Jump to content

Archived

This topic is now archived and is closed to further replies.

mondos

SSL missing in admin

Recommended Posts

Hi,

i have a problem with SSL on my admin - I followed this advice:

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

QUOTE(djs @ Jun 19 2004, 06:19 PM)

This requires two simple changes. The first one in admin/includes/configure.php, set the HTTP_SERVER define to be your https URL. This will make all the links within admin secure.

 

Example:

CODE

define('HTTP_SERVER', 'https://www.stickyweb.biz'); // eg, http://localhost - should not be empty for productive servers

 

Second, in admin/index.php, add the following just after the require of application_top.php:

 

CODE

if ($_SERVER['HTTPS'] != "on" && substr(HTTP_SERVER, 0, 5) == 'https') {

header("Location: ".tep_href_link(FILENAME_DEFAULT));

}

 

 

This will make sure you start out with a secure link as well.

 

These instructions work, and work well. Cerberus had the right idea, just the wrong file.

 

Dan

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

 

It works SSL mode but I have the following problems (I am sure it is related to some screwed up config settings by following ll kinds of posings in this matter, very confusing for a newbie like me):

 

1. with the change in admin/index.php I get the following message:

"Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked". So I reversed this change.

 

2. I made this change in admin/includes/configure.php:

define('HTTP_SERVER', 'https://ssl.perfora.net/gobosource.com');

 

and it works in SSL mode but somehow several links are not working in partcular links related to contributions, such as downloading QBI iif files or adding products to an order within order administration with the order edit contribution. See details in the config file below where I played with the "DIR_WS_CATALOG" settings, without knowing if this is the right place to tweak.

 

when I switch back to the old settings

"define('HTTP_SERVER', 'http://www.gobosource.com')"

it seems to be working fine.

 

maybe we should rename "configure.php" to "go_figure.php" for users like me. :blush:

 

more:

I applied a change somewhere in a php file in order to get the padlocks to show when ssl is active would have to search for the details.

 

Server root is:

_SERVER["DOCUMENT_ROOT"] /homepages/xx/xxxxxxxxx/htdocs/gobosource

 

 

Questions:

 

1. How to change my config in order to get the links to work?

 

2. Cookies:

Shall I define a cookie path or not, for a shared certificate. I see confusing postings.

My server info tells me:

session.cookie_path /shop/catalog/admin/

 

3. Any other configration/security related suggestions?

 

Here my config files. I am posting both, so hopefully somebody who knows what they are doing (unlike me) can give me some hints.

 

Your help is greatly appreciated.

 

Uli

 

 

 

/admin/includes/configure.php

 

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright ? 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'https://ssl.perfora.net/gobosource.com'); // eg, http://localhost - should not be empty for productive servers

// Switches admin back to non SSL mode

// define('HTTP_SERVER', 'http://www.gobosource.com');

define('HTTP_CATALOG_SERVER', 'http://www.gobosource.com');

define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/gobosource.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/homepages/46/d90146093/htdocs/gobosource'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/shop/catalog/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/homepages/46/d90146093/htdocs/gobosource/shop/catalog/admin/'); // absolute pate required

 

// with this setting, i.e the link for adding a product in order editor generates this link

// https://ssl.perfora.net/shop/catalog/admin/..._product&step=1

// instead it should say:

//https://ssl.perfora.net/gobosource.com/shop/catalog/admin/edit_orders.php?oID=11059&action=add_product&step=1

define('DIR_WS_CATALOG', '/shop/catalog/'); // absolute path required

 

// with this setting the above link for the order editor works but i.e. links in order confirmation emails have "gobosource.com" twice

// https://ssl.perfora.net/gobosource.com/gobo...?order_id=11059

// define('DIR_WS_CATALOG', '/gobosource.com/shop/catalog/'); // absolute path required

 

define('DIR_FS_CATALOG', '/homepages/xx/xxxxxxxx/htdocs/gobosource/shop/catalog/'); // absolute path required

 

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', 'dbxxx.perfora.net'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'xxxxxxxxxxxx');

define('DB_SERVER_PASSWORD', 'xxxxxxxxxxx');

define('DB_DATABASE', 'xxxxxxxxxxxxx');

define('USE_PCONNECT', 'false'); // use persisstent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

