SSL Implementation Help

[germ 233]

In the file change this code:

 

if ( $HTTP_GET_VARS['site'] ) {
 $site = preg_replace("/[^ {}a-zA-Z0-9_.-\/:]/i", "", $HTTP_GET_VARS['site']);

To:

 

if ( $HTTP_GET_VARS['site'] ) {
 $site = preg_replace("/[^ {}a-zA-Z0-9_.\/:-]/i", "", $HTTP_GET_VARS['site']);

I will fix that bug next time I upload the contribution.

[janhworman 0]

In the file change this code:

 

if ( $HTTP_GET_VARS['site'] ) {
 $site = preg_replace("/[^ {}a-zA-Z0-9_.-\/:]/i", "", $HTTP_GET_VARS['site']);

To:

 

if ( $HTTP_GET_VARS['site'] ) {
 $site = preg_replace("/[^ {}a-zA-Z0-9_.\/:-]/i", "", $HTTP_GET_VARS['site']);

I will fix that bug next time I upload the contribution.

 

 

I have had the same problem showing an error attempting top open a file when using the coded file unsecure.php that you included in your download.

 

I have tried the change you listed above, but it still doesn't show any issues.

 

I can get the site to load fine now on the index.php site based on your previous postings, but now, when I click on any other link it converts to a non-secure site link.

 

my site is https://www.ministryresourcecentral.com/c4c...talog/index.php

 

I still have the files installed in the catalog folder from your SSL help file.

 

I would appreciate any advice as I am needing to get this corrected ASAP - I need to go live this week!

 

Thank you very much!

[germ 233]

when I click on any other link it converts to a non-secure site link.

It's supposed to work like that.

 

I can find nothing "unsecure" or wrong with the way your SSL is working.

[iyah 1]

I have been trying for weeks to get my SSL working correctly. Both internet explorer and firefox are scaring away my customers. IE gives a warning about unsecured and secured contents and firefox shows an (!) over the lock.

 

Here is what I get when I run the unsecure.php :

unsecure.php Version 1.1

 

Site not specified!

 

 

Here is MY URL

 

Thanks

[germ 233]

Correct implementation of the contribution: click me

[iyah 1]

I have been trying for weeks to get my SSL working correctly. Both internet explorer and firefox are scaring away my customers. IE gives a warning about unsecured and secured contents and firefox shows an (!) over the lock.

 

Here is what I get when I run the unsecure.php :

unsecure.php Version 1.1

 

Site not specified!

 

 

Here is MY URL

 

Thanks

 

Forgot to mention that I tried all the changes mentioned in application top.php but willing to try them again.

I also just noticed that the (!) in firefox seems to be gone but IE still showing that annoying message. How can I get rid of that message?

[germ 233]

Remove the http links to images and/or scripts.

[iyah 1]

Remove the http links to images and/or scripts.

 

What do you mean? For example should I make changes on the slider on my header? If so what should I change in:

 

leftrightslide[0]='<a href="http://mydomain/folder//catalog/product_info.php?cPath=28&products_id=49"><img src="http://mysite/folder//catalog/images/pouch.gif" border=0 width="75" height="75"></a>'

[germ 233]

These links:

 

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/Money_order.jpg" border="0"></a><br><br> 

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/cheque.gif" border="0"></a><br><br> 

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/western union.gif" border="0"></a>

Should be:

 

<a href="#"><img src="images/Money_order.jpg" border="0"></a><br><br> 

<a href="#"><img src="images/cheque.gif" border="0"></a><br><br> 

<a href="#"><img src="images/western union.gif" border="0"></a>

And the image part of the links in the slideshow should be like this:

 

<img src="images/pouch.gif" border=0 width="75" height="75">

(No http reference)

 

And in the stylesheet:

 

background-image: url('http://iyahroots.com/rasta-products//catalog/images/logo1.jpg');

Needs to be:

 

background-image: url('images/logo1.jpg');

[iyah 1]

These links:

 

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/Money_order.jpg" border="0"></a><br><br> 

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/cheque.gif" border="0"></a><br><br> 

<a href="#"><img src="http://www.iyahroots.com/rasta-products/catalog/images/western union.gif" border="0"></a>

Should be:

 

<a href="#"><img src="images/Money_order.jpg" border="0"></a><br><br> 

<a href="#"><img src="images/cheque.gif" border="0"></a><br><br> 

<a href="#"><img src="images/western union.gif" border="0"></a>

And the image part of the links in the slideshow should be like this:

 

<img src="images/pouch.gif" border=0 width="75" height="75">

(No http reference)

 

And in the stylesheet:

 

background-image: url('http://iyahroots.com/rasta-products//catalog/images/logo1.jpg');

Needs to be:

 

background-image: url('images/logo1.jpg');

 

 

Thanks so much. There is a problem I think with relative paths. I am using Netfirms as my host and I have always noticed that relative paths do not work.

[germ 233]

1. Change hosts

 

2. Remove the "unsecure" items.

 

3. Put up with the problem.

 

:huh:

[iyah 1]

1. Change hosts

 

2. Remove the "unsecure" items.

 

3. Put up with the problem.

 

:huh:

 

 

YOU ARE RIGHT!!

 

I need to change host. Thanks for all the help at least I will get it fixed now.

[germ 233]

If you're talking about "relative links" within a page this thread may shed some light on that.

 

And the whole osC concept is based on "relative links" when pertaining to images.

