Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Im Getting a security Alert when Logging In


msaunders

Recommended Posts

Hi

 

When I enter my cutomer Login, I am getting a security alert warning message.

"You Are about to be redirected to a connection that is not secure. The information you are sending to the current site might be transmitted to a nonsecure site. Do you wish to continue?"

 

Why am I getting this ? My login etc/customer info is stored in an SSL area,

my when I hit login, it is going to a HTTPS location.

 

Can someone enlighten me ?

Thanks

Martin

Link to comment
Share on other sites

  • Replies 70
  • Created
  • Last Reply

This is due to the images on the site and that you are switching from secure to non-secure.

 

To correct this, edit in /catalog/login.php

 

// BOF: WebMakers.com Added: Removed Security Alert Message

// add 'SSL' to both links

       if (sizeof($navigation->snapshot) > 0) {

         $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), 'SSL');

         $navigation->clear_snapshot();

         tep_redirect($origin_href);

       } else {

         tep_redirect(tep_href_link(FILENAME_DEFAULT,'','SSL'));

       }

// EOF: WebMakers.com Added: Removed Security Alert Message

 

Then edit in /catalog/includes/application_top.php in the case 'notify':

 

                                // BOF: WebMakers.com Added: Fix redirect on security alert

                               tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'SSL'));

                               // EOF: WebMakers.com Added: Fix redirect on security alert

 

This should correct the Security Alert in most browsers.

Link to comment
Share on other sites

I have customised the layout for oscommerce cvs 20021014 and installed it onto our web server.

 

I continuousley get the message "you are now being transfered to a page that contains secure and non-secure items" ""YES" "NO" "MORE INFO"" and if i click yes the gold lock dissapears off the bottom of the internet explorer window.

 

I have tried the above solution to the letter but to no avail. i have also tried another couple of solutions on these pages but none seam to work.

 

If there is a solution that does work fully, could you please let us know as i am sure many people have come across this themselves.

Link to comment
Share on other sites

Hi

 

I know you have said that you followed the instructions but , can you recheck what you edited ? Particularily the /catalog/includes/application_top.php in the case 'notify' . I found this hard to find when I was editing it (the exact line) . Its possible you have edited the wrong line. Its seems strange that it works for some users and not for others.

 

martin

Link to comment
Share on other sites

i altered my application top to what you had on your page but i now recieve this message Fatal error: Failed opening required 'includes/classes/breadcrumb.php' (include_path='.:') in /usr/local/psa/home/vhosts/linzishoes.com/httpsdocs/includes/application_top.php on line 420

can you enlighten me if thats possible?

Link to comment
Share on other sites

Take a look at your application_top again.

Remove the lines you added as suggested by Ajeh at the start of this post.

 

I think this is what you have done wrong here (i think)

 

Add this instead

 

case 'notify' : if (tep_session_is_registered('customer_id')) {

if ($HTTP_GET_VARS['products_id']) {

$notify = array($HTTP_GET_VARS['products_id']);

} elseif ($HTTP_POST_VARS['notify']) {

$notify = $HTTP_POST_VARS['notify'];

} else {

tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'SSL'));

}

Link to comment
Share on other sites

Ok, now, lets take a look at your login.php

 

 

change what you have to this::

 

if (sizeof($navigation->snapshot) > 0) {

$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), 'SSL');

$navigation->clear_snapshot();

tep_redirect($origin_href);

} else {

tep_redirect(tep_href_link(FILENAME_DEFAULT,'','SSL'));

 

and let me know

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...