Jump to content

Archived

This topic is now archived and is closed to further replies.

raddygast

Tiny SSL issue: after checkout_success, non-SSL

Recommended Posts

One interesting thing is that when I got the above error, the URL omitted /thermalband.com

 

I have an idea of what is wrong.

 

You need to have /thermalband.com at the end of HTTPS_SERVER and not the beginning of DIR_WS_HTTPS_CATALOG.

Share this post


Link to post
Share on other sites
I've read everything 3 or more times and tried 2 installs (one from a known good working dedicated SSL) and I cannot login with SSL.

 

My affiliate login works just fine, but I can't login to the store database. 

 

It kindof acts like its working (no errors to trace) but just refreshes the page.

It works with SSL off, but for the life of me, I am stumped.

 

I made the mods to general.php and application_top.php

 

You've made other mods as well, for PayPal. I'd roll back the other mods until it works then add the mods back till it fails.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites
One interesting thing is that when I got the above error, the URL omitted /thermalband.com

 

I have an idea of what is wrong.

 

You need to have /thermalband.com at the end of HTTPS_SERVER and not the beginning of DIR_WS_HTTPS_CATALOG.

 

That's not important for a standard installation, without other mods. I've got it working perfectly with

 

define('HTTPS_SERVER', 'https://ssl.perfora.net/somedomain.com');

 

and

 

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

And it always has worked. The reason the fiddling around with the path helped some people is that it made the eregi test more reliable.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites
Um, Alan, the way you have it is the way I was recommending.  tep_redirect definitely breaks with shared SSL if HTTPS_SERVER cannot be swapped in for HTTP_SERVER.

 

Yeah, sorry.

 

I've just gotten so tired of people recommending all these weird changes in configure.php that don't solve the fundamental problem that I'm kind of twitchy.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

OK

 

rolled back and done / checked everything AGAIN.

 

resides at http://thermalband.com/catalog/

 

sorry guys, but myenv.php doesn't respond with "on" for the getenv("HTTPS") test, so I am wondering if I have to fix those too?

 

HTTP HOST: thermalband.com

Server Port: 80

SSL Status:

Fowarded Server: ssl.perfora.net

Fowarded Host: ssl.perfora.net

Fowarded By: United Internet SSL Proxy

 

I changed all of the instances for getenv("HTTPS") and still doesn't work.

 

I cannot get it to work - so something is fishy - if I put the https string in for the http (as implied), but the store looks fine visually and operates but, the login is not working like it does with a real http server.

 

CLUES?

 

 

here is config

 

define('HTTP_SERVER', 'http://thermalband.com');

define('HTTPS_SERVER', 'https://ssl.perfora.net/thermalband.com');

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'thermalband.com');

define('HTTPS_COOKIE_DOMAIN', 'ssl.perfora.net/thermalband.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_PRODUCT_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_FS_MODULES', DIR_WS_MODULES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

 

I REALLY am trying here.

 

No weired changes, back to basics if necessary, just think I have been there already about 3 times and get this issue consistently.

 

 

Many thanks in advance,

 

Kevin

 

 

Yeah, sorry.

 

I've just gotten so tired of people recommending all these weird changes in configure.php that don't solve the fundamental problem that I'm kind of twitchy.

Share this post


Link to post
Share on other sites
here is config

 

  define('HTTP_SERVER', 'http://thermalband.com');

  define('HTTPS_SERVER', 'https://ssl.perfora.net/thermalband.com');

  define('ENABLE_SSL', false); // secure webserver for checkout procedure?

  define('HTTP_COOKIE_DOMAIN', 'thermalband.com');

  define('HTTPS_COOKIE_DOMAIN', 'ssl.perfora.net/thermalband.com');

  define('HTTP_COOKIE_PATH', '/catalog/');

  define('HTTPS_COOKIE_PATH', '/catalog/');

 

Well, maybe turn on SSL for starters. :) ENABLE_SSL is set to false for some reason.

 

And you should change that thing in application_top.php so that instead of getenv on HTTPS being 'on' you use that X_FORWARDED_HOST thing.

