Shared SSL with 1and1 - I'm going crazy!

[darrenultra 0]

Hi,

 

I really hope someone can help me with this problem ...my brain is in knots after endless scouring of forums looking for a solution.

 

I recently moved my website from my local server to 1and1. I then set up shared ssl and made changes to my config files. Includes/Configure.php now looks like this:

 

define('HTTP_SERVER', 'http://www.bananafingers.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://sslrelay.com/bananafingers.co.uk'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.bananafingers.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'sslrelay.com/bananafingers.co.uk');

define('HTTP_COOKIE_PATH', '/storeradio/');

define('HTTPS_COOKIE_PATH', '/storeradio/');

define('DIR_WS_HTTP_CATALOG', '/storeradio/');

define('DIR_WS_HTTPS_CATALOG', '/storeradio/');

 

I have also changed Includes/application_top.php to ...adding the line:

$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'sslrelay.com') ? 'SSL' : 'NONSSL';

 

However, when navigating my way around my website it is as if no changes have been made at all. There is no automatic switching from http to https when i get to pages which should be secure (e.g. login.php). Following advice I uploaded the myenv.php file ...these are the results i get when i run the script:

 

HTTP HOST: bananafingers.co.uk

Server Port: 80

SSL Status:

Fowarded Server: sslrelay.com

Fowarded Host: sslrelay.com

Fowarded By: United Internet SSL Proxy

 

When i type https://sslrelay.com/bananafingers/storeradio/login.php directly into the address bar I get the messsage asking whether i want to display nonsecure items and then the page loads (images not shown).

 

When I go to the source code for the page I notice the following line of code:

<base href="">

I have read in a forum that for switching to work properly it should be reading:

<base href="https://sslrelay.com/bananafingers.co.uk/storeradio/">

 

If anyone has any idea ...

1. Whether SSL is working on my site

2. How I can make the site automatically switch to https at the appropriate times

...then please help me!

 

Cheers,

Nick

[d4funky1 0]

Hi,

 

I too am on 1 and 1 was on a shared server but now on managed dedicated.

 

However when i set up my SSL i was on a shared server and i have made no changes to my configure.php file since then so here it is for you to compare with:

 

  define('HTTP_SERVER', 'http://www.mydomainname.co.uk'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.mydomainname.co.uk'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.mydomainname.co.uk');
 define('HTTPS_COOKIE_DOMAIN', '');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_BLOG', 'blog/');

 if ($request_type = 'SSL'){
 define('DIR_WS_IMAGES', 'images/');
 } else {
 define('DIR_WS_IMAGES', 'images/');
 }

[darrenultra 0]

Hi,

 

Thanks for the info - but it looks to me like we have slightly different setups. From your HTTPS_SERVER address it looks to me like you were paying for a dedicated SSL certificate from 1and1. I am trying to use their shared SSL.

 

I think confusion is arising between shared hosting and shared SSL!

 

The bit of code at the bottom looks very useful though. When i type the https page into the address bar the images will not display. I will use your code to specify a different address for them ...so that hopefully they will become visible again.

 

I still need a solution to help me automatically switch to https though ...anyone?!

[d4funky1 0]

Have you tried this:

 

http://addons.oscommerce.com/info/3289

[germ 233]

Look in this file (if it exists):

 

/storeradio/includes/local/configure.php

 

See what it has defined for HTTPS_SERVER

 

If it's not right, fix it.

 

Also, it may have this line:

 

  define('ENABLE_SSL', 0);

If so, change it to this:

 

  define('ENABLE_SSL', 1);

[darrenultra 0]

Hi,

 

Yeah I tried that link. I followed the guidance and acted accordingly. Before finding that link I couldn't get a secure page to show even by typing it into the address bar. It solved that problem - but I'm still not automatically switching between http and https.

Hmm tricky.

 

 

Have you tried this:

 

http://addons.oscommerce.com/info/3289

[darrenultra 0]

Hi Jim,

 

The page you suggested doesn't exist in my catalog ...hope this isn't a problem!

/storeradio/includes/local/configure.php

 

Any other suggestions accepted with arms wide open!

[germ 233]

Well, I'd like to help, but I can't see your web page to find out what's happening.