// iii 030813 added: Option Type Feature and File Uploading

define('PRODUCTS_OPTIONS_TYPE_SELECT', 0);

define('PRODUCTS_OPTIONS_TYPE_TEXT', 1);

define('PRODUCTS_OPTIONS_TYPE_RADIO', 2);

define('PRODUCTS_OPTIONS_TYPE_CHECKBOX', 3);

define('PRODUCTS_OPTIONS_TYPE_FILE', 4);

define('PRODUCTS_OPTIONS_VALUE_TEXT_ID', 0); //Must match id for user defined "Text" value in db table TABLE_PRODUCTS_OPTIONS_VALUES

 

// for upload links

// define('DIR_WS_CATALOG_IMAGES_UPLOADS', DIR_WS_CATALOG_IMAGES . 'uploads/');

define('DIR_WS_CATALOG_IMAGES_UPLOADS', HTTP_CATALOG_SERVER . '/shop/catalog/images/uploads/');

define('DIR_FS_CATALOG_IMAGES_UPLOADS', DIR_FS_CATALOG_IMAGES . 'uploads/');

?>

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

 

catalog/includes/configure.php

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright ? 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.gobosource.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://ssl.perfora.net/gobosource.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.gobosource.com');

define('HTTPS_COOKIE_DOMAIN', '');

// define('HTTPS_COOKIE_DOMAIN', 'ssl.perfora.net/gobosource.com');

define('HTTP_COOKIE_PATH', '/shop/catalog/');

define('HTTPS_COOKIE_PATH', '');

// define('HTTPS_COOKIE_PATH', '/shop/catalog/');

define('DIR_WS_HTTP_CATALOG', '/shop/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/shop/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/homepages/xx/xxxxxxx/htdocs/gobosource/shop/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// file upload changes

define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/');

define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);

 

// define our database connection

define('DB_SERVER', 'xxxxxx.perfora.net'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'xxxxxxx');

define('DB_SERVER_PASSWORD', 'xxxxxxxxxxx');

define('DB_DATABASE', 'xxxxxxxxxx');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

// CLR 020605 defines needed for Product Option Type feature.

define('PRODUCTS_OPTIONS_TYPE_SELECT', 0);

define('PRODUCTS_OPTIONS_TYPE_TEXT', 1);

define('PRODUCTS_OPTIONS_TYPE_RADIO', 2);

define('PRODUCTS_OPTIONS_TYPE_CHECKBOX', 3);

 

// iii 030813 added: File Uploading: FILE type and UPLOAD_PREFIX

define('PRODUCTS_OPTIONS_TYPE_FILE', 4);

define('UPLOAD_PREFIX', 'upload_');

define('TEXT_PREFIX', 'txt_');

define('PRODUCTS_OPTIONS_VALUE_TEXT_ID', 0); //Must match id for user defined "Text" value in db table TABLE_PRODUCTS_OPTIONS_VALUES

 

define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/');

define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);

?>

 

>>>>>>>>>>>>>>>>>>>>>>>>>>

 

Thanks

Uli

Share this post


Link to post
Share on other sites

Thanks Vgor for your help.

 

I am not sure if somebody even red through my lengthy posting but I finally kind of figured it out.

 

 

I changed:

define('HTTP_CATALOG_SERVER', 'http://www.gobosource.com');

to

define('HTTP_CATALOG_SERVER', 'https://ssl.perfora.net/gobosource.com');

this took care of the order editor problem.

 

just the QBI interface was still not working correctly. I fixed this by editing qbi_create.php, where I changed $_SERVER[php_SELF] to $_SERVER[$PHP_SELF]

the links work now.

 

Uli

Share this post


Link to post
Share on other sites

Okay,

 

After wading through these posts and altering admin/includes/configure.php more times than I can recall, I'm getting the same strange result each time:

 

1. Catalogue SSL works perfectly (from http://secure.raw-pleasure.com)

2. Admin SSL displays error below if I visit it at https://secure.raw-pleasure.com/pleasurecart/admin/index.php but does come up if I visit the same folder it via http without the subdomain

3. If I do get into admin (via http not https) all links are in the format following (backup used for example):

 

https://secure.raw-pleasure.com/pleasurecar...dmin/backup.php

 

Looks fine to me, but all of these links bring up the same error below.