Share this post


Link to post
Share on other sites

doh!

 

define('HTTPS_SERVER', 'https://ssl.perfora.net/thermalband.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'thermalband.com');

define('HTTPS_COOKIE_DOMAIN', 'ssl.perfora.net/thermalband.com');

 

-too many things at once and not enough sleep

 

Well, maybe turn on SSL for starters. :) ENABLE_SSL is set to false for some reason.

 

And you should change that thing in application_top.php so that instead of getenv on HTTPS being 'on' you use that X_FORWARDED_HOST thing.

Share this post


Link to post
Share on other sites

Did the application_top.php thing and the general.php

 

doh! 

 

  define('HTTPS_SERVER', 'https://ssl.perfora.net/thermalband.com');

  define('ENABLE_SSL', true); // secure webserver for checkout procedure?

  define('HTTP_COOKIE_DOMAIN', 'thermalband.com');

  define('HTTPS_COOKIE_DOMAIN', 'ssl.perfora.net/thermalband.com');

 

-too many things at once and not enough sleep

Share this post


Link to post
Share on other sites

One last thing. This is a direct copy from a working site on a non 1and1 platform that has a dedicated SSL (has been working for years, with mods here and there, so all of the structruture and example data is from a known working model.

 

...and it works just fine in standard http mode.

 

If you have ssl=false, login change it to true, and continue the transaction, everything works fine. Logout and you can't log back in again. WEIRD>

 

Did the application_top.php thing  and the general.php

Share this post


Link to post
Share on other sites

What do you have in this line in catalog/includes/configure.php?

 

define('DIR_FS_CATALOG',


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

up to the database connections in configure.php

 

define('HTTPS_SERVER', 'https://ssl.perfora.net/thermalband.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'thermalband.com');

define('HTTPS_COOKIE_DOMAIN', 'ssl.perfora.net/thermalband.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_PRODUCT_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_FS_MODULES', DIR_WS_MODULES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/homepages/40/d120812929/htdocs/dsc037737751/kewler/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

Kevin

 

Thanks again for your time!

 

 

 

What do you have in this line in catalog/includes/configure.php?

 

define('DIR_FS_CATALOG',

Share this post


Link to post
Share on other sites
I am having the exact same problem.  I use the advanced search box in header contribution.  Once you create an account and are in "locked mode", and try to search for anything, you get this warning.

 

I have an intern in for the summer.  I asked them to test out our site.  When they did a search and got this message, he immediately went nuts.  He said in no uncertain terms that he would not shop on my site because of this.  I have asked other friends about this and each of them said if they got this message, they would cease shopping.

 

I have asked multiple times and did not get an answer on how to get rid of this message.  I did not understand completely what the previous post was about tep_redirect to get rid of this message.

 

Please help!

 

Donna Gordon

UKGoods.com

 

SteveL worked on this and found the fix. Here is what he sent me. This is a problem with all OSCommerce sites.

 

Try this - seems to work for me. You're not using the standard search box, but perhaps it will be similar. In catalog/includes/search.php is this line:

CODE

$info_box_contents[] = array('form' => tep_draw_form('quick_find', tep_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'NONSSL', false), 'get'),

 

 

Change it to:

CODE

$info_box_contents[] = array('form' => tep_draw_form('quick_find', tep_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', $request_type, false), 'get'),

 

 

In other words, change the third argument to tep_href_link from 'NONSSL' to $request_type.

 

Thanks to SteveL. This is a solution I have been seeking a long time!!!!

Share this post


Link to post
Share on other sites

This line seems unusual to me. It's not like the other 1&1 ones I've seen.

 

define('DIR_FS_CATALOG', '/homepages/40/d120812929/htdocs/dsc037737751/kewler/catalog/');

 

Drop this teeny file in your root folder. You can name it docroot.php

 

<?php
echo 'Document Root: ' . getenv('DOCUMENT_ROOT');
?>


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

https://ssl.perfora.net/thermalband.com/docroot.php

 

Document Root: /kunden/homepages/40/d120812929/htdocs/dsc037737751/kewler

 

I also noticed that getnenv('SSL_CIPHER_ALGKEYSIZE') doesn't return anything.

