Jump to content

Archived

This topic is now archived and is closed to further replies.

mid9tblue

SSL not loading on login.php and create_account.php

Recommended Posts

Hi all,

I have just installed SSL on my site by my host, and i altered the configure files both in admin and catalog as shown in this thread:

 

How to install SSL on OSC: A Simple 1-2-3 Instruction

 

I also checked the installation with this addon:

 

SSL Help

 

It seems working, and my site front loads fine with the lock if i input https

BUT as i test around, i found that some pages do not auto load with the lock thing, pages like create_account.php, login.php, contact_us.php.

the pages auto load with the lock is checkout_process.php and other linked php in account.php

is there a manual way to add pages into default encrypted pages? something i can alter within osc or something i have to ask my host to do?

it's weird that create_account.php and login.php do not auto load with https in the first place, but i did notice that they do load https if redirected by another page within the site or if the pw input is incorrect.

however if i type directly in my browser address bar: http://mysite.com/login.php, the https doesn't happen, same with create_account.php

Please help, I believed i did everything correct, but this puzzles me :(

Share this post


Link to post
Share on other sites

You need to be sure the PHP link code to the pages contain the SSL parameter (example below)

 

tep_href_link(FILENAME_ACCOUNT, '', 'SSL')


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

For my site, the pages that definitely need to be secured are create_account.php, account.php, contact_us.php, quote.php, login.php, i'm not sure about logoff.php

I'm new to ssl, and i'm trying to understand how it works.

from what u suggested, i assume if the link source code have not set to load the ssl, then the page that directed from that link will not be secured?

so it's not the pages themselves being set to be secured rather the directing links that's telling browsers to secure which page?

I found the codes that associate of these links that are not loading the locks, but it's a bit different since they dont refer to filename and just point to the php files directly, here they are:

 

<table cellpadding="0" cellspacing="0" border="0">
						<tr><td align="center"><span><a href="<?php echo tep_href_link('contact_us.php')?>"><?php echo BOX_INFORMATION_CONTACT?></a>   |   <a href="<?php echo tep_href_link('advanced_search.php')?>"><?php echo BOX_SEARCH_ADVANCED_SEARCH?></a>   |   <a href="<?php echo tep_href_link('reviews.php')?>"><?php echo BOX_HEADING_REVIEWS?></a>   |   <? if (tep_session_is_registered('customer_id')) { 
?><a href="<?php echo tep_href_link('account.php')?>"><?php echo HEADER_TITLE_MY_ACCOUNT?></a><? } else 
{ ?><a href="<?php echo tep_href_link('create_account.php')?>"><?php echo HEADER_TITLE_CREATE_ACCOUNT?></a><? } 
?>   |   <? if (tep_session_is_registered('customer_id')) { 
?><a href="<?php echo tep_href_link('logoff.php')?>"><?php echo HEADER_TITLE_LOGOFF?></a><? } else 
{ ?><a href="<?php echo tep_href_link('login.php')?>"><?php echo HEADER_TITLE_LOGIN?></a><? } 
?></span></td></tr>
					</table>
			</td></tr>
		</table>

 

<?php if (tep_session_is_registered('customer_id')) { 

 $acc_link = tep_href_link('account.php');
 $acc_title= HEADER_TITLE_MY_ACCOUNT;
} else{ 
 $acc_link = tep_href_link('create_account.php');
 $acc_title= HEADER_TITLE_CREATE_ACCOUNT;
} 
?>                        
				<td <?php echo $item_menu_04;?> onClick="document.location='<?php echo $acc_link;?>'" nowrap="nowrap"><?php echo $acc_title;?></td>
				<td class="menu_separator"><?php echo tep_draw_separator('spacer.gif', '1', '1'); ?></td>
<?php if (tep_session_is_registered('customer_id')) { 

