Jump to content

Archived

This topic is now archived and is closed to further replies.

MBScott

ssl links

Recommended Posts

I'm not sure why,

 

but in checkout_shipping.php the button to continue goes to "checkout_payment.php" with no SSL!

 

Everywhere it says:

 

      tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));

 

it doesn't go to the https page.

 

I have a good cert, the config file has the right url and ssl is enabled. I don't understand what I'm doing wrong here.

 

 

Missy

Share this post


Link to post
Share on other sites

I'm not sure why,

 

but in checkout_shipping.php the button to continue goes to "checkout_payment.php" with no SSL!

 

Everywhere it says:

 

      tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));

 

it doesn't go to the https page.

 

I have a good cert, the config file has the right url and ssl is enabled. I don't understand what I'm doing wrong here.

 

 

Missy

Does the site switch to SSL for login and create account?

:unsure:


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Does the site switch to SSL for login and create account?

:unsure:

 

Only because I went in and changed the url's by hand this morning, but before I did that, no.

 

???

Share this post


Link to post
Share on other sites

Only because I went in and changed the url's by hand this morning, but before I did that, no.

 

???

 

 

I have gone through and undid the hard coding I had done this morning... I wanted to make sure the cert was installed and working,etc. Now that you bring it up, I see that it is never going to SSL at all, anywhere!

 

Here's the top of my config file:

 

 define('HTTP_SERVER', 'https://sitename.com');
 define('HTTPS_SERVER', 'https://sitename.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'sitename.com');
 define('HTTPS_COOKIE_DOMAIN', 'sitename.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

Couldn't be that we haven't been using www could it?

Share this post


Link to post
Share on other sites

I am too having a problem with a similar that. Who is your server provider? Mine is through Network Solution. I just tried both www. and no www. and I still getting the warning pop up do you want to display the non secure images. I was told by Network Solution that they can't help me with this problem because of

"We are sorry to hear that you are having issues with your website. However, we do not support the troubleshooting or insertion of custom code, or "Do It For Me" on your level of hosting package. Your error means you have non-encrypted content on the page, such as an image or a script. If you need help with fixing this, please contact a professional web developer. The server is properly serving secure (https) content."

 

I am a professional web developer. I think they mean to say professional web programmer. I will hunt to see if I can find anything else and post it here..

https://www.mysitename.com/catalog/images/background.jpg works and is secure.. I guess I will try every images in that folder to see if they work securely.. then if they do then it is the coding..

Share this post


Link to post
Share on other sites

Sometimes the code used to detect SSL in osC doesn't work.

 

I have this contribution:

 

SSL Help

 

Download it, unzip it, then upload the file myenv.php to your catalog folder.

 

Then access it WITH YOUR HTTPS URL like:

 

https://www.yoursite.com/catalog/myenv.php

 

It will output some text to your browser.

 

Copy/paste that text into your next post.

 

You MUST use your HTTPS URL or the info provided will be useless.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Well.. I just thought of one thing... -slaps forehead-

Will continue to hunt.. for anyhting that is a DUH! Will post the file infomation after I fix this one thing..

Share this post


Link to post
Share on other sites

myenv.php Version 1.2

 

SSL Variables

 

HTTP HOST: [productionoffroad.com]

 

Server Port: [80]

 

SSL Status: [undefined!]

 

Fowarded Server: [undefined!]

 

Fowarded Host: [undefined!]

 

Fowarded By: [undefined!]

 

$_SERVER['HTTPS']: [undefined!]

 

Warning!!!

 

The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!!

Load: 2

 

going to play with it a little.. the graphic I thought maybe throwing off was not..

Share this post


Link to post
Share on other sites

myenv.php Version 1.2

 

SSL Variables

 

HTTP HOST: [productionoffroad.com]

 

Server Port: [80]

 

SSL Status: [undefined!]

 

Fowarded Server: [undefined!]

 

Fowarded Host: [undefined!]

