Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL not loading on login.php and create_account.php


mid9tblue

Recommended Posts

Hi all,

I have just installed SSL on my site by my host, and i altered the configure files both in admin and catalog as shown in this thread:

 

How to install SSL on OSC: A Simple 1-2-3 Instruction

 

I also checked the installation with this addon:

 

SSL Help

 

It seems working, and my site front loads fine with the lock if i input https

BUT as i test around, i found that some pages do not auto load with the lock thing, pages like create_account.php, login.php, contact_us.php.

the pages auto load with the lock is checkout_process.php and other linked php in account.php

is there a manual way to add pages into default encrypted pages? something i can alter within osc or something i have to ask my host to do?

it's weird that create_account.php and login.php do not auto load with https in the first place, but i did notice that they do load https if redirected by another page within the site or if the pw input is incorrect.

however if i type directly in my browser address bar: http://mysite.com/login.php, the https doesn't happen, same with create_account.php

Please help, I believed i did everything correct, but this puzzles me :(

Link to comment
Share on other sites

You need to be sure the PHP link code to the pages contain the SSL parameter (example below)

 

tep_href_link(FILENAME_ACCOUNT, '', 'SSL')

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

For my site, the pages that definitely need to be secured are create_account.php, account.php, contact_us.php, quote.php, login.php, i'm not sure about logoff.php

I'm new to ssl, and i'm trying to understand how it works.

from what u suggested, i assume if the link source code have not set to load the ssl, then the page that directed from that link will not be secured?

so it's not the pages themselves being set to be secured rather the directing links that's telling browsers to secure which page?

I found the codes that associate of these links that are not loading the locks, but it's a bit different since they dont refer to filename and just point to the php files directly, here they are:

 

<table cellpadding="0" cellspacing="0" border="0">
						<tr><td align="center"><span><a href="<?php echo tep_href_link('contact_us.php')?>"><?php echo BOX_INFORMATION_CONTACT?></a>   |   <a href="<?php echo tep_href_link('advanced_search.php')?>"><?php echo BOX_SEARCH_ADVANCED_SEARCH?></a>   |   <a href="<?php echo tep_href_link('reviews.php')?>"><?php echo BOX_HEADING_REVIEWS?></a>   |   <? if (tep_session_is_registered('customer_id')) { 
?><a href="<?php echo tep_href_link('account.php')?>"><?php echo HEADER_TITLE_MY_ACCOUNT?></a><? } else 
{ ?><a href="<?php echo tep_href_link('create_account.php')?>"><?php echo HEADER_TITLE_CREATE_ACCOUNT?></a><? } 
?>   |   <? if (tep_session_is_registered('customer_id')) { 
?><a href="<?php echo tep_href_link('logoff.php')?>"><?php echo HEADER_TITLE_LOGOFF?></a><? } else 
{ ?><a href="<?php echo tep_href_link('login.php')?>"><?php echo HEADER_TITLE_LOGIN?></a><? } 
?></span></td></tr>
					</table>
			</td></tr>
		</table>

 

<?php if (tep_session_is_registered('customer_id')) { 

 $acc_link = tep_href_link('account.php');
 $acc_title= HEADER_TITLE_MY_ACCOUNT;
} else{ 
 $acc_link = tep_href_link('create_account.php');
 $acc_title= HEADER_TITLE_CREATE_ACCOUNT;
} 
?>                        
				<td <?php echo $item_menu_04;?> onClick="document.location='<?php echo $acc_link;?>'" nowrap="nowrap"><?php echo $acc_title;?></td>
				<td class="menu_separator"><?php echo tep_draw_separator('spacer.gif', '1', '1'); ?></td>
<?php if (tep_session_is_registered('customer_id')) { 

 $login_link = tep_href_link('logoff.php');
 $login_title= HEADER_TITLE_LOGOFF;
} else{ 
 $login_link = tep_href_link('login.php');
 $login_title= HEADER_TITLE_LOGIN;
} 
?>

 

<td <?php echo $item_menu_05;?> onClick="document.location='<?php echo $login_link;?>'"><?php echo $login_title;?></td>
<td class="menu_separator"><?php echo tep_draw_separator('spacer.gif', '1', '1'); ?></td>
<td <?php echo $item_menu_06;?> onClick="document.location='<?php echo tep_href_link('quote.php')?>'"><?php echo BOX_INFORMATION_QUOTE?></td>

 

so how do i change the code from

 

tep_href_link('account.php')

 

to

 

tep_href_link(FILENAME_ACCOUNT, '', 'SSL')

 

i apologize if i typed too long, i hope i made sense.

Link to comment
Share on other sites

Here's the reference filenames:

  define('FILENAME_ACCOUNT', 'account.php');
 define('FILENAME_CREATE_ACCOUNT', 'create_account.php');
 define('FILENAME_CONTACT_US', 'contact_us.php');
 define('FILENAME_LOGIN', 'login.php');
 define('FILENAME_LOGOFF', 'logoff.php');
 define('FILENAME_QUOTE', 'quote.php');

Link to comment
Share on other sites

Eash page that can have SSL implemented has code to check for the SSL.

 

 

For example, the log in page (login.php) will have this code:

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_LOGIN, '', 'SSL'));

 

the Create Account page (create_account.php) will have this:

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));

 

 

the same does for all other pages that could use the SSL

 

 

Chris

Link to comment
Share on other sites

so how do i change the code from

 

tep_href_link('account.php')

 

to

 

tep_href_link(FILENAME_ACCOUNT, '', 'SSL')

 

i apologize if i typed too long, i hope i made sense.

Just like that.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Eash page that can have SSL implemented has code to check for the SSL.

 

 

For example, the log in page (login.php) will have this code:

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_LOGIN, '', 'SSL'));

 

the Create Account page (create_account.php) will have this:

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));

 

 

the same does for all other pages that could use the SSL

 

 

Chris

 

Thank you Chris, I checked all these files and noticed contact_us.php, logoff.php and quote.php do not have such code, so i'll leave these pages out i guess.

Now i know which pages need to be protected.

Link to comment
Share on other sites

  • 6 months later...

Hi everyone,

 

I've tried to follow all the steps described here and in other posts, however, when trying to access create_account.php, I get the following error:

 

Fatal error: Call to a member function on a non-object in /home/xxxxx/public_html/components/catalogo/create_account.php on line 249

create_account.php has the following on line 249:

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));

The URL on the browser actually changes to https, but I could not get rid of the error, in spite of the changes in both configure.php files and application_top.php

 

cfgchk.php seems to indicate everything is set properly, but I've been unable to "run" the other files in the contribution.

 

Help is appreciated.

 

Thanks.

Link to comment
Share on other sites

  • 3 months later...

Hello,

I am having the same problem. You can go to the login.php page and it will appear as HTTPS but you can remove the S in HTTP and the page does not automatically load as HTTPS. Why is this happening? I have had this site up for a long time and I didn't have this problem before. What do I need to do? Any help is greatly appreciated! Thank you!

Link to comment
Share on other sites

  • 3 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...