 

I think this is your site:

 

http://www.bananafingers.co.uk/storeradio

 

But you have a .htaccess file preventing me from seeing it.

:huh:

 

I can't fix what I can't see, and any suggestions are just a shot in the dark...

>_<

[darrenultra 0]

Sorry Jim!

 

The .htaccess is there to stop it being spidered by google too soon. Unfortunately, it is some 1and1 devised file which uses my ftp username and password. I'll see if I can change it to a simple username and password so you can see the site.

[darrenultra 0]

I've managed to change the htaccess username and password

Username: 1234

Password: 1234567

 

If anyone will have a look at the site:

www.bananafingers.co.uk/storeradio/

 

...i would really appreciate it.

 

When you go to the login page you'll see that it doesn't automatically switch to https. However, if you type:

https://sslrelay.com/bananafingers.co.uk/st...radio/login.php

then the webpage loads (the images and stylesheet don't load but i'll solve that later!)

 

you can login as 'jonny@vegas.com' with password 'vegas' ...if this helps.

[germ 233]

Is there an /includes/local/configure.php in your admin folder?

:unsure:

[Eighteen48 0]

I am also on 1and1 and originally had this problem as well.

 

Here is the fix for this.

 

1) Open includes/application_top.php file

 

2) Find around Line 43

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'

 

3) Replace with the following

//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

I hope this helps everybody who is getting the Non-Secure Errors

[darrenultra 0]

No - i don't have an includes/local/configure/php

....hmmm

[germ 233]

You're not using "stock" osC.

 

Maybe it's not coded to use SSL.

 

In your /storeradio/index.php file

 

Search for the term FILENAME_ACCOUNT

 

Post the line it's on, and 5 or so lines on either side.

[Eighteen48 0]

No - i don't have an includes/local/configure/php

....hmmm

 

?

 

there is no such listing, follow my instruction in the post above to fix your SSL errors.

 

I have several stores running on 1and1 Shared SSL as well as several using a dedicated SSL provided by 1and1.

[darrenultra 0]

Hi Ano,

 

I've actually already changed those lines of code. I'm now using the following:

//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
 $request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'sslrelay.com') ? 'SSL' : 'NONSSL';

 

I tried using the code that you suggested ...but I later discovered the solution above. This doesn't help me to automatically switch to https when, for example, I open the login.php page though...

 

If i go to the source code for https://sslrelay.com/bananafingers.co.uk/st...radio/login.php then I find the line:

<base href="">

 

...i know this isn't right ...anyone have the fix?

 

 

 

I am also on 1and1 and originally had this problem as well.

 

Here is the fix for this.

 

1) Open includes/application_top.php file

 

2) Find around Line 43

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'

 

3) Replace with the following

//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

I hope this helps everybody who is getting the Non-Secure Errors

[darrenultra 0]

I have the STS version 4.3.3 contribution installed - could that be what is causing my problem? I couldn't find the lines you were looking for in my storeradio/index.php, presumeably because of STS.

 

However I have the following code in storeradio/includes/modules/sts_inc/general.php

  if (tep_session_is_registered('customer_id')) {
  $sts->template['myaccount'] = '<a href=' . tep_href_link(FILENAME_ACCOUNT, '', 'SSL') . ' class="headerNavigation">' . HEADER_TITLE_MY_ACCOUNT . '</a>';
  $sts->template['urlmyaccount'] = tep_href_link(FILENAME_ACCOUNT, '', 'SSL');
  $sts->template['logoff'] = '<a href=' . tep_href_link(FILENAME_LOGOFF, '', 'SSL')  . ' class="headerNavigation">' . HEADER_TITLE_LOGOFF . '</a>';
  $sts->template['urllogoff'] = tep_href_link(FILENAME_LOGOFF, '', 'SSL');
  $sts->template['myaccountlogoff'] = $sts->template['myaccount'] . " | " . $sts->template['logoff'];
// Next tags added in v4.3
		$sts->template['loginofflogo'] = '<a href=' . tep_href_link(FILENAME_LOGOFF, '', 'SSL') . ' class="headerNavigation">' . tep_image(STS_TEMPLATE_DIR.'images/'.$language . '/header_logoff.gif', HEADER_TITLE_LOGOFF) . '</a>';
} else {
  $sts->template['myaccount'] = '<a href=' . tep_href_link(FILENAME_ACCOUNT, '', 'SSL') . ' class="headerNavigation">' . HEADER_TITLE_MY_ACCOUNT . '</a>';
  $sts->template['urlmyaccount'] = tep_href_link(FILENAME_ACCOUNT, '', 'SSL');
  $sts->template['logoff'] = '';
  $sts->template['urllogoff'] = '';
  $sts->template['myaccountlogoff'] = $sts->template['myaccount'];

 

 

You're not using "stock" osC.