 

I think I am getting the jist of this - domains pointers correlate to SSL issues?

 

Kevin

 

BTW there is a symbolic link for homepages, so I really don't need the prefix (or so I thought)

 

 

 

This line seems unusual to me. It's not like the other 1&1 ones I've seen.

 

define('DIR_FS_CATALOG', '/homepages/40/d120812929/htdocs/dsc037737751/kewler/catalog/');

 

Drop this teeny file in your root folder. You can name it docroot.php

 

<?php
echo 'Document Root: ' . getenv('DOCUMENT_ROOT');
?>

Share this post


Link to post
Share on other sites
BTW there is a symbolic link for homepages, so I really don't need the prefix (or so I thought)

 

Put the whole thing in there just to try it.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

Done that. - here is my latest.

 

I am playing with the domain controls on 1and1 and am about to have the cleanest (closest to the working model) with pointers exactly how I had it operating on that site. I am flipping a switch now

 

Kevin

Put the whole thing in there just to try it.

Share this post


Link to post
Share on other sites

SSL_CIPHER_ALGKEYSIZE

 

Doesn't return anything on dedicated ssl either. Been there, done that.

 

It's kind of trivial because it's only used once in admin to determine what to say in the padlock box.

 

You are protected by a unknown secure SSL connection.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

didn't work

 

the address is http://thermalband.com/kewler/catalog/

 

http://thermalband.com/docroot.php

Document Root: /kunden/homepages/40/d120812929/htdocs

 

https://ssl.perfora.net/thermalband.com/docroot.php

Document Root: /kunden/homepages/40/d120812929/htdocs

 

I am going to punt on this and start from a fresh MS2.2 UNLESS you can think of anything database wise that might be causing this as the database IS different than default (obviously).

 

Again, thx for your support.

 

Kevin

-its a lone world out here, but I *think* I know this code now, just don;t want to hack it - will leave it for later and when I fix it, I will post the solution - for a change.

domain is aligned and the configure.php looks like the following:

 

define('HTTP_SERVER', 'http://thermalband.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://ssl.perfora.net/thermalband.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'thermalband.com');

define('HTTPS_COOKIE_DOMAIN', 'ssl.perfora.net/thermalband.com');

define('HTTP_COOKIE_PATH', '/kewler/catalog/');

define('HTTPS_COOKIE_PATH', '/kewler/catalog/');

define('DIR_WS_HTTP_CATALOG', '/kewler/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/kewler/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_PRODUCT_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_FS_MODULES', DIR_WS_MODULES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/kunden/homepages/40/d120812929/htdocs/kewler/catalog');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Share this post


Link to post
Share on other sites

Document Root: /kunden/homepages/40/d120812929/htdocs

 

That's the kind of path I expected to see.

 

So the document root would be

 

/homepages/40/d120812929/htdocs/catalog

 

that's similar to what I have on more than one account.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

apparently a bug in my mods that works (slightly unusually) on one server but fails on shared.

 

I have it working, but resorted to a base install to convince myself it was possible. *I was beginning to wonder*

 

Thanks for your help, but you can see the slightly odd behavior in http://icyball.com/kewler/catalog/ if you create an account and try to login without anything in your cart -I will have to fix this behavior eventually.

 

Thanks again.

 

Kevin

Share this post


Link to post
Share on other sites

After reading through everything I can find I am at my whits end with SSL. Nothing is helping. I wasn't sure which "SSL Helped Needed" topic to post in....but here goes.

 

Ok, I struggled all day yesterday with getting SSL configured. I can't even remember now what the problem was -- I had images showing up non-SSL.

THAT'S ONE OF MY PROBELMS

 

The difference between the change to application_top.php and the one to general.php is that the first is major and the second minor.

 

Without fixing application_top many people end up with broken padlocks because the system fails to change the <base href="http://somedomain.com/catalog/"> line and osC will pull images via http not https.

