MBScott Posted January 20, 2010 Share Posted January 20, 2010 I'm not sure why, but in checkout_shipping.php the button to continue goes to "checkout_payment.php" with no SSL! Everywhere it says: tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); it doesn't go to the https page. I have a good cert, the config file has the right url and ssl is enabled. I don't understand what I'm doing wrong here. Missy Link to comment Share on other sites More sharing options...
germ Posted January 20, 2010 Share Posted January 20, 2010 I'm not sure why, but in checkout_shipping.php the button to continue goes to "checkout_payment.php" with no SSL! Everywhere it says: tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); it doesn't go to the https page. I have a good cert, the config file has the right url and ssl is enabled. I don't understand what I'm doing wrong here. Missy Does the site switch to SSL for login and create account? :unsure: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
MBScott Posted January 20, 2010 Author Share Posted January 20, 2010 Does the site switch to SSL for login and create account? :unsure: Only because I went in and changed the url's by hand this morning, but before I did that, no. ??? Link to comment Share on other sites More sharing options...
MBScott Posted January 20, 2010 Author Share Posted January 20, 2010 Only because I went in and changed the url's by hand this morning, but before I did that, no. ??? I have gone through and undid the hard coding I had done this morning... I wanted to make sure the cert was installed and working,etc. Now that you bring it up, I see that it is never going to SSL at all, anywhere! Here's the top of my config file: define('HTTP_SERVER', 'https://sitename.com'); define('HTTPS_SERVER', 'https://sitename.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'sitename.com'); define('HTTPS_COOKIE_DOMAIN', 'sitename.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); Couldn't be that we haven't been using www could it? Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 20, 2010 Share Posted January 20, 2010 I am too having a problem with a similar that. Who is your server provider? Mine is through Network Solution. I just tried both www. and no www. and I still getting the warning pop up do you want to display the non secure images. I was told by Network Solution that they can't help me with this problem because of "We are sorry to hear that you are having issues with your website. However, we do not support the troubleshooting or insertion of custom code, or "Do It For Me" on your level of hosting package. Your error means you have non-encrypted content on the page, such as an image or a script. If you need help with fixing this, please contact a professional web developer. The server is properly serving secure (https) content." I am a professional web developer. I think they mean to say professional web programmer. I will hunt to see if I can find anything else and post it here.. https://www.mysitename.com/catalog/images/background.jpg works and is secure.. I guess I will try every images in that folder to see if they work securely.. then if they do then it is the coding.. Link to comment Share on other sites More sharing options...
germ Posted January 20, 2010 Share Posted January 20, 2010 Sometimes the code used to detect SSL in osC doesn't work. I have this contribution: SSL Help Download it, unzip it, then upload the file myenv.php to your catalog folder. Then access it WITH YOUR HTTPS URL like: https://www.yoursite.com/catalog/myenv.php It will output some text to your browser. Copy/paste that text into your next post. You MUST use your HTTPS URL or the info provided will be useless. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 21, 2010 Share Posted January 21, 2010 Well.. I just thought of one thing... -slaps forehead- Will continue to hunt.. for anyhting that is a DUH! Will post the file infomation after I fix this one thing.. Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 21, 2010 Share Posted January 21, 2010 myenv.php Version 1.2 SSL Variables HTTP HOST: [productionoffroad.com] Server Port: [80] SSL Status: [undefined!] Fowarded Server: [undefined!] Fowarded Host: [undefined!] Fowarded By: [undefined!] $_SERVER['HTTPS']: [undefined!] Warning!!! The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!! Load: 2 going to play with it a little.. the graphic I thought maybe throwing off was not.. Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 21, 2010 Share Posted January 21, 2010 myenv.php Version 1.2 SSL Variables HTTP HOST: [productionoffroad.com] Server Port: [80] SSL Status: [undefined!] Fowarded Server: [undefined!] Fowarded Host: [undefined!] Fowarded By: [undefined!] $_SERVER['HTTPS']: [undefined!] Warning!!! The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!! Load: 2 this is with // set the type of request (secure or not) $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; Still myenv.php Version 1.2 SSL Variables HTTP HOST: [productionoffroad.com] Server Port: [80] SSL Status: [undefined!] Fowarded Server: [undefined!] Fowarded Host: [undefined!] Fowarded By: [undefined!] $_SERVER['HTTPS']: [undefined!] Warning!!! The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!! Load: 2 With $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL'; cfgchk.php Version 1.2 File Permissions: 4444 Found HTTPS_SERVER: define('HTTPS_SERVER', 'https://productionoffroad.com'); HTTPS URL passed check! Found ENABLE_SSL. define('ENABLE_SSL', true); SSL enable passed check! Found HTTPS_COOKIE_DOMAIN: define('HTTPS_COOKIE_DOMAIN', 'productionoffroad.com'); HTTPS_COOKIE_DOMAIN line parsed! Parsing application_top.php for SSL detection key... Found SSL detection key: $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL'; Done! Link to comment Share on other sites More sharing options...
