Jump to content

Archived

This topic is now archived and is closed to further replies.

msaunders

Im Getting a security Alert when Logging In

Recommended Posts

i initaly used what Ajeh posted then i replaced the files with the originals and then i used what you posted. both times i have the same result. currently we have a generic certificate installed on the server for testing only but the message still pop's up.

Share this post


Link to post
Share on other sites

For my "login.php" the first described fix worked well. but oscommerce has this problem also on "address book" adding an address... maybe this should be posted to bugfix list if not already done...?

 

fixed site is: www.golfdiscount.de

 

michael hucke

---

!oscommmerce is really nice!

Share this post


Link to post
Share on other sites

after recieveing the files i installed them and still get no joy with the page has secure and non-secure files on. if anyone has anymore ideas on this matter i would be greatful.

Share this post


Link to post
Share on other sites

Thats a pity . It must be another file its accessing so because those mods work for me . Maybe some of our more experienced users can help.

martin

Share this post


Link to post
Share on other sites

do you have the box-ad mod installed? i was just going thru the same issue with my site and i tried clicking no on showing the non-secure items and the only thing it didn't show were the banner images that were being shown through that block...does this help you more knowledgable guys at all?

Share this post


Link to post
Share on other sites

as an add-on, I too have applied linda's fix but am still getting the error. my site is at www.jeana.com - please any more ideas? I really think it has to do with the ad block....

Share this post


Link to post
Share on other sites

yep - if I take out the box-ad block and teh banners at the bottom, the errors go away ..

 

Is there any way to fix this so that I can use the banners and box-as though? Of course I'll leave them off for now because my customers' feeling of security means more to me than the ads, but its a shame I can't have them on there...

 

Jeana

Share this post


Link to post
Share on other sites

What you can do is setup an IF statement around the images in your footer that are causing there error, so they do not show on secure pages.

 

An example:

 

 

<?php

IF ( $HTTPS !='on' ) {

?>

<tr height="75"><td colspan="3" align="center"><SCRIPT LANGUAGE="javascript" src="http://www.qksz.net/1e-5brd"></SCRIPT></td></tr>

<tr height="75"><td colspan="3" align="center"><?php echo BCENTRAL97 ?></td></tr>



<?php

}

?>

 

These things only show on non-secure pages and no more error msg :D

Share this post


Link to post
Share on other sites

Thank you Linda, but I'm not *that* familiar with PHP...can you please elaborate a little more? For instance, for the box-ad code below, how or where would I insert your code?

<!-- banner-ad-in-a-box //-->

<?php

 if ($banner = tep_banner_exists('dynamic', BOX_AD_BANNER_TYPE)) {

?>

         <tr>

           <td>



<?php

   $bannerstring = tep_display_banner('static', $banner);



   $info_box_contents = array();

   $info_box_contents[] = array('align' => 'left',

                                'text'  => BOX_AD_BANNER_HEADING

                               );

   new infoBoxHeading($info_box_contents, false, false);



   $info_box_contents = array();

   $info_box_contents[] = array('align' => 'center',

                                'text'  => $bannerstring

                               );

   new infoBox($info_box_contents);

?>

           </td>

         </tr>

<?php

 }

?>

<!-- banner-ad-in-a-box_eof //-->

Share this post


Link to post
Share on other sites

Actually I made a banner manager add-on to handle that.

 

Rather than shut off all banners, the Banner Manager now has options that let you set the banners as secure page, open new window etc.

 

But for a quick fix, you would surround that whole if with the if I gave you.

 

Something along the lines of:

 

<!-- banner-ad-in-a-box //--> 

<?php 

if ( $HTTPS !='on' ) {

 if ($banner = tep_banner_exists('dynamic', BOX_AD_BANNER_TYPE)) { 

?> 

         <tr> 

           <td> 



<?php 

   $bannerstring = tep_display_banner('static', $banner); 



   $info_box_contents = array(); 

   $info_box_contents[] = array('align' => 'left', 

                                'text'  => BOX_AD_BANNER_HEADING 

                               ); 

   new infoBoxHeading($info_box_contents, false, false); 



   $info_box_contents = array(); 

   $info_box_contents[] = array('align' => 'center', 

                                'text'  => $bannerstring 

                               ); 

   new infoBox($info_box_contents); 

?> 

           </td> 

         </tr> 

<?php 

 } 

}

?> 

<!-- banner-ad-in-a-box_eof //-->

Share this post


Link to post
Share on other sites
after recieveing the files i installed them and still get no joy with the page has secure and non-secure files on. if anyone has anymore ideas on this matter i would be greatful.

I have been battling with this one for ages too, I have found a kind of fix for the problem, a bit messy though but it works, see : http://www.forums.oscommerce.com/viewtopic...5853&highlight=


Best wishes

Steve

Share this post


Link to post
Share on other sites

Hi,

 

I have an interesting problem. I have made the edits suggested by Linda, and all is fine so long as I have 'search engine friendly url's' enabled. As soon as I turn them off, I get the alert back again at checkout confirmation!