BROKEN LOCKS AND IMAGES ARE NOT SHOWING UP AT ALL ON SECURE PAGES

 

Read through this:

 

http://forums.oscommerce.com/index.php?sho...23entry672623

 

If you're still stuck after checking that post let us know.

READ THROUGH IT ALL

 

 

 

I have a dedicated IP. I have my own SSL installed onto the dedicated IP. Site (the link from the main site to the store is disabled for right now, but the main site is up. this will take you to the store front):

http://www.bossmasonicworld.com/store

 

The secure pages are coming up (such as log-in), but I have a "broken lock" and no images. I have tried the chages to application_top.php and general.php. Nothing so far has worked.

 

Here are the resuslts of the suggested test, secure page:

 

HTTP HOST: bossmasonicworld.com

Server Port: 443

SSL Status: on

Fowarded Server:

Fowarded Host:

Fowarded By:

 

 

on a non-secure page:

 

HTTP HOST: www.bossmasonicworld.com

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

 

 

My store/includes/application_top.php:

 

define('HTTP_SERVER', 'http://www.bossmasonicworld.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://bossmasonicworld.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.bossmasonicworld.com');
 define('HTTPS_COOKIE_DOMAIN', 'bossmasonicworld.com');
 define('HTTP_COOKIE_PATH', '/store/');
 define('HTTPS_COOKIE_PATH', '/store/');
 define('DIR_WS_HTTP_CATALOG', '/store/');
 define('DIR_WS_HTTPS_CATALOG', '/store/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/bossmaso/public_html/store/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'localhost'); // eg, localhost - should not be NULL for productive servers
 define('DB_SERVER_USERNAME', 'bossmaso_osc1');
 define('DB_SERVER_PASSWORD', 'jkgMSZNYUDxw');
 define('DB_DATABASE', 'bossmaso_osc1');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

 

My store/includes/application_top.php, line 41:

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

 

Part of my store/inlcudes/functions/general.php:

 

// Redirect to another page or site
 function tep_redirect($url) {
   if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page
     if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url
       $url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL

 

 

Does anyone have any suggestions, please? Any suggestions on something else to try would be greatly appreciated!


~Aleena

Share this post


Link to post
Share on other sites

Fire Fox tells me there's a certificate error

 

cert.gif

 

Line 41 is OK because the base href switches correctly.

 

Get the certificate error fixed.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

First suggestion is to change your database password, as you have exposed it to the world.

 

My guess as to the images problem is that your host requires that you load https-accessed content into a separate area. The URLs for the images look ok, and the base address is coming up ok, but the images just aren't there when accessed by https.

 

A secondary problem is that your Flash header is accessed by http. This will cause "broken lock" icons and possible browser warnings.

 

A third problem is that your SSL certificate is issued by a provider that my browser (Firefox 1.0.6) does not know. I expect that other users will encounter the same problem.

Share this post


Link to post
Share on other sites

There's a little trick that will solve the flash link problems

 

Change these

 

codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="750" height="135">
<param name="movie" value="http://www.bossmasonicworld.com/BMWheader.swf">
<param name="quality" value="high">

<embed name="movie" src="http://www.bossmasonicworld.com/BMWheader.swf"  width="750" height="135" quality="high" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></object>

 

To:

 

codebase="//download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="750" height="135">
<param name="movie" value="//www.bossmasonicworld.com/BMWheader.swf">
<param name="quality" value="high">

<embed name="movie" src="//www.bossmasonicworld.com/BMWheader.swf"  width="750" height="135" quality="high" type="application/x-shockwave-flash" pluginspage="//www.macromedia.com/go/getflashplayer"></object>

 

 

What I did was simply leave off the http:

 

I checked the macromedia links and they work in both http and https.

 

When you set up a link like this:

 

//www.macromedia.com/go/getflashplayer

 

Whatever mode the brower is in is selected for the link as well. This can only work if the source has valid links for both http and https modes.

 

If you do that you'll probably get a solid padlock but you've still got the two folder issue to deal with.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

×