 

Fowarded By: [undefined!]

 

$_SERVER['HTTPS']: [undefined!]

 

Warning!!!

 

The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!!

Load: 2

this is with

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

Still

myenv.php Version 1.2

 

SSL Variables

 

HTTP HOST: [productionoffroad.com]

 

Server Port: [80]

 

SSL Status: [undefined!]

 

Fowarded Server: [undefined!]

 

Fowarded Host: [undefined!]

 

Fowarded By: [undefined!]

 

$_SERVER['HTTPS']: [undefined!]

 

Warning!!!

 

The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!!

Load: 2

With $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

cfgchk.php Version 1.2

 

File Permissions: 4444

 

Found HTTPS_SERVER:

 

define('HTTPS_SERVER', 'https://productionoffroad.com');

 

HTTPS URL passed check!

 

Found ENABLE_SSL.

 

define('ENABLE_SSL', true);

 

SSL enable passed check!

 

Found HTTPS_COOKIE_DOMAIN:

 

define('HTTPS_COOKIE_DOMAIN', 'productionoffroad.com');

 

HTTPS_COOKIE_DOMAIN line parsed!

 

 

 

Parsing application_top.php for SSL detection key...

 

Found SSL detection key:

 

$request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

 

 

 

Done!

Share this post


Link to post
Share on other sites

Mine says:

 

myenv.php Version 1.2

NONSSL Variables

HTTP HOST: [sitenamehereiscorrect.com]

Server Port: [80]

SSL Status: [undefined!]

Fowarded Server: [undefined!]

Fowarded Host: [undefined!]

Fowarded By: [undefined!]

$_SERVER['HTTPS']: [undefined!]

Load: 1

 

and it opened a new empty window, in ssl.

 

Thanks,

 

Missy

 

ps... that's a ridiculous bug to have for a shopping cart

Share this post


Link to post
Share on other sites

Well that proves that the osC code doesn't recognize the cue from the server that SSL in on.

 

I'll need both of you to upload the mybigenv.php to your catalog folder. I have one URL, but I'll need the other to help the other person. If you don't want to post it PM it to me. But I can't help without it.

 

Let me know when the file is uploaded.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Jasmine, you need to read this post

 

The last link in that post is how you'll need to do it.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Jim,

I was reading that post and rying all those things.. checking things out. cookies are set at false. Those files are all upload. I can see all my images thorugh https://www and without www. I have tried all three SSL variable.. Look at the bottom left hand corner at the footer. That the one graphic I thought would not show, but that was my oops duh ya it would. all my base href is http not https. Network Solution stated all my files are in a secure directory. But re reading the post this morning to see if I forgot something.. I always upload my local working file to my server after a change something to see if it works.. If not then I change back to the orginal and try something else. You know how coding is you can't sit there for hours trying to debug somthing without a break.. Do you need anything else?

 

P.S. I have seen the Enable _SSL Stated both ways. 'true' and true. which is it? atm I have without ' ' going to change that and see if that works.

 

 

Okie talk about weird.. I just do things to test theories out.. but.. I decided to delete the spider.txt and the page loaded... in https but lol there is always a BUT..

Warning: file(includes/spiders.txt) [function.file]: failed to open stream: No such file or directory in /data/9/1/25/101/1351101/user/1448701/htdocs/catalog/includes/application_top.php on line 177

 

Fatal error: Call to a member function add_current_page() on a non-object in /data/9/1/25/101/1351101/user/1448701/htdocs/catalog/includes/application_top.php on line 312

 

A Hunting I will go..

Share this post


Link to post
Share on other sites

Okie, I decided to see what is in my .htaccess. :-" I need to locate my apache book.. or school work..