 

 

The error I keep getting is:

 

Not Found

The requested URL /secure/401.shtml was not found on this server.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/1.3.33 Server at www.raw-pleasure.com Port 80

 

 

I would think that maybe my subdomain redirect (secure.raw-pleasure.com to www.raw-pleasure.com/secure) wasn't working, except that the catalogue side of it works perfectly.

 

My are settings are as below, any help appreciated!

 

________________________________________________________

define('HTTP_SERVER', 'https://secure.raw-pleasure.com');

define('HTTP_CATALOG_SERVER', 'https://secure.raw-pleasure.com');

define('HTTPS_CATALOG_SERVER', 'https://secure.raw-pleasure.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/pleasurecart/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/pleasurecart/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

________________________________________________________


"Grrrr! It's time this installation tasted Boomstick..."

Share this post


Link to post
Share on other sites

I did what Leslie said to do and it worked! THANK YOU THANK YOU THANK YOU!!!

 

I've been looking for this cure for over a week now.

Share this post


Link to post
Share on other sites
In admin/includes/configure.php you should change the http_server address to the https address also.? Then the message you see will change to 'You are protected by an unknown ssl connection'.? It says this even when a full ssl cert is installed.

 

Vger

 

 

 

I have https on both CATALOG_SERVER lines and on the SERVER line in my admin/includes/configure.php. It works fine - I get https in the address bar and the yellow padlock in the status bar in IE6 - while browsing all the admin pages. However, on my admin -> Administration page (first page) in the left bototm corner I still get "You are not protected by a secure SSL connection" with the unlocked padlock icon. I dont know how much I should be concerned about that.

 

admin/includes/configure.php.

define('HTTP_SERVER', 'https://www.myshop.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'https://www.myshop.com');
define('HTTPS_CATALOG_SERVER', 'https://www.myshop.com');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

 

 

My second question is about the SSL in the catalog. As soon as the visitor starts the checkout process the adress bar refelcts the SSL layer as should (https) all through teh chekc out process, no weird errors thank G-d. BUt there is NO yellow padlock in the status bar. Is that normal?

 

catalog/includes/configure.php.

define('HTTP_SERVER', 'http://www.myshop.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.myshop.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.myshop.com');
define('HTTPS_COOKIE_DOMAIN', 'www.myshop.com');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

My shop is not live yet, I actually had installed osC just a few hours ago, and am trying to set it up to be ready to accept some real inventory. Took me a big part of the day to get the .htaccess password protection for my admin area right. That is due to the all hated godaddy hosting. I guess i stick with them for the 24/hr phone support, and ofcourse the price. Maybe its a bad idea anyway ... I used an .htpasswd generator that i found on the web, there were tons of them available so i just chose the one that looked good. My confusion is that if every time it generates a different encrypted charecter combination for teh same password, how does the password reslove into that specific combination entered into the .htpasswd file? I donno, maybe its out of the scope of what im suposed to understand at this point, i was just curious.

 

Also when i change my admin folder name ... what files hold references to the admin folder so i can update them (accept of course my self made .htaccess :rolleyes: )


People dont change, people realize.

Share this post


Link to post
Share on other sites

In addition to using SSL in the admin area (I've been following this thread) I want to change the password to enter the admin area. Is this as easy as using the file manager in cPanel and change the password there, or changing the password for the mySQL database associated with the shopping cart? If so, what are some precautions to avoid breaking osCommerce?

 

Michael Y

Share this post


Link to post
Share on other sites

Hi

 

I have the same problem.

 

But my web hoster said the following two opinions are only applied to SSL enabled site and can't be applied to my site.

 

1. The simplest fix is the best. In admin/includes/configure.php change http://www.yourdomain.com to https://www.yourdomain.com. All sub-folders and pages in the 'admin' section are then run under ssl.

 

 

2. by just changing the followingin admin/local/config.php:

 

change

define('HTTP_SERVER', 'http://www.host.com');

to

define('HTTP_SERVER', 'https://www.host.com');

 

To enable SSL, I need to have a static IP address. Is it the shttp: address?

 

Thanks in advance.

 

XG04

Share this post


Link to post
Share on other sites

I could do with some help with this as well...

