Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Im Getting a security Alert when Logging In


msaunders

Recommended Posts

i initaly used what Ajeh posted then i replaced the files with the originals and then i used what you posted. both times i have the same result. currently we have a generic certificate installed on the server for testing only but the message still pop's up.

Link to comment
Share on other sites

  • Replies 70
  • Created
  • Last Reply

For my "login.php" the first described fix worked well. but oscommerce has this problem also on "address book" adding an address... maybe this should be posted to bugfix list if not already done...?

 

fixed site is: www.golfdiscount.de

 

michael hucke

---

!oscommmerce is really nice!

Link to comment
Share on other sites

do you have the box-ad mod installed? i was just going thru the same issue with my site and i tried clicking no on showing the non-secure items and the only thing it didn't show were the banner images that were being shown through that block...does this help you more knowledgable guys at all?

Link to comment
Share on other sites

yep - if I take out the box-ad block and teh banners at the bottom, the errors go away ..

 

Is there any way to fix this so that I can use the banners and box-as though? Of course I'll leave them off for now because my customers' feeling of security means more to me than the ads, but its a shame I can't have them on there...

 

Jeana

Link to comment
Share on other sites

What you can do is setup an IF statement around the images in your footer that are causing there error, so they do not show on secure pages.

 

An example:

 

 

<?php

IF ( $HTTPS !='on' ) {

?>

<tr height="75"><td colspan="3" align="center"><SCRIPT LANGUAGE="javascript" src="http://www.qksz.net/1e-5brd"></SCRIPT></td></tr>

<tr height="75"><td colspan="3" align="center"><?php echo BCENTRAL97 ?></td></tr>



<?php

}

?>

 

These things only show on non-secure pages and no more error msg :D

Link to comment
Share on other sites

Thank you Linda, but I'm not *that* familiar with PHP...can you please elaborate a little more? For instance, for the box-ad code below, how or where would I insert your code?

<!-- banner-ad-in-a-box //-->

<?php

 if ($banner = tep_banner_exists('dynamic', BOX_AD_BANNER_TYPE)) {

?>

         <tr>

           <td>



<?php

   $bannerstring = tep_display_banner('static', $banner);



   $info_box_contents = array();

   $info_box_contents[] = array('align' => 'left',

                                'text'  => BOX_AD_BANNER_HEADING

                               );

   new infoBoxHeading($info_box_contents, false, false);



   $info_box_contents = array();

   $info_box_contents[] = array('align' => 'center',

                                'text'  => $bannerstring

                               );

   new infoBox($info_box_contents);

?>

           </td>

         </tr>

<?php

 }

?>

<!-- banner-ad-in-a-box_eof //-->

Link to comment
Share on other sites

Actually I made a banner manager add-on to handle that.

 

Rather than shut off all banners, the Banner Manager now has options that let you set the banners as secure page, open new window etc.

 

But for a quick fix, you would surround that whole if with the if I gave you.

 

Something along the lines of:

 

<!-- banner-ad-in-a-box //--> 

<?php 

if ( $HTTPS !='on' ) {

 if ($banner = tep_banner_exists('dynamic', BOX_AD_BANNER_TYPE)) { 

?> 

         <tr> 

           <td> 



<?php 

   $bannerstring = tep_display_banner('static', $banner); 



   $info_box_contents = array(); 

   $info_box_contents[] = array('align' => 'left', 

                                'text'  => BOX_AD_BANNER_HEADING 

                               ); 

   new infoBoxHeading($info_box_contents, false, false); 



   $info_box_contents = array(); 

   $info_box_contents[] = array('align' => 'center', 

                                'text'  => $bannerstring 

                               ); 

   new infoBox($info_box_contents); 

?> 

           </td> 

         </tr> 

<?php 

 } 

}

?> 

<!-- banner-ad-in-a-box_eof //-->

Link to comment
Share on other sites

after recieveing the files i installed them and still get no joy with the page has secure and non-secure files on. if anyone has anymore ideas on this matter i would be greatful.

I have been battling with this one for ages too, I have found a kind of fix for the problem, a bit messy though but it works, see : http://www.www.oscommerce.com/forums/viewtopic...5853&highlight=

Best wishes

Steve

Link to comment
Share on other sites

  • 1 month later...

