Jump to content

Archived

This topic is now archived and is closed to further replies.

msaunders

Im Getting a security Alert when Logging In

Recommended Posts

That has to do with the certificate authentication.

 

Sounds like it is not configured correctly for your domain, or it is a shared one and I forget all the ins and outs of it but it needs to match your site to not receive that error.

 

Something about generate this that and the other thing ... which I am sure one of the bright bulbs here on Secure Certificates can much better explain than I ... 8)

 

actually I get the last error on my site because of the www in front of my domain... when I registered the cert, I wasn't aware it had to be exact, so I didn't place www in front of the domain... easy fix is either to change the SSL address in configure.php to just https://domain.com or to get a new cert that uses the www in the domain... but thats me and I am not on a shared SSL cert and since I use freessl it costs nothing more than about 5 minutes to generate a new cert...


The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Share this post


Link to post
Share on other sites

I'd get the new certificate ... but then I like things to be pretty and http://www.yourname.com looks so much better than http://yourname.com ... more pro. ... more real ... more like somewhere I'd consider buying from.

 

Sites with numeric addresses, ~ in the secure page, missing www, http://www.yourname.com works but www.yourname.com doesn't or yourname.com doesn't, etc. turn me off greatly.

 

They appear incomplete when I am on a site. And god forbid I hit a directory where I can see file names ... I am out of there. :crazy:

Share this post


Link to post
Share on other sites

hey Linda I hear ya...

 

I prob will get a new cert but tomorrow since I don't wanna wake everyone up when the phone rings (kinda scary order a cert and phone rings and you type in whats on your screen and hit pound and then the page emails your cert to you... ohhh :twisted: ahahah :evil: )

 

I do like the www in front much better than without too... I even made w.mysite.com and ww.mysite.com point to www.mysite.com for those people with stubby fingers... :lol:


The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Share this post


Link to post
Share on other sites

:D

For some people the scripts may work, but i realize after changing the code around like 40 times that the issue wasn't the code.

 

If you look at your catalog/include/header.php and have graphics on a folder out side the catalog/images then you are calling images out side of the secure folder, that means that some files are secure and others not, that makes the warning to come up, that also happens with the footer or any other graphic that you add to the shopping cart.

 

So the solution is very easy, change the source of your pictures to the forlder catalog/images and the warning should go away :o

Share this post


Link to post
Share on other sites

Well, I've read about 100 posts on this issue now and I figure its about time for me to jump on the band wagon too :roll:

 

I'm having the very same issue that everyone, FloydFanatic, and LiveFoodUk, and everyone else are having with the alert box and the no gold lock. I have a shared SSL server at www.cclhosting.com/~icecold/ for my NONSSL site at www.coolercoolers.com.

 

My client is concerned that customers will shy away from buying, and I agree. I've tried Ajeh's fix but it didn't work, and I haven't had time to try LiveFoodUk's fix yet.

 

I'm using a snapshot from 07/02, so that maybe why Ajeh's fix doesn't do it for me. Any help from above would be good about now :wink:

 

I think I may give LiveFoodUk's suggestion a shot, I just hope that it doesn't mess everything up because this is a live shopping cart. Do you have a list of all the files that require your mod LiveFoodUk? Could you post that if youd do?

 

 

...Thanks, that'd be GREEAAATTT!! :twisted:


Installed Modules:

Dynamenu, InfoBox Admin, Master Products v.1.2, Header Tags Controller, Multiple Products Manager, Quick Edit in Admin, Secure Admin, Ultimate SEO URL's, EZ Secure Order, Easy Populate v.2.76d MS2, AuthorizeNet_AIM, ChangeFinal Breadcrumb Title, FedEx Labels, Fedex Direct 2.06, How Did you Hear 1.5, Login a la Amazon, UPS XML 1.2.4, USPS Labels, USPS Methods API MS2

Share this post


Link to post
Share on other sites

Ok, so I'm going to go ahead and answer my own question. I read all the posts, dating back to the invention of the wheel, and saw "make sure no absolute image URL's exist". I was like, what idiot would hard code image urls?? :oops: I totally forgot about the images I used in the stylesheet, as backgrounds for the infoboxes and table headers. If you change all of them from being:

 

background-image: url(http://www.yourdomain.com/catalog/images/infobox/your_background_image.gif);

 

To:

background-image: url(/catalog/images/infobox/your_backgruond_image.gif);

 

...this worked for me, I hope it will for you all still dealing with this previously unscratchable itch.