 

I am using a snapshot from 12th Nov and have edited html_output with some search engine code for removing sid's.

 

Any ideas?

 

Val

Share this post


Link to post
Share on other sites

I went to the pages you mentioned to make the edits and i didn't see that text. Does that mean that i have to add all of that text to each respective page? And where do i put that info?

I'm having the same darn problem.

Thanks,

pete

Share this post


Link to post
Share on other sites

Could you tell me WHERE to put this in the catalog/login.php??? I need to get this fixed.....

Thanks tond for any help - you're the only solution in all the messages I haven't tried yet. Vikki

 

This is due to the images on the site and that you are switching from secure to non-secure.

 

To correct this, edit in /catalog/login.php

 

// BOF: WebMakers.com Added: Removed Security Alert Message

// add 'SSL' to both links

       if (sizeof($navigation->snapshot) > 0) {

         $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), 'SSL');

         $navigation->clear_snapshot();

         tep_redirect($origin_href);

       } else {

         tep_redirect(tep_href_link(FILENAME_DEFAULT,'','SSL'));

       }

// EOF: WebMakers.com Added: Removed Security Alert Message

 

Then edit in /catalog/includes/application_top.php in the case 'notify':

 

                                // BOF: WebMakers.com Added: Fix redirect on security alert

                               tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'SSL'));

                               // EOF: WebMakers.com Added: Fix redirect on security alert

 

This should correct the Security Alert in most browsers.

Share this post


Link to post
Share on other sites

If you take a peice of the code and search for it then it is easier to find ... :D

 

Try around line 56 in login.php

 

In application_top.php under the case statement for:

 

      case 'notify' :         if (tep_session_is_registered('customer_id')) {

                               if ($HTTP_GET_VARS['products_id']) {

                                 $notify = array($HTTP_GET_VARS['products_id']);

                               } elseif ($HTTP_POST_VARS['notify']) {

                                 $notify = $HTTP_POST_VARS['notify'];

                               } else {

                                 tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'NONSSL'));

                               }

                               for ($i=0; $i<sizeof($notify); $i++) {

                                 $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $notify[$i] . "' and customers_id = '" . $customer_id . "'");

                                 $check = tep_db_fetch_array($check_query);

                                 if ($check['count'] < 1) {

                                   tep_db_query("insert into " . TABLE_PRODUCTS_NOTIFICATIONS . " (products_id, customers_id, date_added) values ('" . $notify[$i] . "', '" . $customer_id . "', now())");

                                 }

                               }

                               tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'NONSSL'));

                             } else {

                               $navigation->set_snapshot();

                               tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

                             }

                             break;

Share this post


Link to post
Share on other sites

All right - I did add this exact code where you said and it still didn't fix the security alert in IE.

 

Vikki

Share this post


Link to post
Share on other sites

I tried everything you guys have write and nothing works, i still getting the warning with the Secure and nonsecure server...

 

If someone knows how to fix that please let me know, i need to fix this issue asap

Share this post


Link to post
Share on other sites
I tried everything you guys have write and nothing works, i still getting the warning with the Secure and nonsecure server...

 

If someone knows how to fix that please let me know, i need to fix this issue asap

 

have a look at this thread too:

http://forums.oscommerce.com/viewtopic.php?t=29627


"Politics is the art of preventing people from taking part in affairs which properly concern them"

Share this post


Link to post
Share on other sites

Also check you are not pulling in additional images from non-secure locations.

Share this post


Link to post
Share on other sites

i4media,

 

when loading your login.php page, I get this security alert:

 

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.

 

! The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.

 

! The security certificate has expired or is not yet valid.

 

! The name on the security certificate is invalid or does not match the name of the site

 

the 1st error is just because I choose to not set plesk.com as a trusted company (I have trust issues, ok).

 

the 2nd error, when looking at the info, this security certifiate expired on November 10th... well over a month ago... (one more reason to not trust plesk.com).

 

and the 3rd error, well I get that one on my site sometimes too so I dunno what thats about.

 

then the error about secure/non secure items after I make that other error happy (but still don't trust plesk.com)...

 

the problem here is you base HREF isn't SSL... it is:

<base href="http://www.linzishoes.com/">

 

and should be

<base href="https://www.linzishoes.com/">


The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Share this post


Link to post
Share on other sites

the base href code in my PHP files looks like this:

 

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

I dunno it that helps or not


The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Share this post


Link to post
Share on other sites

That has to do with the certificate authentication.

 

Sounds like it is not configured correctly for your domain, or it is a shared one and I forget all the ins and outs of it but it needs to match your site to not receive that error.

 

Something about generate this that and the other thing ... which I am sure one of the bright bulbs here on Secure Certificates can much better explain than I ... 8)

Share this post


Link to post
Share on other sites

×