i installed a SSL cert, my cart is secure, but in order for it to be secure i have to enter the 's' after 'http' in oder to make 'https', how would i go about fixing this? also when i go to "https://www.mydomain.com/catalog" there are no images, just boxes with red X's, how can i fix this?

 

heres my catalog Configure.php

 

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

 

http://www.oscommerce.com

 

Copyright ? 2003 osCommerce

 

Released under the GNU General Public License

*/

 

 

//Define the webserver and path parameters

 

//* DIR_FS_* = Filesystem directories (local/physical)

 

//* DIR_WS_* = Webserver directories (virtual/URL)

 

 

define('HTTP_SERVER', 'https://products.mickeysmotors.com'); // eg, http://localhost - should not be empty for productive servers

 

define('HTTPS_SERVER', 'https://mickeysmotors.com'); // eg, https://localhost - should not be empty for productive servers

 

define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'products.mickeysmotors.com');

 

define('HTTPS_COOKIE_DOMAIN', 'mickeysmotors.com');

 

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

 

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

define('DIR_WS_IMAGES', 'images/');

 

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

 

define('DIR_WS_INCLUDES', 'includes/');

 

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

 

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

 

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

 

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

 

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

 

define('DIR_FS_CATALOG', 'D:/hshome/mickeys/products.mickeysmotors.com/catalog/');

 

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

 

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

 

define('DB_SERVER', '72.41.4.4'); // eg, localhost - should not be empty for productive servers

 

define('DB_SERVER_USERNAME', 'Mickeys_motors');

 

define('DB_SERVER_PASSWORD', 'paitt');

define('DB_DATABASE', 'Mickeys_motors');

 

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

?>

 

 

 

Heres my admin configure.php

 

<?php

/*

$Id: configure.php,v 1.3 2003/09/30 16:13:41 serg Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2002 osCommerce

 

Released under the GNU General Public License

*/

 

// define our webserver variables

// FS = Filesystem (physical)

// WS = Webserver (virtual)

define('HTTP_SERVER', 'https://products.mickeysmotors.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'https://products.mickeysmotors.com');

define('HTTPS_CATALOG_SERVER', 'https://products.mickeysmotors.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/catalog/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', '');

define('DB_SERVER_USERNAME', 'mysql');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', '');

?>

 

 

thanks for any help

Link to comment
Share on other sites

If I were you, I'd delete your post ASAP!!!! and repost it WITHOUT your personal server info on it!!!!!!!

 

There might not be a cart to come back to soon! :)

Link to comment
Share on other sites

doesnt matter, you do not have a db username / password where anyone can get to things. if you are worried about your domain name, well your domain name is out there for the world, no big secret. unless you dont want to sell anything.

Link to comment
Share on other sites

I've got an interesting situation, if anyone can help me...

I've got a shared SSL cert with my host... The https pages don't seem to be able to set cookies (the http pages can).

 

Here' my catalog/includes/config.php info:

 

define('HTTP_SERVER', 'http://www.aquariumsnstuff.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://secure.monkeyfeather.com/~ad1028/oscommerce/catalog'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.aquariumsnstuff.com');

define('HTTPS_COOKIE_DOMAIN', 'secure.monkeyfeather.com/~ad1028/oscommerce/catalog');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

I do have the "Force cookies" option set, because I don't like the oscID in the URL of my pages.

 

Basically, whenever I visit to a secure page (i.e. "My Account") a cookie isn't set, and I get redirected to the cookie_usage.php page.

 

Thanks in advance...

Link to comment
Share on other sites

I've got an interesting situation, if anyone can help me...

I've got a shared SSL cert with my host... The https pages don't seem to be able to set cookies (the http pages can).

I do have the "Force cookies" option set, because I don't like the oscID in the URL of my pages.

 

Basically, whenever I visit to a secure page (i.e. "My Account") a cookie isn't set, and I get redirected to the cookie_usage.php page.

 

Thanks in advance...

This has been covered many, many times before.

 

You can not use force cookies with shared ssl. The user comes into the site from two different urls. Basic internet security requires that a browser can not access cookies set by another site. For all intents and purposes as far as the browser is concerned your shared ssl secure pages come from a different site, it's a different url.

 

Just think about it, say this rule did not exist.

 

I know what the cookies look like for this forum, I have them on my machine. So if I could trick you into visiting another site which I control I could read your osC forum cookies and pretend that I was you. See the reason now?

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Excellent topic! a must read for those like me who are newbie in SSL. I just like to know if I can use the SSL Manager in cPanel for osCommerce? I want to know how Private Keys, Cerificate Signing Request, and Cerificates(CRT) works?

 

I'am now studying this aspect of my shop, and I'am very concern about the privacy and security in regards to credit card number being hacked and use in illegal purchase of goods. Is the security features of SSL in osCommerce transactions will not be compromise by hackers?

Link to comment
Share on other sites

My server has shared cert and it is required to create an ssl folder and upload files to it. I want the user sign up form and the shopping cart checkout to be secure. What files are required and how do I point them to the folder?

Link to comment
Share on other sites

I purchased a dedicated SSL from ipower.com , they emailed me and said:

The second and final stage of your SSL certificate installation has been completed. The certificate has been successfully installed onto the server, and your unique IP address is 11.11.11.11. (All numbers there, i switched them just in case, it is not really all "1's" but i am still new to all of this and im not sure if i can post that.) Then they said "We have changed the DNS settings for your domain to point to this new IP address, and these changes should take effect within the next 12-24 hours. Until then, you can view your SSL-enabled site by going to the following address: https://11.11.11.11

 

I followed the instructions on this forum, and i just cannot get my SSL to work, can someone help? I am new to this so i must be doing something ditzy!