 

AND... :'(

# $Id: .htaccess 1739 2007-12-20 00:52:16Z hpdl $

#

# This is used with Apache WebServers

# The following blocks direct HTTP requests in this directory recursively

#

# For this to work, you must include the parameter 'Limit' to the AllowOverride configuration

#

# Example:

#

#<Directory "/usr/local/apache/htdocs">

# AllowOverride Limit

#

# 'All' with also work. (This configuration is in your apache/conf/httpd.conf file)

#

# This does not affect PHP include/require functions

#

# Example: http://server/catalog/includes/application_top.php will not work

 

<Files *.php>

Order Deny,Allow

Deny from all

</Files>

 

This means.. ? -hunts-

Share this post


Link to post
Share on other sites

Jasmine, you're on a server where no PHP variables change when SSL is active.

 

Follow the link in my last post.

 

It's your only hope, Obi Wan Kenobi...

:)


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Jasmine, you're on a server where no PHP variables change when SSL is active.

 

Follow the link in my last post.

 

It's your only hope, Obi Wan Kenobi...

:)

 

 

Link is:

 

http://youstuffitboxes.com

 

I'm sorry I didn't post it before, but the client is skittish and I didn't really know if it was allowed!

 

I really appreciate your help!

 

Missy

Share this post


Link to post
Share on other sites

Jasmine, you're on a server where no PHP variables change when SSL is active.

 

Follow the link in my last post.

 

It's your only hope, Obi Wan Kenobi...

:)

 

LOL.. Question it has been about 3+ years since I did the whole server thing. What is the difference from the admin tool in oscommerce for your server info than the other file?

Share this post


Link to post
Share on other sites

LOL.. Question it has been about 3+ years since I did the whole server thing. What is the difference from the admin tool in oscommerce for your server info than the other file?

again another duh.. I see now that it is turned off and my cookie session if too. Emailed the hosting provider let you know in 24 hours the end result. Thanks for your help. :lol:

Share this post


Link to post
Share on other sites

okie finally gotten an email back from them..

 

I apologize for the issue you've had with your hosting. Our SSL proxy doesn't allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds.

 

The only ways around this is to (1) assume the connection is secure by making all the links to the sensitive pages https, or

(2) use a client-side program (like javascript) to detect if it's secure and redirect if it's not. The coding below will do just that. Just modify it to redirect to the correct secure domain and add it into the HTML of any sensitive pages.

 

<script language="javascript">

if (document.location.protocol != "https:")

{

document.location.href = "https://secure.domain.com" + document.location.pathname;

};

</script>

Share this post


Link to post
Share on other sites

okie finally gotten an email back from them..

 

I apologize for the issue you've had with your hosting. Our SSL proxy doesn't allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds.

 

The only ways around this is to (1) assume the connection is secure by making all the links to the sensitive pages https, or

(2) use a client-side program (like javascript) to detect if it's secure and redirect if it's not. The coding below will do just that. Just modify it to redirect to the correct secure domain and add it into the HTML of any sensitive pages.

 

<script language="javascript">

if (document.location.protocol != "https:")

{

document.location.href = "https://secure.domain.com" + document.location.pathname;

};

</script>

That won't work with osC.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

That won't work with osC.

I thought so and I told them that it is PHP I am working with not HTML. Can I just shoot them? So, another 24 hours later I may get a respond. Any other ideas?

Share this post


Link to post
Share on other sites

I thought so and I told them that it is PHP I am working with not HTML. Can I just shoot them? So, another 24 hours later I may get a respond. Any other ideas?

But Jasmine, I gave you a link to a way to do it several posts ago...

:blush:

 

Click me


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

But Jasmine, I gave you a link to a way to do it several posts ago...

:blush:

 

Click me

Ya about to the coding on that one. just in case.. I was wondering if there where any others.. XD You don't know how bad my luck can be at times.. :sweating:

Share this post


Link to post
Share on other sites

Ya about to the coding on that one. just in case.. I was wondering if there where any others.. XD You don't know how bad my luck can be at times.. :sweating:

If there are no PHP variables that change when SSL is active you have no other choice other than move to a host where that does happen.

:)


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

×