Jump to content

Archived

This topic is now archived and is closed to further replies.

germ

SSL Implementation Help

Recommended Posts

If that code isn't in application_top, I really wouldn't have a clue.

:blush:

 

If you can find where $request_type gets set I can help change it to something that will work.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

The earliest version of this file I can find is this:

 

  $Id: application_top.php,v 1.264 2003/02/17 16:37:52 hpdl Exp $

 

That's about a month newer than yours

 

It has this code:

 

// define the project version
 define('PROJECT_VERSION', 'osCommerce 2.2-MS1');

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Don't know if that helps at all.

 

That particluar test won't work fot you.

 

The one below should:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTP_X_FORWARDED_SERVER') == 'ssl.perfora.net') ? 'SSL' : 'NONSSL';


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi Germ,

 

My web host is on justhost. I just purchase Geotrust SSL. If I click "checkout" button on the shipping cart page, it brings me back to the shopping cart page with "Your Shopping Cart is empty!"

 

My URL is www.dhfashionusa.com.

 

I have run your help php files and cannot see any errors?

 

Your help is very much appreciated.

 

Thanks,

Share this post


Link to post
Share on other sites

In the config file try changing this:

 

  define('HTTPS_COOKIE_DOMAIN', 'dhfashionusa.com');

 

To:

 

  define('HTTPS_COOKIE_DOMAIN', 'www.dhfashionusa.com');

 

Or this:

 

  define('HTTPS_COOKIE_DOMAIN', '.dhfashionusa.com');


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Thank you for your quick reply.

 

I tried both. The problem is still there. Your php files still on the web site you can run them to see if there are any issue.

 

Thanks,

Share this post


Link to post
Share on other sites

It only empties the cart in Firefox.

 

It stays intact using IE

 

Try setting "Force Cookie Use" to false in your admin.

 

Save it.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi Germ,

 

When I set "force cookie use" to false, it works even with cookie_domain "dhhandbag.com". Does "force cookie use = false" have some other side impacts?

 

Thanks,

Share this post


Link to post
Share on other sites

The side effect being the osCid appears in the browser address bar now.

 

I think the whole problem is that the SSL cert is issued to the domain name without the WWW.

 

Edit the config file to this:

 

  define('HTTP_SERVER', 'http://dhfashionusa.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://dhfashionusa.com'); // eg, https://localhost - should not be empty for productive servers

 

I see you have one of the SEO URL mods installed so you might have to edit the .htaccess file also.

 

The goal here is to remove the "www." from all your URL's

 

After you have done that you can try forcing cookies again and see if the problem comes back.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi Germ,

 

You are great. Thank you very much. After I changed http_server without www, it works with force_cookie option.

 

As I remembered my ssl only covers one domain either with or withour www. Does that mean I have to buy two SSLs?

 

Thanks,

Share this post


Link to post
Share on other sites

You can ony have one SSL cert. for a domain, either with or without the "www."


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi Germ,

 

Does that mean I should use SSL to cover the domain with WWW. In that way the normal config setting will work, i.e. HTTP with www and HTTPS without www.

 

Thanks,

Share this post


Link to post
Share on other sites

You can't use WWW. with your SSL without getting a new cert.

 

I thought you had it all working, but the cart still dumps using Firefox, still OK with IE.

 

In your admin under Sessions what do you have these set to:

 

Force Cookie Use

Check SSL Session ID

Check User Agent

Check IP Address

Prevent Spider Sessions

Recreate Session


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi Germ,

 

I rechecked and found "add cart" doesn't work too when I change www to no-www.

 

The settings are:

Force Cookie Use: True

Check SSL Session ID: False

Check User Agent: False

Check IP Address: False

Prevent Spider Sessions: True

Recreate Session: False

 

My previous question is that when I renew or puchase new SSL, should I ask ssl to cover www?

 

Thanks,

Share this post


Link to post
Share on other sites

Hi

I just got SSL set on my web server (was done by the hosting company) i have followed all the instructions on the first post and nothing seems to resolve my issue.

I have followed several threads but haven't found anything related to my issue.

 

The problem is I cannot access any of my web-pages that require SSL encryption, notably the account, cart and checkout.

All i get is a big scary looking 500 - Internal Server Error.

Does this mean one of my files has the wrong permission levels?

My log files show the following, but i am not web savvy enough know exactly what it means.

 

Premature end of script headers: /home/******/public_html/catalogue/account.php

SoftException in Application.cpp:422: Mismatch between target UID (99) and UID (504) of file "/home/*****/public_html/catalogue/account.php"

 

 

 

Any help would be much appreciated

Share this post


Link to post
Share on other sites

Make a simple HTML file, call it test.html

 

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<title>Down for Maintenance</title>
</head>

<body bgcolor="#ffffff">
<table width="100%" border="0" cellspacing="2" cellpadding="0" height="100%">
 <tr>
   <td>
     <div align="center">
       <font size="7">Store Down for Maintenance.<br>Please check back later.</font></div>
   </td>
 </tr>
</table>
</body>
</html>

 

Up load it to the catalog folder.