 

The top of my includes/configure.php is

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.jawproducts.com'); // eg, http://localhost - should not be empty for

 

productive servers

define('HTTPS_SERVER', 'https://.jawproducts.com'); // eg, https://localhost - should not be empty for

 

productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.jawproducts.com');

define('HTTPS_COOKIE_DOMAIN', 'jawproducts.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

 

and my admin/includes/configure.php is

 

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.jawproducts.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.jawproducts.com');

define('HTTPS_CATALOG_SERVER', 'https://jawproducts.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/jawprodu/public_html/catalog/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/jawprodu/public_html/catalog/admin/'); // absolute path required

define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

define('DIR_FS_CATALOG', '/home/jawprodu/public_html/catalog/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

i thought i was supposed to change the https_server part to the https://xx.xx.xx.xx but i guess ia m wrong? please help!! i also changed application.php to say // set the type of request (secure or not)

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

can someone tell me why i dont have the padlock AND when iget to a checkout page i just get page not found...

Link to comment
Share on other sites

The ssl certificate on your website is made out to 'host391.ipowerweb.com' and not to your domain.

 

The installation of a full ssl cert requires that your site (instead of using a shared ip address) has a dedicated ip address of its own. This is probably what they are referring to. There will be a cache on the server which will require up to 24 hrs to update to the new ip address, and also each ISP will have a cache of your domain on its shared ip address. Basically - you have to wait 1-2 days before you can use the full cert.

 

Vger

Link to comment
Share on other sites

i am confused. we paid for this over a week ago, they told us this was finished over a week ago. we paid for a dedicated ssl certificate. so im still confused? how do i fix this configure and is that link with the numbers the address? is that what i put in the configure?

Link to comment
Share on other sites

Since I last posted the certificate details on your website have changed to your own full ssl cert, but it's still not showing a padlock in the browser. From other things I see it is obvious that the new ip address has still not fully propagated on the server.

 

Also remember that your ssl cert is made out to www.jawproducts.com, so your http and https_cookie_domains should be made out to 'www.jawproducts.com', and your http server address should be made out to http://www.jawproducts.com (not strictly necessary, but it keeps things consistent) and your https server addresses should be made out to https://www.jawproducts.com (this one is necessary).

 

Vger

Link to comment
Share on other sites

Hi,

 

I posted this on General support without much luck so I'll try here.

 

I've got SSL working on the main page, as mentioned previously it works when required, that is logon, account creation and checkout. However there is one issue. Once you log in, their are 5 pictures on the front page, that I created, that are located in images directory do not load up under https.

 

In admin I still cannot get the images to load under https. Now these images are located under sub directories in the images/ directory. Could this be a problem?

 

Just to help out the relevant code for each is

 

admin/includes/configure.php

define('DIR_WS_CATALOG', '/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

 

includes/configure.php

define('DIR_WS_IMAGES', 'images/');

 

well I think this is the relevant code I could be completely wrong

 

Regards

Neil

Link to comment
Share on other sites

I thought that I would throw out some information about secured pages for the greenhorns out there like myself that may not understand how this stuff works.

 

Even though I set my SSL up correctly on my site I was still having problems getting alert windows stating that I had mixed content, or secure and unsecure items on my page.

 

It took me a while to realize that one of the problems was the banners in my footer which were loading in from outside servers. These were "unsecure" even though they were in no way comprimizing the security of the site. It just doesn't look good for customers to see anything that might look like your site is insecure.

 

The answer to this was found on these forums and all you have to do is find this code in includes/footer.php:

 

echo tep_display_banner('static', $banner);

 

and replace it with this:

 

if ($request_type != 'SSL') {echo tep_display_banner('static', $banner);}

 

Now your banners will only show up when the page is not an ssl page.

 

Another problem that I ran into was that I was using absolute links to some of the images on my front page. That can be an issue once someone logs into their account and returns to the front page. Only use relative links to your image folder and you wont have that problem.

 

Hope this helps. I would hate for folks to have to go through my foibles.

Link to comment
Share on other sites

I guess I should add one more thing. I'm so used to it that I forget that others might not know.

 

How do you know if your ssl is switching on and off as it should? Simple, in source view, near the top of every page you'll see in your browser you'll find this line:

 

In http (no ssl engaged, regular pages)

 

<base href="http://www.somedomain.com/catalog/"> (assuming you're using the catalog folder)

 

In https (ssl engaged - my account, checkout, etc.)

 

<base href="https://www.somedomain.com/catalog/">

 

or for shared ssl something like this:

 

<base href="https://ssl.myhost.com/somedomain/catalog/">

 

That's it. That's what line 41 is all about, it sets that line. So when you find a broken padlock or the images aren't loading that's the first place you need to look. The goal is to get that switching back and forth as you change from http to https and back.

 

Fanyastic information and advice here - Thanks guys. I do have a couple of slight problems which I would be very grateful for a steer on.

 

I use 1and1 and am now aware that using the shared SSL is not too easy. However thanks to the tips in the forum I have made progress. When moving from cart to checkout SSL seems to kick in and I am diverted to https://sslrelay.com/mydomain.co.uk/etcetc.

 

However the locked padlock flashes up for less than a second and then disappears. What is going on here and is it a problem? If so how can I fix it? It would be so nice to see the secure padlock on the checkout page to give my customers some added security and confidence.

 

Secondly SSL in Admin???? I can access this using the https://sslrelay.com/mydomain/ catalog/admin and the secure padlock appears (although the bottom left hand side shows "You are not protected by a secure SSL connection." However I can also access this admin area through http://www.mydomain.co.uk/catalog/admin/ Surely I should not be able to do this as it could be a security gap? Am I going mad?? Sorry if these are stupid questions but many thanks for the fantastic help and pointers so far!

You will never learn if you don't try. And boy am I trying....!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...