 

I have put my admin section under SSL and changed the necessary configure.php files and all seems to be OK in as far as all the admin pages are protected by SSL, but when I add images for products via the admin pages the images are put in catalog/admin/images/ . This means that the images don't display within the catalog as it is looking for the images in catalog/images

 

Is there a simple fix (I'm sure I just need to alter some of the paths in the configure.php files) but I'm not sure whoich ones and how.

 

Any help appreciated.

 

Thanks.

Alan.

Share this post


Link to post
Share on other sites
2.2 MS2 Installed from Plesk 7.5.1

 

I tried this and all links are now secure but I now get this error when I click on "Catagories/Products":

 

Warning: is_dir(): open_basedir restriction in effect. File(/home/httpd/vhosts/mydomain.com/httpdocs/shop/images/) is not within the allowed path(s): (/home/httpd/vhosts/mydomain.com/httpsdocs:/tmp) in /home/httpd/vhosts/mydomain.com/httpsdocs/shop/admin/categories.php on line 326

 

Error Error: Catalog images directory does not exist: /home/httpd/vhosts/mydomain.com/httpdocs/shop/images/

 

And just under the "Categories / Products" heading I get this:

 

Warning: file_exists(): open_basedir restriction in effect. File(/home/httpd/vhosts/mydomain.com/httpdocs/shop/images/travelcarr.gif) is not within the allowed path(s): (/home/httpd/vhosts/mydomain.com/httpsdocs:/tmp) in /home/httpd/vhosts/mydomain.com/httpsdocs/shop/admin/includes/functions/general.php on line 230

 

Has anyone experienced this?  Any ideas on a fix?

 

I have the same issue.  Unfortunately the default settings - at least in my Plesk setup - serve HTTP and HTTPS docs from 2 different directories. (httpdocs & httpsdocs).  I can't see a solution except to change the value for the http server in the config files as suggested here. I'd love to hear a better one though...

 

I really can not find anyone that has clearly explained how to resolve this issue. All of the previous steps have been tested for hours. Any ideas on how to get this issue resolved? Anyone?

Share this post


Link to post
Share on other sites
I really can not find anyone that has clearly explained how to resolve this issue. All of the previous steps have been tested for hours. Any ideas on how to get this issue resolved? Anyone?

 

I gave up on using the default Plesk layout with separate httpdocs and httpsdocs. I manually edited $HOME/conf/httpd.include (I had to su to root to do this, running on RedHat Linux), and changed all references to httpsdocs to be httpdocs, and restarted the Apache HTTP Server. Thus SSL will use the same directory structure as NON-SSL. Note that with this manual change outside of Plesk that any change later using Plesk will remove the change and it will have to be re-edited manually.

 

I applied the code changes listed early in this forum thread to adjust the third parameter to 'UNSET' to the tep_href_link function in html_output.php. Then I found every php file that called the tep_href_link with the 3rd parameter set to 'NONSSL' and changed that to 'UNSET'.

 

Lastly, I put the following in catalog/admin/login.php:

if ($_SERVER['SERVER_PORT'] != 443) {

header("Location: https://www.$SERVER_NAME$REQUEST_URI");

exit;

}

 

This was inserted just before the "require('includes/application_top.php');" statement. The code forces the admin login to be in SSL always.

 

I hope this helps.

Share this post


Link to post
Share on other sites
I gave up on using the default Plesk layout with separate httpdocs and httpsdocs.  I manually edited $HOME/conf/httpd.include (I had to su to root to do this, running on RedHat Linux), and changed all references to httpsdocs to be httpdocs, and restarted the Apache HTTP Server.  Thus SSL will use the same directory structure as NON-SSL.  Note that with this manual change outside of Plesk that any change later using Plesk will remove the change and it will have to be re-edited manually.

 

I applied the code changes listed early in this forum thread to adjust the third parameter to 'UNSET' to the tep_href_link function in html_output.php.  Then I found every php file that called the tep_href_link with the 3rd parameter set to 'NONSSL' and changed that to 'UNSET'.

 

Lastly, I put the following in catalog/admin/login.php:

if ($_SERVER['SERVER_PORT'] != 443) {

  header("Location: https://www.$SERVER_NAME$REQUEST_URI");

  exit;

}

 

This was inserted just before the "require('includes/application_top.php');" statement.  The code forces the admin login to be in SSL always.

 

I hope this helps.