MBScott Posted January 21, 2010 Author Share Posted January 21, 2010 Mine says: myenv.php Version 1.2 NONSSL Variables HTTP HOST: [sitenamehereiscorrect.com] Server Port: [80] SSL Status: [undefined!] Fowarded Server: [undefined!] Fowarded Host: [undefined!] Fowarded By: [undefined!] $_SERVER['HTTPS']: [undefined!] Load: 1 and it opened a new empty window, in ssl. Thanks, Missy ps... that's a ridiculous bug to have for a shopping cart Link to comment Share on other sites More sharing options...
MBScott Posted January 21, 2010 Author Share Posted January 21, 2010 If I use https to access that, I get a blank page. Link to comment Share on other sites More sharing options...
germ Posted January 21, 2010 Share Posted January 21, 2010 Well that proves that the osC code doesn't recognize the cue from the server that SSL in on. I'll need both of you to upload the mybigenv.php to your catalog folder. I have one URL, but I'll need the other to help the other person. If you don't want to post it PM it to me. But I can't help without it. Let me know when the file is uploaded. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
germ Posted January 21, 2010 Share Posted January 21, 2010 Jasmine, you need to read this post The last link in that post is how you'll need to do it. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 21, 2010 Share Posted January 21, 2010 Jim, I was reading that post and rying all those things.. checking things out. cookies are set at false. Those files are all upload. I can see all my images thorugh https://www and without www. I have tried all three SSL variable.. Look at the bottom left hand corner at the footer. That the one graphic I thought would not show, but that was my oops duh ya it would. all my base href is http not https. Network Solution stated all my files are in a secure directory. But re reading the post this morning to see if I forgot something.. I always upload my local working file to my server after a change something to see if it works.. If not then I change back to the orginal and try something else. You know how coding is you can't sit there for hours trying to debug somthing without a break.. Do you need anything else? P.S. I have seen the Enable _SSL Stated both ways. 'true' and true. which is it? atm I have without ' ' going to change that and see if that works. Okie talk about weird.. I just do things to test theories out.. but.. I decided to delete the spider.txt and the page loaded... in https but lol there is always a BUT.. Warning: file(includes/spiders.txt) [function.file]: failed to open stream: No such file or directory in /data/9/1/25/101/1351101/user/1448701/htdocs/catalog/includes/application_top.php on line 177 Fatal error: Call to a member function add_current_page() on a non-object in /data/9/1/25/101/1351101/user/1448701/htdocs/catalog/includes/application_top.php on line 312 A Hunting I will go.. Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 21, 2010 Share Posted January 21, 2010 Okie, I decided to see what is in my .htaccess. :-" I need to locate my apache book.. or school work.. AND... :'( # $Id: .htaccess 1739 2007-12-20 00:52:16Z hpdl $ # # This is used with Apache WebServers # The following blocks direct HTTP requests in this directory recursively # # For this to work, you must include the parameter 'Limit' to the AllowOverride configuration # # Example: # #<Directory "/usr/local/apache/htdocs"> # AllowOverride Limit # # 'All' with also work. (This configuration is in your apache/conf/httpd.conf file) # # This does not affect PHP include/require functions # # Example: http://server/catalog/includes/application_top.php will not work <Files *.php> Order Deny,Allow Deny from all </Files> This means.. ? -hunts- Link to comment Share on other sites More sharing options...
