Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Implementation Help


germ

Recommended Posts

  • 2 weeks later...
  • Replies 414
  • Created
  • Last Reply
  • 4 weeks later...

You probably have "unsecure content" (i.e. scripts or images loaded from http sources on the https pages)

 

My guess is your main browser is probably Firefox.

 

Try using Internet Explorer. My guess is you'll get the infamous "unsecure content" warning.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Can't offer any more help without the URL (posted or by PM).

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I can't help debug the problem with your "band-aid" in place.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

  • 2 weeks later...

Germ,

I am having problems with my site. everything was working to my knowledge and we were able to check out. my provider (Network Solutions) changed or upgraded their PHP and I started getting errors about eregi and have been fixing them with preg_match. at the same time I have been checked for PCI compliance. they say my cert is not correct. all my browsers say that there is a valid ssl cert in place but I the SSL checks in OsCom don't pass, but I get the Blue Bar and Locked Lock. I have installed your checker files can you check this for me.

 

David

I PMed my site address to you.

Link to comment
Share on other sites

I can find nothing wrong with your SSL.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Are you using IIS rather than Apache for a server? Different servers use different ways to deal with SSL. Some have getenv('HTTPS') returning 'on' or '1', while others require you to look at the port number (see previous page). You may have to do some snooping around your code to see where $_SERVER['HTTPS'] gets set, and possibly set it manually, or at least investigate (with your host) why it's NULL instead of some expected value. I don't even see $_SERVER['HTTPS'] used in the vanilla code -- is this used in an add-on? See http://us.php.net/manual/en/reserved.variables.server.php . Note that this listing warns that there is no guarantee that any of these $_SERVER elements will be defined!

Link to comment
Share on other sites

if I check the $_SERVER['HTTPS'] environment variable it returns NULL . Does this indicate a not secure connection?

 

Your config file is screwed up because the shop is SSL all the time. Read this.

 

It applies to you as well.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

  • 2 weeks later...

I have enabled SSL in oscommerce installation. In our secure pages (eg )https://farma10.com/farmacia-online/login.php IE and Chrome warn about non secure content. I check that all image and link pathes are relative.

In IE I can see that it does not load the stylesheet (the page is displayed with the images but without styles). If I see the source code from IE, I see

 [/color]
<base href="http://farma10.com/farmacia-online/">
[color="#000000"]

when it should be with the 's'. After reading this threat I think the problem is in application_top.php but any change that you propose for

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

didn't work.

Could you please guide me to solve the problem?

My includes/configure.php:

 define('HTTP_SERVER', 'http://farma10.com');
 define('HTTPS_SERVER', 'https://farma10.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', '.farma10.com');
 define('HTTPS_COOKIE_DOMAIN', '.farma10.com');
 define('HTTP_COOKIE_PATH', '/farmacia-online/');
 define('HTTPS_COOKIE_PATH', '/farmacia-online/');
 define('DIR_WS_HTTP_CATALOG', '/farmacia-online/');
 define('DIR_WS_HTTPS_CATALOG', '/farmacia-online/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');[/color]
[color="#000000"]

 

My myenv.php:

Version 1.2[/b][/color]
[color="#000000"]SSL Variables[/color]
[color="#000000"]HTTP HOST: [][/color]
[color="#000000"]Server Port: [80][/color]
[color="#000000"]SSL Status: [undefined!][/color]
[color="#000000"]Fowarded Server: [farma10.com][/color]
[color="#000000"]Fowarded Host: [farma10.com][/color]
[color="#000000"]Fowarded By: [undefined!][/color]
[color="#000000"]$_SERVER['HTTPS']: [undefined!][/color]
[color="#000000"]Warning!!![/color]
[color="#000000"]The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!![/color]
[color="#000000"]

 

NONSSL Variables
HTTP HOST: []
Server Port: [80]
SSL Status: [undefined!]
Fowarded Server: [undefined!]
Fowarded Host: [undefined!]
Fowarded By: [undefined!]
$_SERVER['HTTPS']: [undefined!]
Load: 1

My cfgchk.php:

[b]File Permissions:[/b] [b]0444[/b]

Found HTTPS_SERVER:

[b]define('HTTPS_SERVER', 'https://farma10.com');[/b]

[b]HTTPS URL passed check![/b]

Found ENABLE_SSL.

[b]define('ENABLE_SSL', true);[/b]

[b]SSL enable passed check![/b]

Found HTTPS_COOKIE_DOMAIN:

[b]define('HTTPS_COOKIE_DOMAIN', '.farma10.com');[/b]

[b]HTTPS_COOKIE_DOMAIN line parsed![/b]



Parsing application_top.php for SSL detection key...

Found SSL detection key:

[b]$request_type = (getenv('HTTPS') == 'on') ? [/b][b]'SSL' : 'NONSSL';[/b]



Done!

 

 

Thank you,

Santi

Link to comment
Share on other sites

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I contacted the server and they informed me that the variable used is HTTP_HTTPS. I placed in application_top:

$request_type = ($_SERVER['HTTP_HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

and works perfectly.

Thank you very much, Jim.

Santi

Link to comment
Share on other sites

  • 1 month later...

Hi Germ,

I have been having the same issue as above, where all browsers are giving a mixed content warning when entering the cart. The shop is still under development but it's release has been delayed due to this problem. I have installed all of your test files in the cataloge can you please have a look at what is causing this problem? I will pm you my site if you could please help.

Thanks,

Glenn

Link to comment
Share on other sites

You must be on one of those servers that have different folders for SSL and NONSSL.

 

You'll need to copy the contribution files to the SSL folders for them to work.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Hi Yes you are correct. The hosting company set up a secure folder and copied all of my shop from the public folder to the secure folder. I just realized they copied the files before I modded the configure files, could this be the issue? I just uploades your test file to the secure folder could you please have a look?

Thanks for the help, I was really getting fustrated dealing with Bell Hosting (3 techs and 3 different answers).

Link to comment
Share on other sites

Looks like you've diagosed the problem correctly.

 

From what I can see if you copy the /shop/includes/configure.php file from the NONSSL folder to the SSL folder you'll probably be good to go

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

  • 2 months later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...