Jump to content

Archived

This topic is now archived and is closed to further replies.

officer

IE - Flash with SSL

Recommended Posts

Please bear with me.

 

my site was working fine in IE and FF untill I enabled SSL.

 

 

Case 1:

 

Issue 1: This issue involves .swf which is not loading in IE with http/https but loads in FF with http/https.

 

In IE all the other pictures/videos are loading with http/https.

 

Issue 2: There is feedjit live trafic doesn't work in IE but works in FF with http/https

 

application_top.php has

 

$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'www.yoyopoint.com') ? 'SSL' : 'NONSSL';

 

and general.php

 

if ((ENABLE_SSL == true) && (getenv('HTTP_X_FORWARDED_HOST') == 'www.yoyopoint.com') )

 

 

Case 2:

 

If I change the values as below

 

application_top.php

 

$request_type = ($_SERVER['HTTPS'] == 'www.yoyopoint.com') ? 'SSL' : 'NONSSL';

 

and general.php

 

if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') )

 

then

 

for IE

 

.swf and feejit starts working in IE with http and for https gives a security warning and do not work also all pictures stops displaying

 

for FF

 

http: everything works

https: .swf stops working (feedjit is working)

 

------------------------------------------------------

 

all advise/help is appreciated.

Share this post


Link to post
Share on other sites

Click the "SSL Implementaion Help" link in my signature.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Thanks for the reply.

 

I read the post within post

 

How to install SSL on OSC: A Simple 1-2-3 Instruction, Simple, straighforward instructions

 

my files/settings were as per the instructions or I made editing where it was not.

 

and then I continued with your post.

 

1. $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

In IE a call to https gives unsecure warning and clicking yes does not work as expected.

 

cfgchk is fine.

 

I am troubleshooting with the below lines in place:

 

application_top.php

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

and general.php

 

if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') )

 

then

 

for IE

 

http: .swf and feedjit starts working

https gives a security warning and do not work also all pictures stops displaying

 

for FF

 

http: everything works

https: .swf stops working (feedjit is working)

 

 

call to .swf is with https.

Share this post


Link to post
Share on other sites

osC relies on some variable accessible to PHP to change when SSL is active.

 

Using my contribution you uploaded to your site I can not find any variable at all that changes when going from HTTP to HTTPS.

 

Therefore the only thing I can suggest other than switching hosts is this


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

boss it is working fine after the change suggested.

 

 

so far looks all right. Thanks for your kind support.

 

will check in detail later.

Share this post


Link to post
Share on other sites

by the way you know any good host where everything works perfect without much customization.

 

I was not expecting surprises from network sol. (on missing variables)

Share this post


Link to post
Share on other sites

Glad it's working for you.

:)

 

Sorry but it's against forum rules to suggest hosts by name specifically as that's considered "advertising" which is "verboten"

:blush:


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

ok, I have done some testing.

 

with Firefox I am satisfied for the whole shopping process.

 

with IE in the end of shopping process when the checkout_success page appears (your order has been processed)

 

then when I clicked on continue, IE gave me the same security warning and clicking yes lost all the images and formatting.

 

I have added

 

case FILENAME_INDEX:

case FILENAME_SHOPPING_CART:

 

 

any suggestion?

Share this post


Link to post
Share on other sites

Remove the lines you said you added. You're making pages use SSL that don't need to.

 

At the top of /catalog/checkout_success.php change this code:

 

tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string));

 

To this

 

tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string, 'NONSSL'));


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

lines removed

 

and changed the code to:

tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string, 'NONSSL'));

 

same issue exists

 

on clicking continue still it tries to access index.php using https

Share this post


Link to post
Share on other sites

After looking at the code and a little testing on my WAMP server I came up with the code below.

 

It should solve your problem:

 

 

tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string,'NONSSL') . "\n");


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

thanksalot for supporting.

 

tried the new line but clicking continue still calls the index page with https

 

IE gave me the same security warning and clicking yes lost all the images and formatting.

Share this post


Link to post
Share on other sites

Well it worked for me.

:huh:

 

Try the code below.

 

if ( strlen($notify_string) )
 header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT . '?' .  $notify_string );
else
 header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT );


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Please correct me if I am wrong.

 

I think I need index.php always nonssl

 

any calls to it with https and then it crashes.

 

 

in application_top

 

I have moved up the line "default: $request_type.."

 

 

switch ( basename($PHP_SELF) ) {

 

default: $request_type = 'NONSSL';

case FILENAME_ACCOUNT:

..............

 

it is helping atleast not to crash the index.php page but now flash doesnot appear.