 

Maybe it's not coded to use SSL.

 

In your /storeradio/index.php file

 

Search for the term FILENAME_ACCOUNT

 

Post the line it's on, and 5 or so lines on either side.

[germ 233]

It's coded right:

 

tep_href_link(FILENAME_ACCOUNT, '', 'SSL')

Since I have no experience with STS, I'm out of the picture on that one.

 

My estimation is that it is an STS problem.

 

I can, however, help get your configure.php setup for SSL correctly.

 

I'll be back in a few with that info.

[germ 233]

In your application_top, trry this line:

 

$request_type = ($_SERVER['HTTP_X_FORWARDED_HOST'] == 'sslrelay.com') ? 'SSL' : 'NONSSL';

[darrenultra 0]

I've already made that modification!

 

...anyway ...i need some sleep. It is far too late over here in the UK.

If you have any other ideas let me know - i'll have another go tomorrow.

 

Cheers

 

In your application_top, trry this line:

 

$request_type = ($_SERVER['HTTP_X_FORWARDED_HOST'] == 'sslrelay.com') ? 'SSL' : 'NONSSL';

[germ 233]

No you haven't.

 

You did this:

 

$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'sslrelay.com') ? 'SSL' : 'NONSSL';

I asked for this:

 

$request_type = ($_SERVER['HTTP_X_FORWARDED_HOST'] == 'sslrelay.com') ? 'SSL' : 'NONSSL';

NOT THE SAME!

 

Get your STS problem fixed then post again in this thread and we'll continue.

[darrenultra 0]

My mistake.

If I do make that change though I get the following error message:

Fatal error: Call to undefined function: array() in /homepages/20/d199311416/htdocs/storeradio/includes/application_top.php on line 42

 

...i've therefore reverted back to what I had originally.

 

I don't think I have any STS problem ...possibly a conflict between it and shared SSL?!

 

No you haven't.

 

You did this:

 

$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'sslrelay.com') ? 'SSL' : 'NONSSL';

I asked for this:

 

$request_type = ($_SERVER['HTTP_X_FORWARDED_HOST'] == 'sslrelay.com') ? 'SSL' : 'NONSSL';

NOT THE SAME!

 

Get your STS problem fixed then post again in this thread and we'll continue.

[Eighteen48 0]

I have the STS version 4.3.3 contribution installed - could that be what is causing my problem? I couldn't find the lines you were looking for in my storeradio/index.php, presumeably because of STS.

 

It is not STS, as it does nothing but change your template design, but since you are running STS make sure in your template files your urls especially for graphics are absolute ie

 

images/imagename.jpg

and not this

mysite.com/images/imagename.jpg

 

As this may casue you to have the non-secure error.

[crash3903 1]

Hi Jim,

 

The page you suggested doesn't exist in my catalog ...hope this isn't a problem!

/storeradio/includes/local/configure.php

 

Any other suggestions accepted with arms wide open!

 

Do you have this file?

 

/storeradio/includes/configure.php

[darrenultra 0]

Hi,

 

Yes I have includes/configure.php and have modified it (correctly i think). See the start of this thread - i pasted my settings on my first post.

 

Anyone got any ideas yet? The website is

www.bananafingers.co.uk/storeradio/

You will need this username and password combination to look at it:

username: 1234

password: 1234567

 

The website doesn't automatically switch between http and https. However try typing https://sslrelay.com/bananafingers.co.uk/st...radio/login.php into the address bar.

 

Also try the following to see some ssl settings:

https://sslrelay.com/bananafingers.co.uk/st...radio/myenv.php

...it doesn't mean a lot to me ...but i'm hoping it will to someone!

 

Do you have this file?

 

/storeradio/includes/configure.php