Hi,

 

I have an interesting problem. I have made the edits suggested by Linda, and all is fine so long as I have 'search engine friendly url's' enabled. As soon as I turn them off, I get the alert back again at checkout confirmation!

 

I am using a snapshot from 12th Nov and have edited html_output with some search engine code for removing sid's.

 

Any ideas?

 

Val

Link to comment
Share on other sites

Could you tell me WHERE to put this in the catalog/login.php??? I need to get this fixed.....

Thanks tond for any help - you're the only solution in all the messages I haven't tried yet. Vikki

 

This is due to the images on the site and that you are switching from secure to non-secure.

 

To correct this, edit in /catalog/login.php

 

// BOF: WebMakers.com Added: Removed Security Alert Message

// add 'SSL' to both links

       if (sizeof($navigation->snapshot) > 0) {

         $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), 'SSL');

         $navigation->clear_snapshot();

         tep_redirect($origin_href);

       } else {

         tep_redirect(tep_href_link(FILENAME_DEFAULT,'','SSL'));

       }

// EOF: WebMakers.com Added: Removed Security Alert Message

 

Then edit in /catalog/includes/application_top.php in the case 'notify':

 

                                // BOF: WebMakers.com Added: Fix redirect on security alert

                               tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'SSL'));

                               // EOF: WebMakers.com Added: Fix redirect on security alert

 

This should correct the Security Alert in most browsers.

Link to comment
Share on other sites

If you take a peice of the code and search for it then it is easier to find ... :D

 

Try around line 56 in login.php

 

In application_top.php under the case statement for:

 

      case 'notify' :         if (tep_session_is_registered('customer_id')) {

                               if ($HTTP_GET_VARS['products_id']) {

                                 $notify = array($HTTP_GET_VARS['products_id']);

                               } elseif ($HTTP_POST_VARS['notify']) {

                                 $notify = $HTTP_POST_VARS['notify'];

                               } else {

                                 tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'NONSSL'));

                               }

                               for ($i=0; $i<sizeof($notify); $i++) {

                                 $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $notify[$i] . "' and customers_id = '" . $customer_id . "'");

                                 $check = tep_db_fetch_array($check_query);

                                 if ($check['count'] < 1) {

                                   tep_db_query("insert into " . TABLE_PRODUCTS_NOTIFICATIONS . " (products_id, customers_id, date_added) values ('" . $notify[$i] . "', '" . $customer_id . "', now())");

                                 }

                               }

                               tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'NONSSL'));

                             } else {

                               $navigation->set_snapshot();

                               tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

                             }

                             break;

Link to comment
Share on other sites

I tried everything you guys have write and nothing works, i still getting the warning with the Secure and nonsecure server...

 

If someone knows how to fix that please let me know, i need to fix this issue asap

Link to comment
Share on other sites

I tried everything you guys have write and nothing works, i still getting the warning with the Secure and nonsecure server...

 

If someone knows how to fix that please let me know, i need to fix this issue asap

 

have a look at this thread too:

http://www.oscommerce.com/forums/viewtopic.php?t=29627

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

i4media,

 

when loading your login.php page, I get this security alert:

 

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.

 

! The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.

 

! The security certificate has expired or is not yet valid.

 

! The name on the security certificate is invalid or does not match the name of the site

 

the 1st error is just because I choose to not set plesk.com as a trusted company (I have trust issues, ok).

 

the 2nd error, when looking at the info, this security certifiate expired on November 10th... well over a month ago... (one more reason to not trust plesk.com).

 

and the 3rd error, well I get that one on my site sometimes too so I dunno what thats about.

 

then the error about secure/non secure items after I make that other error happy (but still don't trust plesk.com)...

 

the problem here is you base HREF isn't SSL... it is:

<base href="http://www.linzishoes.com/">

 

and should be

<base href="https://www.linzishoes.com/">

The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Link to comment
Share on other sites

the base href code in my PHP files looks like this:

 

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

I dunno it that helps or not

The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Link to comment
Share on other sites

That has to do with the certificate authentication.

 

Sounds like it is not configured correctly for your domain, or it is a shared one and I forget all the ins and outs of it but it needs to match your site to not receive that error.

 

Something about generate this that and the other thing ... which I am sure one of the bright bulbs here on Secure Certificates can much better explain than I ... 8)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...