 

...Thanks, that'd be GREEAATT!! :twisted:


Installed Modules:

Dynamenu, InfoBox Admin, Master Products v.1.2, Header Tags Controller, Multiple Products Manager, Quick Edit in Admin, Secure Admin, Ultimate SEO URL's, EZ Secure Order, Easy Populate v.2.76d MS2, AuthorizeNet_AIM, ChangeFinal Breadcrumb Title, FedEx Labels, Fedex Direct 2.06, How Did you Hear 1.5, Login a la Amazon, UPS XML 1.2.4, USPS Labels, USPS Methods API MS2

Share this post


Link to post
Share on other sites

Well, I got the post wrong, but have corrected it. Instead of making relative background image URL's:

 

/catalog/images/your_background_image.gif

 

One must make absolute SSL background image URL's:

 

https://yoursecureserver.com/catalog/images...round_image.gif

 

...it really works, I tested it and it works NONSSL and vice versa.

 

I should really get some sleep, good luck all and to all a goodnight.


Installed Modules:

Dynamenu, InfoBox Admin, Master Products v.1.2, Header Tags Controller, Multiple Products Manager, Quick Edit in Admin, Secure Admin, Ultimate SEO URL's, EZ Secure Order, Easy Populate v.2.76d MS2, AuthorizeNet_AIM, ChangeFinal Breadcrumb Title, FedEx Labels, Fedex Direct 2.06, How Did you Hear 1.5, Login a la Amazon, UPS XML 1.2.4, USPS Labels, USPS Methods API MS2

Share this post


Link to post
Share on other sites

Your relative image path should be "images/your_background_image.gif" instead of "/catalog/images/your_background_image.gif". This will load the images in correct mode all the time, also if you are using a shared secure server with a wierd URL.

Share this post


Link to post
Share on other sites

my images are loaded images/boxes/table_box.gif and I'm still getting the alert.

The fix Linda suggested did indeed take care of the alert but it made my secure pages very ugly. The column left and right were not in boxes anymore and half the pics were not showing and all font was very large and blue. Any other suggestions?

Share this post


Link to post
Share on other sites

When I go to a secure page and right click on the images and go to properties they all show to be coming from the secure server but I'm still getting that little warning box. I go live in 3 days with no choice and I wanna get this corrected. I'd be scared to purchase from myself so I know alot of customers will be

Share this post


Link to post
Share on other sites

I have just broken things in so many ways ... :shock:

 

After awhile, you start to see them fixed in your head by trying a few things ... and then you go try them and see how fast you can fix it with the least amount of key strokes ... or loss of hair ... :wink:

Share this post


Link to post
Share on other sites

I was pulling my hair out trying to get the "Warning, page contains images which are not secure..." or whatever that warning was.

 

After editing and re-editing the login.php and application_top.php scripts about 10 times, I was about to give up.

 

Then, I had a brainstorm...more like random accident. I noticed that the actual address of two images that I had in the /catalog/images/ folder were complete while the rest of the images on site which were secure did not have complete addresses. I changed the URL to the 2 which were non-secure and ta-da...problem fixed and security warning gone!

 

Example:

Non-Secure pic: http://www.yourdomain.com/catalog/images/p...picturename.jpg

 

Secure pic: images/picturename.jpg

 

I guess the script considers the http://www.yourdomain.com part of the address as non-secure. By removing this and just leaving the folder and image name, problem is fixed!

 

Good luck. :lol:

Share this post


Link to post
Share on other sites
This is due to the images on the site and that you are switching from secure to non-secure.

 

To correct this, edit in /catalog/login.php

 

// BOF: WebMakers.com Added: Removed Security Alert Message

// add 'SSL' to both links

       if (sizeof($navigation->snapshot) > 0) {

         $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), 'SSL');

         $navigation->clear_snapshot();

         tep_redirect($origin_href);

       } else {

         tep_redirect(tep_href_link(FILENAME_DEFAULT,'','SSL'));

       }

// EOF: WebMakers.com Added: Removed Security Alert Message

 

Then edit in /catalog/includes/application_top.php in the case 'notify':

 

                                // BOF: WebMakers.com Added: Fix redirect on security alert

                               tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')), 'SSL'));

                               // EOF: WebMakers.com Added: Fix redirect on security alert

 

This should correct the Security Alert in most browsers.

 

Thanks a lot - worked like a charm :D

Share this post


Link to post
Share on other sites

this fix works like a dream :)

 

However I have spotted another popup and it occurs after the order has been processed when pressing continue

 

Any ideas. Milestone 2.2

 

meandrew

Share this post


Link to post
Share on other sites

HI Linda,

 

As you are the lifesaver for us all, i hope you could assist me on this too,

Baiscally i have followed your instructions and all works fine.. the only problem i get is when i log on i see that i am on the https page which is fine this assures that i am on the SSL page now if click on a product it take me to a http page and i see the login box yet i was loggon on it seems to have take me out any suggestions

Share this post


Link to post
Share on other sites

I have the security prompt message that says the you will directed to a non secure site, when i am on the checkout_success.php page when i have a successful transaction, and i click on the continue button..

 

where do i make amendments to correct this issue.. anyone

 

Also as mentioned before i am still strugling with being logged on a secure page and wanting to complete my shopping it just seems to kick me out and asks me to log on again...

 

would appreciate any help... gettting desperate...

Share this post


Link to post
Share on other sites

×