 $login_link = tep_href_link('logoff.php');
 $login_title= HEADER_TITLE_LOGOFF;
} else{ 
 $login_link = tep_href_link('login.php');
 $login_title= HEADER_TITLE_LOGIN;
} 
?>

 

<td <?php echo $item_menu_05;?> onClick="document.location='<?php echo $login_link;?>'"><?php echo $login_title;?></td>
<td class="menu_separator"><?php echo tep_draw_separator('spacer.gif', '1', '1'); ?></td>
<td <?php echo $item_menu_06;?> onClick="document.location='<?php echo tep_href_link('quote.php')?>'"><?php echo BOX_INFORMATION_QUOTE?></td>

 

so how do i change the code from

 

tep_href_link('account.php')

 

to

 

tep_href_link(FILENAME_ACCOUNT, '', 'SSL')

 

i apologize if i typed too long, i hope i made sense.

Share this post


Link to post
Share on other sites

Here's the reference filenames:

  define('FILENAME_ACCOUNT', 'account.php');
 define('FILENAME_CREATE_ACCOUNT', 'create_account.php');
 define('FILENAME_CONTACT_US', 'contact_us.php');
 define('FILENAME_LOGIN', 'login.php');
 define('FILENAME_LOGOFF', 'logoff.php');
 define('FILENAME_QUOTE', 'quote.php');

Share this post


Link to post
Share on other sites

Eash page that can have SSL implemented has code to check for the SSL.

 

 

For example, the log in page (login.php) will have this code:

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_LOGIN, '', 'SSL'));

 

the Create Account page (create_account.php) will have this:

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));

 

 

the same does for all other pages that could use the SSL

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

so how do i change the code from

 

tep_href_link('account.php')

 

to

 

tep_href_link(FILENAME_ACCOUNT, '', 'SSL')

 

i apologize if i typed too long, i hope i made sense.

Just like that.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Eash page that can have SSL implemented has code to check for the SSL.

 

 

For example, the log in page (login.php) will have this code:

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_LOGIN, '', 'SSL'));

 

the Create Account page (create_account.php) will have this:

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));

 

 

the same does for all other pages that could use the SSL

 

 

Chris

 

Thank you Chris, I checked all these files and noticed contact_us.php, logoff.php and quote.php do not have such code, so i'll leave these pages out i guess.

Now i know which pages need to be protected.

Share this post


Link to post
Share on other sites

Just like that.

 

Thank you germ, worked immediately after i used your code.

Happy to see the login.php, account.php and create_account.php to have a lock now :)

Share this post


Link to post
Share on other sites

Hi everyone,

 

I've tried to follow all the steps described here and in other posts, however, when trying to access create_account.php, I get the following error:

 

Fatal error: Call to a member function on a non-object in /home/xxxxx/public_html/components/catalogo/create_account.php on line 249

create_account.php has the following on line 249:

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));

The URL on the browser actually changes to https, but I could not get rid of the error, in spite of the changes in both configure.php files and application_top.php

 

cfgchk.php seems to indicate everything is set properly, but I've been unable to "run" the other files in the contribution.

 

Help is appreciated.

 

Thanks.

Share this post


Link to post
Share on other sites

Hello,

I am having the same problem. You can go to the login.php page and it will appear as HTTPS but you can remove the S in HTTP and the page does not automatically load as HTTPS. Why is this happening? I have had this site up for a long time and I didn't have this problem before. What do I need to do? Any help is greatly appreciated! Thank you!

Share this post


Link to post
Share on other sites

You need to be sure the PHP link code to the pages contain the SSL parameter (example below)

 

tep_href_link(FILENAME_ACCOUNT, '', 'SSL')

 

 

What files do I look in to make this change?

Thanks!

Share this post


Link to post
Share on other sites

Hi

 

A quick update found the links that needed updating this link was a great help. It nay help others

 

only problem now is the wrong pictures show up

 

any ideas

 

T

Share this post


Link to post
Share on other sites

×