 

If you look at the HTML source, in the <head> section you'll see something like:

 

<base href="http://yoursite.com/catalog/">

Then look at an image link:

 

<img src="images/oscommerce.gif" width="204" height="50" border="0" alt=" osCommerce " title=" osCommerce ">

So the browser takes the:

 

<base href="http://yoursite.com/catalog/">

And adds that to the image link and knows to find the image at:

 

<img src="http://yoursite.com/catalog/images/oscommerce.gif" width="204" height="50" border="0" alt=" osCommerce " title=" osCommerce ">

So when you implement SSL, the only part of the page that changes to make the images "secure" is the <base href>

[iyah 1]

Thanks so much. There is a problem I think with relative paths. I am using Netfirms as my host and I have always noticed that relative paths do not work.

 

This may help someone else using netfirms. Found the fix on Netfirms's support page HERE.

[lordofcb 0]

If you're talking about "relative links" within a page this thread may shed some light on that....

 

You seem to know your SSL, well I know NOTHING about how it is supposed to work. But anyways, I purchased a Comodo SSL certificate through my hosting company for my oscommerce after a sales rep suggested it. I have been reading what you have written and the part about the external references (like my banners and such) make sense. But i need to know if what they have done makes any sense at all... I hope I can explain this clearly..

I have a domain xyz.com where they installed this SSL product.. they did it today and adjusted my configure.php file for me. So, i went to my catalog, and banners not displaying etc.. but even worse, when I try to sign in as a user, or create a new user, nothing will work... also, there are many more problems that suddenly popped up..

I also have a new version of oscommerce i put into xyz.com/oscommercenew/catalog, as soon as they installed the SSL i lost all access to it, getting 400 or 500 internal error messages.. then next, even more trouble..

i have loads of other webpages on the same domain, like xyz/folder1/xxx.html, xyz/folder2/aaa.html etc etc... and now when i browse to any of them everything is going off the https://xyz.com domain, and all sorts of stuff in all those other programs isn't working right.

My question is I guess.. is them installing an SSL product on my domain suppose to effect every single thing like that???

I didn't think my entire domain would default to https: pages

[germ 233]

My question is I guess.. is them installing an SSL product on my domain suppose to effect every single thing like that???

No.

[lordofcb 0]

No.

I thought so, it sure doesn't seem right to me. I did a bit more investigating and notice what they have done.. they have put a file folder in my root called ssl.conf, inside that folder are 3 certificate type files. Then, for some reason unknown to me, they have added a 3rd level domain under my domain called cx9.xwebshoting.com, now every page i attempt to browse too has the following happen to it...

If i enter into browser http:\\xyz.com\homepage.html it converts it to https:\\xyz.com.cx9.xwebhosting.com\homepage.html then it reports certificate erro and continuing to the page goes to an internal 500 error.

[scdesigns 0]

I'm having SSL issues, my stylesheet and images are being blocked in IE.

 

I changed the path to my stylesheet in login.php to a https:// link to test it and it works, but my images are still blocked.

 

I've uploaded your contribution but can't seem to get the unsecure.php to work.

 

Your files are here.

 

Any help would be great, i've been scratching my head for most of the afternoon.

 

Cheers,

Dave

[germ 233]

Bad news.

:(

 

You're on one of those servers where nothing changes in the "environment" that is visible to PHP.

 

osC relies on being able to detect when SSL is active by checking some server variable that has a different value (or doesn't exist) when SSL is active.

 

The server you are on has no such variable.

 

You could put is a support ticket and ask them why and if they could arrange something for you. If you look at this page $SERVER['HTTPS'] is "standard

PHP but they have that turned off or unavailale on your server.

 

You could try this. If you try that be aware that it may not work all the time if you actually manually tyoe in a https url to the store. But it should work fine if all you do is click links on the pages.

[scdesigns 0]

That works perfectly. I know it's not ideal, but it gets me out of trouble while i hassle the crap out of this horrible hosting company.

 

You're a legend, thank you so much for your help!

[sweetpatoodies 0]

Hi,

I'm trying to use the ssl implementation contribution to track down a problem with my HTTPS pages showing secure and unsecure images when accessed using IE8 and Vista. I've installed the contribution, but am getting this error message when I try to use the unsecure.php file (I'm probably missing some simple point).

 

Forbidden

You don't have permission to access /store_tole_decorative_painting/unsecure.php on this server.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/1.3.41 Server at www.decorativepaintingstore.com Port 443

 

Any idea what I'm doing wrong?

Sharon

[germ 233]

The store isn't recognizing the cue from the server hat SSL is on or the config file(s) are wrong.

 

Read the first post in this thread closely.

 

It has things for you to CHECK and TRY.

 

My answer has nothing to do with your question (sorry about that :blush: ) but EVERYTHING to do with your SSL problem.

[sweetpatoodies 0]

Yes, I've read the first post. I sure my configure file is ok. I've had tech support at my host company check and they say the configure file is perfect. What I'm thinking it might be is the application-top.php file. My file has this line in it:

 

// set the type of request (secure or not)

$request_type = (stristr(getenv('HTTP_X_FORWARDED_HOST'), "https://www.decorativepaintingstore.com")) ? 'SSL' : 'NONSSL';

 

The part that is different than what you've said it should be is the "(stristr)" I've tried removing this and changing it to the statement you have listed, but then I get other error messages.

[germ 233]

Use this code:

 

// set the type of request (secure or not)
 $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

[sweetpatoodies 0]

Use this code:

 

// set the type of request (secure or not)
 $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

 

******

I just tried that before you replied, but when I use the login.php page, enter a name and password, then click continue, it just loops back to itself and won't let me log in as a customer.