germ Posted January 21, 2010 Share Posted January 21, 2010 Jasmine, you're on a server where no PHP variables change when SSL is active. Follow the link in my last post. It's your only hope, Obi Wan Kenobi... :) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
MBScott Posted January 21, 2010 Author Share Posted January 21, 2010 Jasmine, you're on a server where no PHP variables change when SSL is active. Follow the link in my last post. It's your only hope, Obi Wan Kenobi... :) Link is: http://youstuffitboxes.com I'm sorry I didn't post it before, but the client is skittish and I didn't really know if it was allowed! I really appreciate your help! Missy Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 21, 2010 Share Posted January 21, 2010 Jasmine, you're on a server where no PHP variables change when SSL is active. Follow the link in my last post. It's your only hope, Obi Wan Kenobi... :) LOL.. Question it has been about 3+ years since I did the whole server thing. What is the difference from the admin tool in oscommerce for your server info than the other file? Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 21, 2010 Share Posted January 21, 2010 LOL.. Question it has been about 3+ years since I did the whole server thing. What is the difference from the admin tool in oscommerce for your server info than the other file? again another duh.. I see now that it is turned off and my cookie session if too. Emailed the hosting provider let you know in 24 hours the end result. Thanks for your help. :lol: Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 23, 2010 Share Posted January 23, 2010 okie finally gotten an email back from them.. I apologize for the issue you've had with your hosting. Our SSL proxy doesn't allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds. The only ways around this is to (1) assume the connection is secure by making all the links to the sensitive pages https, or (2) use a client-side program (like javascript) to detect if it's secure and redirect if it's not. The coding below will do just that. Just modify it to redirect to the correct secure domain and add it into the HTML of any sensitive pages. <script language="javascript"> if (document.location.protocol != "https:") { document.location.href = "https://secure.domain.com" + document.location.pathname; }; </script> Link to comment Share on other sites More sharing options...
germ Posted January 23, 2010 Share Posted January 23, 2010 okie finally gotten an email back from them.. I apologize for the issue you've had with your hosting. Our SSL proxy doesn't allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds. The only ways around this is to (1) assume the connection is secure by making all the links to the sensitive pages https, or (2) use a client-side program (like javascript) to detect if it's secure and redirect if it's not. The coding below will do just that. Just modify it to redirect to the correct secure domain and add it into the HTML of any sensitive pages. <script language="javascript"> if (document.location.protocol != "https:") { document.location.href = "https://secure.domain.com" + document.location.pathname; }; </script> That won't work with osC. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 23, 2010 Share Posted January 23, 2010 That won't work with osC. I thought so and I told them that it is PHP I am working with not HTML. Can I just shoot them? So, another 24 hours later I may get a respond. Any other ideas? Link to comment Share on other sites More sharing options...
germ Posted January 23, 2010 Share Posted January 23, 2010 I thought so and I told them that it is PHP I am working with not HTML. Can I just shoot them? So, another 24 hours later I may get a respond. Any other ideas? But Jasmine, I gave you a link to a way to do it several posts ago... :blush: Click me If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
jazzyrosez Posted January 23, 2010 Share Posted January 23, 2010 But Jasmine, I gave you a link to a way to do it several posts ago... :blush: Click me Ya about to the coding on that one. just in case.. I was wondering if there where any others.. XD You don't know how bad my luck can be at times.. :sweating: Link to comment Share on other sites More sharing options...
germ Posted January 23, 2010 Share Posted January 23, 2010 Ya about to the coding on that one. just in case.. I was wondering if there where any others.. XD You don't know how bad my luck can be at times.. :sweating: If there are no PHP variables that change when SSL is active you have no other choice other than move to a host where that does happen. :) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.