 

I have encountered a problem with the always-on SSL for catalog/admin. When I access the categories.php page with action=new_product, then click on the button to add "Products Image", this error is displayed:

 

--

An error has occurred in the script on this page.

Line: 55

Char: 1

Error: 'opener._editor_url' is null or not an object

Code: 0

URL: http://[mywebsitename]/catalog/admin/htmlarea/popups/insert_image.html?products_image_med

Do you want to continue running scripts on this page? [yes] [no]

--

 

It seems the javascripts will not work with https:// because when I changed the URL in the web browser (IE6) to http:// the insert_image.html worked just fine.

 

Does anyone have a full solution to SSL for osCommerce admin?

The software release is based on the creloaded 6.15 version of osCommerce.

Share this post


Link to post
Share on other sites
I have encountered a problem with the always-on SSL for catalog/admin.  When I access the categories.php page with action=new_product, then click on the button to add "Products Image", this error is displayed:

 

--

An error has occurred in the script on this page.

Line: 55

Char: 1

Error: 'opener._editor_url' is null or not an object

Code: 0

URL: http://[mywebsitename]/catalog/admin/htmlarea/popups/insert_image.html?products_image_med

Do you want to continue running scripts on this page? [yes] [no]

--

 

It seems the javascripts will not work with https:// because when I changed the URL in the web browser (IE6) to http:// the insert_image.html worked just fine.

 

Does anyone have a full solution to SSL for osCommerce admin?

The software release is based on the creloaded 6.15 version of osCommerce.

I've recently continued the development of the same site I was attempting to setup with Admin under SSL. I was glad to see these replies but dissapointed in the amount of overall response from the community. If anyone has any solutions could you please offer some assistance? We are under Plesk Hosting with root access.

Share this post


Link to post
Share on other sites
I've recently continued the development of the same site I was attempting to setup with Admin under SSL. I was glad to see these replies but dissapointed in the amount of overall response from the community. If anyone has any solutions could you please offer some assistance? We are under Plesk Hosting with root access.

 

 

I have worked in both site admin and myweb site are SSL secured but something I didn't understand why when I filed

 

mywebsite.com/admin I have this

 

The webpage cannot be found

HTTP 404

Most likely causes:

There might be a typing error in the address.

If you clicked on a link, it may be out of date.

 

What you can try:

Retype the address.

 

Go back to the previous page.

 

Go to and look for the information you want.

 

More information

 

This error (HTTP 404 Not Found) means that Internet Explorer was able to connect to the website, but the page you wanted was not found. It's possible that the webpage is temporarily unavailable. Alternatively, the website might have changed or removed the webpage.

 

For more information about HTTP errors, see Help.

 

when I filed www.mywebsite.com/admin everythings fine

 

any idea how to force admin section to www

 

and one more thing I have message in mywebsite when I hit CHECKOUT

 

 

This page contains both secure and nonsecure items

 

Do you want to display nonsecure items?

 

I was used advance who was give to utheissen That works realy thank you

Any ideas about how to fix this two things :'(

 

Thank you in advance

Share this post


Link to post
Share on other sites

Okay I am a littel confused, I have the store up and running and just installed SSL do to customers request, my questions is, what are the steps to add SSL to a site that is already running?

Share this post


Link to post
Share on other sites

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi Leslie

 

I don't have this file: includes/local/configure.php

 

in this directory includes/local/ I have a files called:

.cvsignore and README

 

 

 

i fixed the problem withe the following changes.

in admin/includes/local/configure.php

 

change

define('HTTP_SERVER', 'http://www.host.com');

to

define('HTTP_SERVER', 'https://www.host.com');

define('HTTPS_SERVER', 'https://www.host.com');

 

change

define('ENABLE_SSL', 0);

to

define('ENABLE_SSL', 1);

in admin/includes/configure.php

 

change

define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module

to

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

in catalog/includes/local/configure.php

 

change

define('HTTP_SERVER', 'http://www.host.com');

to

define('HTTP_SERVER', 'https://www.host.com');

define('HTTPS_SERVER', 'https://www.host.com');

 

change

define('ENABLE_SSL', 0);

to

define('ENABLE_SSL', 1);

in catalog/includes/configure.php

 

change

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

to

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

hope this may help

Share this post


Link to post
Share on other sites

×