Jump to content

Archived

This topic is now archived and is closed to further replies.

msaunders

Im Getting a security Alert when Logging In

Recommended Posts

Hi

 

When I enter my cutomer Login, I am getting a security alert warning message.

"You Are about to be redirected to a connection that is not secure. The information you are sending to the current site might be transmitted to a nonsecure site. Do you wish to continue?"

 

Why am I getting this ? My login etc/customer info is stored in an SSL area,

my when I hit login, it is going to a HTTPS location.

 

Can someone enlighten me ?

Thanks

Martin

Share this post


Link to post
Share on other sites

This is due to the images on the site and that you are switching from secure to non-secure.

 

To correct this, edit in /catalog/login.php

 

// BOF: WebMakers.com Added: Removed Security Alert Message

// add 'SSL' to both links

       if (sizeof($navigation->snapshot) > 0) {

         $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), 'SSL');

         $navigation->clear_snapshot();

         tep_redirect($origin_href);

       } else {

         tep_redirect(tep_href_link(FILENAME_DEFAULT,'','SSL'));

       }

// EOF: WebMakers.com Added: Removed Security Alert Message

 

Then edit in /catalog/includes/application_top.php in the case 'notify':

 

                                // BOF: WebMakers.com Added: Fix redirect on security alert

                               tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'SSL'));

                               // EOF: WebMakers.com Added: Fix redirect on security alert

 

This should correct the Security Alert in most browsers.

Share this post


Link to post
Share on other sites

.

Yes, precisely, and I just did it again to be sure, but no luck... *sigh*

 

When is your snapshot from? I be interested in seeing your login.php file, and the HTML source generated by it...

.

Share this post


Link to post
Share on other sites

I have customised the layout for oscommerce cvs 20021014 and installed it onto our web server.

 

I continuousley get the message "you are now being transfered to a page that contains secure and non-secure items" ""YES" "NO" "MORE INFO"" and if i click yes the gold lock dissapears off the bottom of the internet explorer window.

 

I have tried the above solution to the letter but to no avail. i have also tried another couple of solutions on these pages but none seam to work.

 

If there is a solution that does work fully, could you please let us know as i am sure many people have come across this themselves.

Share this post


Link to post
Share on other sites

Hi

 

I know you have said that you followed the instructions but , can you recheck what you edited ? Particularily the /catalog/includes/application_top.php in the case 'notify' . I found this hard to find when I was editing it (the exact line) . Its possible you have edited the wrong line. Its seems strange that it works for some users and not for others.

 

martin

Share this post


Link to post
Share on other sites

Hi again.

 

Take a look at line 340 in your application_top.psp

 

It should read::

 

tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'SSL'));

Share this post


Link to post
Share on other sites

i altered my application top to what you had on your page but i now recieve this message Fatal error: Failed opening required 'includes/classes/breadcrumb.php' (include_path='.:') in /usr/local/psa/home/vhosts/linzishoes.com/httpsdocs/includes/application_top.php on line 420

can you enlighten me if thats possible?

Share this post


Link to post
Share on other sites

Take a look at your application_top again.

Remove the lines you added as suggested by Ajeh at the start of this post.

 

I think this is what you have done wrong here (i think)

 

Add this instead

 

case 'notify' : if (tep_session_is_registered('customer_id')) {

if ($HTTP_GET_VARS['products_id']) {

$notify = array($HTTP_GET_VARS['products_id']);

} elseif ($HTTP_POST_VARS['notify']) {

$notify = $HTTP_POST_VARS['notify'];

} else {

tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'SSL'));

}

Share this post


Link to post
Share on other sites

that problem fixed. but im still getting the error message about displaying secure and non-secure items on the page

Share this post


Link to post
Share on other sites

Ok, now, lets take a look at your login.php

 

 

change what you have to this::

 

if (sizeof($navigation->snapshot) > 0) {

$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), 'SSL');

$navigation->clear_snapshot();

tep_redirect($origin_href);

} else {

tep_redirect(tep_href_link(FILENAME_DEFAULT,'','SSL'));

 

and let me know

Share this post


Link to post
Share on other sites

No,

 

You didnt read my question :)

 

Are you using what I had posted or what Ajeh had posted ???..

Do you wnat me to send you my login.php and my application_top.php files.

Share this post


Link to post
Share on other sites

×