 

Access it with your SSL URL:

 

https://your_domain.com/catalog/test.html

 

or

 

https://www.your_domain.com/catalog/test.html

 

If that doesn't work then the problem is something I can't fix - contact your host to fix it.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

hi Germ

that html file worked ok

 

i downloaded the SSL Help and it works too.

Although i have no real idea what it means

 

catalog configure file(s)seem alright though all green

Share this post


Link to post
Share on other sites

If you want any more from me you'll have to post (or PM me) your URL so I can see first hand what's up.

 

Even then I can't guarantee anything other than I'll give it my best.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

hi Germ

the Hosting guys got back to me looks like they didn't set up the Virtual Host for the domain name properly.

 

They said 'Now the scripts are parsed properly and the pages load without any issues.'

 

The good thing is i can now see account, cart and checkout pages on the site, but (in firefox)the Green bar in the URL flashes up and dissappears

and in internet explorer the warning are all over the place!

Share this post


Link to post
Share on other sites

My Firefox (not the latest version) shows an encrypted connection.

 

I get the "unsecure items" popup in Internet Explorer because of this line in the source:

 

<script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>

 

You can't load scripts or images from http source on https pages.

 

Download the script from there, put it in your shop folder and then the proper code becomes:

 

<script type="text/javascript" src="jquery-latest.js"></script>

 

That will load on secure pages with no problem.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

My Firefox (not the latest version) shows an encrypted connection.

 

I get the "unsecure items" popup in Internet Explorer because of this line in the source:

 

<script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>

 

You can't load scripts or images from http source on https pages.

 

Download the script from there, put it in your shop folder and then the proper code becomes:

 

<script type="text/javascript" src="jquery-latest.js"></script>

 

That will load on secure pages with no problem.

Alternatively this will work

<script type="text/javascript" src="<?php echo (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on') ? 'https://' : 'http://') . 'code.jquery.com/jquery-latest.js'; ?>"></script>

Share this post


Link to post
Share on other sites

The site that hosts the script doesn't support https - I tried it.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi Germ

do i need to replace that bit of script in all of the shop files or can i get away with just the files relating

to the secure pages?

This bit of code 'http://code.jquery.com/jquery-latest.js' is designed to get the latest javascript code, now

that i am removing it do i have to update the script from time to time?

 

Also i was trying to get the unsecure.php programme to work. Don't what i have been doing wrong!

All i have to do below is change the 'yourdomain.com' is that correct?

 

http://www.yourdomain.com/unsecure.php?site=https://site.com/page.php

 

Just wanted to see it working, thanks for you help

Share this post


Link to post
Share on other sites

If the jquery script works now it will continue to work.

 

Check for updates if you like.

 

The correct URL for the unsecure program to work for you is:

 

http://www.YOUR_DOMAIN.com/shop/unsecure.php?site=https://www.YOUR_DOMAIN.com/shop/index.php


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

hi Germ

just want to thank you for getting back to me so quickly and helping me sort the problematic coding.

I'm a complete novice at this stuff and had been doing a lot of reading before i mailed this forum

so i could get a little bit of an idea of what was going on with SSL never mind what to do!

 

Excuse my way of writing especially about the javascript...'http://code.jquery.com/jquery-latest.js'

sounded like i knew what it meant...i'm dyslexic but try to hid it! It seems by your reply the file

that the href collects rarely changes. Why doesn't everybody have the script in their catalogue or do they

only have it by necessity for SSL purposes?

 

i had to get rid of all the offending code from every file

<script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>

 

And i just like to say the site is working perfectly. Cheers

Jim

Share this post


Link to post
Share on other sites

Hi Guys,

 

Perhaps you can help me out as well.

 

I set up a dedicated SSL with fixed IP etc. At first I got problems with all the image files (like the icon for folders and like the product images) on both shop and admin console.

Then I changed to the recommended configuration for 1AND1 (although I am on LONEX):

 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

and that sorted it for the shop site (ordering an item, going into cart via https works), but I keep getting the problem for the admin console. Every image is showing the stolen.gif (linking images is theft) because of the htaccess implementation against hotlinking:

 

# stop hotlinking (gif/jpg) and serve alternate content

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www\.)?decobio\.com/.*$ [NC]

RewriteRule .*\.(gif|jpg)$ http://www.decobio.com/images/stolen.gif [R,NC,L]

</ifModule>

 

So, I am left with a couple of questions:

1. how to solve the hotlinking issue (do I have to put https in there as well)?

2. I still get 'warning; contains unauthenticated content' in firefox when going into the shoppingcart (switching from http to https)

3. If i change the functions/general.php as well from 'on' to '1', it won't switch to https, so perhaps it shouldn't be on '1' at all?

 

Thanks!

Share this post


Link to post
Share on other sites

×