Jump to content

Archived

This topic is now archived and is closed to further replies.

germ

SSL Implementation Help

Recommended Posts

Download my contribution for this (link in second post in this thread I believe), unzip it, then upload the files to your root folder of your site.

 

Then post again so I can access them and see what's what.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

In /includes/application_top.php replace this line:

 

  $request_type = ($_SERVER['HTTPS'] == '1') ? 'SSL' : 'NONSSL';

With this line:

 

  $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

After you make this change it should work.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Do you have any suggestions as to why I am still getting that error? Thanks!

You haven't made the modification suggested in my last post.

 

I can only suggest - I can't do it for you.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Jim, sorry! I thought you meant that for someone else. I changed it and am no longer getting the error! I am so gracious for your help! Thank you so very much!

Share this post


Link to post
Share on other sites

I have had my site ssl modified and it no longer allows the <UL> indent in my text for the description of the article no longer works.

Any ideas.

Share this post


Link to post
Share on other sites

I have had my site ssl modified and it no longer allows the <UL> indent in my text for the description of the article no longer works.

Any ideas.

You're barking up the wrong tree for the solution.

 

IMHO.

 

As far as I no, there is no way to "disallow" things like that on the SSL side.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

it turns out that i had a couple redirects in my .htaccess file that were interferring, and i had hotlink protection enabled on my server. i disabled the hotlink, edited down the .htaccess file, and everything is smooth. so it seems like the hotlink protection somehow interferred with the https images from loading. i'm not really that concerned about the hotlinking, i was being over-cautious, so as of right now, nothing is broken, therefor i will not try to fix it.

 

thanks for the help, these forums are awesome.

Share this post


Link to post
Share on other sites

What a great post...."hotlink protection enabled on my server" solved the issue I was having after altering the said script at the start of this thread. Couldn't work out why it wasn't working. Something so "simple" can cause a headache lol. Nice one cheers.

Share this post


Link to post
Share on other sites

My turn. I have read every post in this thread and I still get the warning in Firefox "Warning: Contains unauthenticated content". I checked everything in the first post. I have uploaded the files from the contribution. I have tried all 5 suggestions for "$request_type". None of them worked.

 

$request_type = (getenv('HTTPS') == 'true') ? 'SSL' : 'NONSSL';

// $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

// $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

// $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

// $request_type = ($_SERVER['HTTP_HOST'] == '4397a94b.servage-customer.net') ? 'SSL' : 'NONSSL';

 

My host is Servage. I am trying to use a shared SSL. Servage says that a shared SSL is not sufficient for OSCommerce. I wonder about that because they directed me to buy one that they sell.

 

My test URL is www.squidbutt.net

 

Thanks for any help.

 

Spence

Share this post


Link to post
Share on other sites

My turn. I have read every post in this thread and I still get the warning in Firefox "Warning: Contains unauthenticated content". I checked everything in the first post. I have uploaded the files from the contribution. I have tried all 5 suggestions for "$request_type". None of them worked.

 

$request_type = (getenv('HTTPS') == 'true') ? 'SSL' : 'NONSSL';

// $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

// $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

// $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

// $request_type = ($_SERVER['HTTP_HOST'] == '4397a94b.servage-customer.net') ? 'SSL' : 'NONSSL';

 

My host is Servage. I am trying to use a shared SSL. Servage says that a shared SSL is not sufficient for OSCommerce. I wonder about that because they directed me to buy one that they sell.

 

My test URL is www.squidbutt.net

 

Thanks for any help.

 

Spence

When I type the domain name you gave into my browser address bar it tells me it can't be found.

:blush:


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Oops. It should be www.squidbutt.info Sorry. :-"

Try this:

 

  $request_type = (getenv('HTTP_X_FORWARDED_SERVER') == '16cf69a6.servage-customer.net') ? 'SSL' : 'NONSSL';


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Try this:

 

  $request_type = (getenv('HTTP_X_FORWARDED_SERVER') == '16cf69a6.servage-customer.net') ? 'SSL' : 'NONSSL';

Sweet! It works perfectly in Firefox now. I spent 3 days reading and trying stuff. Thank you so much!

 

But...IE reports "This page contains both secure and non-secure items...", so I will work on that. It seems that one of your diag files should show unsecure items (like Sitemeter?).

Share this post


Link to post
Share on other sites

Sweet! It works perfectly in Firefox now. I spent 3 days reading and trying stuff. Thank you so much!

 

But...IE reports "This page contains both secure and non-secure items...", so I will work on that. It seems that one of your diag files should show unsecure items (like Sitemeter?).

You can't load scripts or images from HTTP sources on HTTPS pages.

 

One way to keep them off secure pages goes like this:

 

<?php
 if ( $request_type != 'SSL' ) {
?>

******** DELETE THIS LINE AND PUT THE NONSECURE CODE HERE ********

<?php
 }
?>


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Sweet! It works perfectly in Firefox now. I spent 3 days reading and trying stuff. Thank you so much!

 

But...IE reports "This page contains both secure and non-secure items...", so I will work on that. It seems that one of your diag files should show unsecure items (like Sitemeter?).

 

It turns out that Sitemeter was the only unsecure item (thanks to Germ's "unsecure.php"). I found that taking off the "http://" on the Sitemeter javascript call, it would actually work and Sitemeter recorded my visits. I still couldn't get the graphic to show up. Short version: Sitemeter is a whole other topic. Removing it altogether works for this thread.

 

While messing with it, it dawned on me that I don't need Sitemeter on any secure page, so instead of putting it into footer.php, I hard-coded it at the bottom of index.php between

 

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

 

<table>

<tr>

<td>

Sitemeter code here

</td>

</tr>

</table>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

and everybody is happy. Note: the graphic may not display, but that's more work than I need for this project.

 

Thanks, Germ, you are a real asset here!

Share this post


Link to post
Share on other sites

You can't load scripts or images from HTTP sources on HTTPS pages.

 

One way to keep them off secure pages goes like this:

 

<?php
 if ( $request_type != 'SSL' ) {
?>

******** DELETE THIS LINE AND PUT THE NONSECURE CODE HERE ********

<?php
 }
?>

 

LOL Much more elegant than my solution! Thanks!

Share this post


Link to post
Share on other sites

hello

 

i am also getting the unauthenticatet content in firefox.

i have tried each of the following with no luck

 

// $request_type = (getenv('HTTPS') == 'true') ? 'SSL' : 'NONSSL';

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

// $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

// $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

 

any suggestions?

 

PS I also got the addon on second post added domain: kopela.co.uk

Share this post


Link to post
Share on other sites

 $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

That will work if you do it correctly.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

are there any other suggestions?

I think the problem is being caused by my jquery banner.... not sure though....

I don't see a problem (using IE8).


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

thanks for your help. ive managed to sort all that out now.

however, i am having trouble getting admin to work under ssl. It wont redirect to https for some reason. I have made all the changes needed in config files but no luck....

Share this post


Link to post
Share on other sites

In the includes FOLDER (catalog and admin) where the normal configure.php files are there is a FOLDER named local

 

On some installs there may be a configure.php inside the local FOLDER (catalog and admin)

 

If there is, anything in it overrides anything in the normal configure.php files.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

×