lildog Posted December 30, 2006 Share Posted December 30, 2006 Could someone help me fgure out why my site is not secure? I assume it is pictures but not sure. I hope someone could swing by and peek at my source and point out the offender. www.silvermoon-jewelry.com Thanks, Lildog Link to comment Share on other sites More sharing options...
natewlew Posted December 30, 2006 Share Posted December 30, 2006 You could try changing this line in the includes/application_top.php: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; To: //$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; Other great Open Source (Free) programs: (Free as in free speech not free beer) The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS How do I find these programs? Google Search! Link to comment Share on other sites More sharing options...
lildog Posted December 31, 2006 Author Share Posted December 31, 2006 That did not change it. Where should I look? All my SSl pages are not showing the lock. Checkout, create acount..etc. Which leadds me to believe it is a common page for all. What should I look for and where do you suggest? My admin pages do showup as secure, so I know the basic security works, I just have something mucking up the works. Thanks again, Lildog Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 31, 2006 Share Posted December 31, 2006 It's due to a non-secure link somewhere, most likely one of those in the footer. Try removing them and see if it fixes the problem. If not, you'll have to check other links you may have, visible or not, to isolate the problem. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
lildog Posted January 1, 2007 Author Share Posted January 1, 2007 I pulled the footer out and that wasn't it. I opened some images in a new window and the address was not that of the secure server, that seems wrong to me. Shouldn't the address be from the secure server? Link to comment Share on other sites More sharing options...
lildog Posted January 1, 2007 Author Share Posted January 1, 2007 OK I pulled out my header footer and sidebars and all images including the pixel trans spacers and the button on my create account page. Still no dice. My base href in my source is not that of the secure server. Could that be it? If so where is the base href set? Thanks once again Lildog Link to comment Share on other sites More sharing options...
lildog Posted January 1, 2007 Author Share Posted January 1, 2007 So sorry. It looks like the base href is set in the create account.php.: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> Could it be that this is not setting the base href to SSL server? Thank you for your input, lildog Link to comment Share on other sites More sharing options...
bill110 Posted January 1, 2007 Share Posted January 1, 2007 Check your catalog/includes/configure.php and be sure all the references to https are correct. especially this one define('DIR_WS_HTTPS_CATALOG', ''); when I tell IE not to display insecure content all I get is text. no images, stylesheet commands, etc. My Contributions Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly Password Protect Admin "No matter where you go....There you are" - Buccaroo Bonsai Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 2, 2007 Share Posted January 2, 2007 OK I pulled out my header footer and sidebars and all images including the pixel trans spacers and the button on my create account page. Still no dice. My base href in my source is not that of the secure server. Could that be it? If so where is the base href set? Thanks once again Lildog Try doing that while viewing the login page (since it has less code). Then view the source to be sure there are no links on the page. It could be added in some other way. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
lildog Posted January 2, 2007 Author Share Posted January 2, 2007 So i took the header,footer,sidebars,and images from login and it was secure. So it seems to me that OSC is only pulling the login.php from the secure server. So far as I can tell everything is configured correctly but, something is amiss. It seems like the simple things are often the hardest to debug. I have been putting this off until I was ready, imagine that, now I am not ready because I have been putting this off. BTW, my admin appears to be secure...no muss no fuss. Thanks once again, lildog here is my configure.php file... <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.silvermoon-jewelry.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://s.p7.hostingprod.com/@www.silvermoon-jewelry.com/ssl'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.silvermoon-jewelry.com'); define('HTTPS_COOKIE_DOMAIN', 'https://s.p7.hostingprod.com/@www.silvermoon-jewelry.com/ssl'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', ''); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 3, 2007 Share Posted January 3, 2007 These define('HTTPS_COOKIE_DOMAIN', 'https://s.p7.hostingprod.com/@www.silvermoon-jewelry.com/ssl'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', ''); should be define('HTTPS_COOKIE_DOMAIN', 's.p7.hostingprod.com/@www.silvermoon-jewelry.com/ssl'); define('HTTPS_COOKIE_PATH', '/catalog/'); But if you removed those things and the problem went away, it means one of them was at fault. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
lildog Posted January 3, 2007 Author Share Posted January 3, 2007 I made the changes to the two lines and still not secure. Also deleted the values for the two lines and still nada. When I open an image in a new browser window the address is that of the non secure server. Should the base href of a secure page be the secure server address in the html source or the non secure address? lildog Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 3, 2007 Share Posted January 3, 2007 If you have removed all of the code except that for the login page and it still fails, then there is etiher something on that page (unlikely) or your server handles the ssl differently. Take a look at this thread. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
lildog Posted January 3, 2007 Author Share Posted January 3, 2007 I removed all code and pics from login.php and it worked. But add anything back in and it fails. Thanks for your help Jack. Will check out the thread and hopefully put this problem to rest and move on. lildog Link to comment Share on other sites More sharing options...
lildog Posted January 3, 2007 Author Share Posted January 3, 2007 THANK YOU JACK FOR YOUR PATIENCE AND HELP! I made several changes so I am not sure which one fixed it. But it works now. For future reference, if you are having SSL problems consult the thread Jack mentioned in the previous post. lildog Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.