 

how can I make index.php nonssl

 

 

 

also in your last advice I put the line of code below

 

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'update')) {

$notify_string = '';

 

if (isset($HTTP_POST_VARS['notify']) && !empty($HTTP_POST_VARS['notify'])) {

$notify = $HTTP_POST_VARS['notify'];

 

if (!is_array($notify)) {

$notify = array($notify);

}

 

for ($i=0, $n=sizeof($notify); $i<$n; $i++) {

if (is_numeric($notify[$i])) {

$notify_string .= 'notify[]=' . $notify[$i] . '&';

}

}

 

if (!empty($notify_string)) {

$notify_string = 'action=notify&' . substr($notify_string, 0, -1);

}

 

if ( strlen($notify_string) )

header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT . '?' . $notify_string );

else

header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT );

 

}

 

// tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string));

tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string,'NONSSL') . "\n");

}

Share this post


Link to post
Share on other sites

First of all, are you satisfied that the osC code is discovering whether a page is SSL or not is working correctly? Some servers return '1' instead of 'on' for getenv('HTTPS'), while others require a different variable name, and still others have $_SERVER['HTTPS'] defined while others don't. Flash aside, does your store appear to be using SSL (https) on the correct pages?

 

switch ( basename($PHP_SELF) ) {

default: $request_type = 'NONSSL';
case FILENAME_ACCOUNT:
..............

What are you doing here? You are aware that the default case will fall through into the FILENAME_ACCOUNT case, unless you put a break; in there?

 

Was the original problem that certain SSL-enabled pages were no longer serving up certain content (Flash)? Were you getting browser warnings that there was insecure content on those pages? Whatever code you added to display Flash will either have to be removed/disabled on SSL pages, or you will need to modify it so that it invokes whatever it's invoking via https: instead of http:. If this is to your own site, do you even need to give httpX://your domain, or can you just give the HTML path to the file?

 

Sorry if these questions seem all too obvious, but sometimes people get themselves all tangled up trying use a complex solution when a very easy one is possible.

Share this post


Link to post
Share on other sites

Minor correction.

 

The replacment code should be:

 

	if ( strlen($notify_string) )
  header('Location: ' . HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_DEFAULT . '?' .  $notify_string );
else
  header('Location: ' . HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_DEFAULT );

 

The only difference being if you have a non-root install the old code throws you back to the root.

 

The index should NEVER be SSL, and as far as I can tell with the code I posted it isn't. It never is on my WAMP server.

 

Maybe you should switch hosts and stop fighting problems caused by an inept server.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Thanks for the help.

 

to make the things simple I have removed my site and reinstalled the oscommerece default site.

 

I enabled the ssl.

 

testng the site with ssl enabled sending me to https:// index page

 

my configuration is same as below

 

 

 

(6) In includes/configure.php, set the SSL to "true"; it should look something like this near the top, if you assigned the SSL to www.yoursite.com:

define('HTTP_SERVER', 'http://www.yoursite.com');

define('HTTPS_SERVER', 'https://www.yoursite.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '.yoursite.com');

define('HTTPS_COOKIE_DOMAIN', '.yoursite.com');

 

(7) In admin/includes/configure.php, set the SSL to "true" and add an "s" after all the http's. So it'll look something like this, if assigned to www.yoursite.com:

define('HTTP_SERVER', 'https://www.yoursite.com/');

define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com/');

define('HTTPS_CATALOG_SERVER', 'https://www.yoursite.com/');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

Share this post


Link to post
Share on other sites

You should never have https: on an HTTP_ entry. That will make all pages under SSL, which you don't want. What are you trying to do?

 

It sounds like either you aren't picking up SSL when you should (see above discussion on getenv('HTTPS'), etc.), or you have a hard coded http: URL being used on an SSL page. Embedded content (images, css, js, flash, etc.) need to be https: if used on an SSL (https) page, or you'll get a browser error about insecure content. If a resource is on your site, omit the http://domain and just use the path (absolute or relative) for the URL. I would hope that osC is smart enough to just give the path and filename for embedded content, but maybe it isn't. The browser will figure out the right thing to do. http: page links are OK, but might give a warning that you are leaving a secure page.

Share this post


Link to post
Share on other sites

MrPhil I have default osCommerce package loaded and enabled ssl with the above settings. there are no other changes made in the code whatsoever.

 

I did a test purchase. on confirming the order the index page comes up with https.

Share this post


Link to post
Share on other sites

MrPhil I have default osCommerce package loaded and enabled ssl with the above settings. there are no other changes made in the code whatsoever.

 

I did a test purchase. on confirming the order the index page comes up with https.

 

There exists a flaw in the default code.

 

After a "vanilla" install when you checkout it accesses the index with a HTTPS URL.

 

I've already posted code to fix that.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

×