officer Posted May 3, 2012 Share Posted May 3, 2012 Please bear with me. my site was working fine in IE and FF untill I enabled SSL. Case 1: Issue 1: This issue involves .swf which is not loading in IE with http/https but loads in FF with http/https. In IE all the other pictures/videos are loading with http/https. Issue 2: There is feedjit live trafic doesn't work in IE but works in FF with http/https application_top.php has $request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'www.yoyopoint.com') ? 'SSL' : 'NONSSL'; and general.php if ((ENABLE_SSL == true) && (getenv('HTTP_X_FORWARDED_HOST') == 'www.yoyopoint.com') ) Case 2: If I change the values as below application_top.php $request_type = ($_SERVER['HTTPS'] == 'www.yoyopoint.com') ? 'SSL' : 'NONSSL'; and general.php if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) then for IE .swf and feejit starts working in IE with http and for https gives a security warning and do not work also all pictures stops displaying for FF http: everything works https: .swf stops working (feedjit is working) ------------------------------------------------------ all advise/help is appreciated. Link to comment Share on other sites More sharing options...
germ Posted May 3, 2012 Share Posted May 3, 2012 Click the "SSL Implementaion Help" link in my signature. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
officer Posted May 7, 2012 Author Share Posted May 7, 2012 Thanks for the reply. I read the post within post How to install SSL on OSC: A Simple 1-2-3 Instruction, Simple, straighforward instructions my files/settings were as per the instructions or I made editing where it was not. and then I continued with your post. 1. $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; In IE a call to https gives unsecure warning and clicking yes does not work as expected. cfgchk is fine. I am troubleshooting with the below lines in place: application_top.php $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; and general.php if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) then for IE http: .swf and feedjit starts working https gives a security warning and do not work also all pictures stops displaying for FF http: everything works https: .swf stops working (feedjit is working) call to .swf is with https. Link to comment Share on other sites More sharing options...
germ Posted May 7, 2012 Share Posted May 7, 2012 osC relies on some variable accessible to PHP to change when SSL is active. Using my contribution you uploaded to your site I can not find any variable at all that changes when going from HTTP to HTTPS. Therefore the only thing I can suggest other than switching hosts is this If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
officer Posted May 7, 2012 Author Share Posted May 7, 2012 boss it is working fine after the change suggested. so far looks all right. Thanks for your kind support. will check in detail later. Link to comment Share on other sites More sharing options...
officer Posted May 7, 2012 Author Share Posted May 7, 2012 by the way you know any good host where everything works perfect without much customization. I was not expecting surprises from network sol. (on missing variables) Link to comment Share on other sites More sharing options...
germ Posted May 7, 2012 Share Posted May 7, 2012 Glad it's working for you. :) Sorry but it's against forum rules to suggest hosts by name specifically as that's considered "advertising" which is "verboten" :blush: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
officer Posted May 8, 2012 Author Share Posted May 8, 2012 ok, I have done some testing. with Firefox I am satisfied for the whole shopping process. with IE in the end of shopping process when the checkout_success page appears (your order has been processed) then when I clicked on continue, IE gave me the same security warning and clicking yes lost all the images and formatting. I have added case FILENAME_INDEX: case FILENAME_SHOPPING_CART: any suggestion? Link to comment Share on other sites More sharing options...
germ Posted May 8, 2012 Share Posted May 8, 2012 Remove the lines you said you added. You're making pages use SSL that don't need to. At the top of /catalog/checkout_success.php change this code: tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string)); To this tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string, 'NONSSL')); If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
officer Posted May 8, 2012 Author Share Posted May 8, 2012 lines removed and changed the code to: tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string, 'NONSSL')); same issue exists on clicking continue still it tries to access index.php using https Link to comment Share on other sites More sharing options...
germ Posted May 8, 2012 Share Posted May 8, 2012 After looking at the code and a little testing on my WAMP server I came up with the code below. It should solve your problem: tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string,'NONSSL') . "\n"); If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
officer Posted May 9, 2012 Author Share Posted May 9, 2012 thanksalot for supporting. tried the new line but clicking continue still calls the index page with https IE gave me the same security warning and clicking yes lost all the images and formatting. Link to comment Share on other sites More sharing options...
germ Posted May 9, 2012 Share Posted May 9, 2012 Well it worked for me. :huh: Try the code below. if ( strlen($notify_string) ) header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT . '?' . $notify_string ); else header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT ); If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
officer Posted May 9, 2012 Author Share Posted May 9, 2012 Please correct me if I am wrong. I think I need index.php always nonssl any calls to it with https and then it crashes. in application_top I have moved up the line "default: $request_type.." switch ( basename($PHP_SELF) ) { default: $request_type = 'NONSSL'; case FILENAME_ACCOUNT: .............. it is helping atleast not to crash the index.php page but now flash doesnot appear. how can I make index.php nonssl also in your last advice I put the line of code below if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'update')) { $notify_string = ''; if (isset($HTTP_POST_VARS['notify']) && !empty($HTTP_POST_VARS['notify'])) { $notify = $HTTP_POST_VARS['notify']; if (!is_array($notify)) { $notify = array($notify); } for ($i=0, $n=sizeof($notify); $i<$n; $i++) { if (is_numeric($notify[$i])) { $notify_string .= 'notify[]=' . $notify[$i] . '&'; } } if (!empty($notify_string)) { $notify_string = 'action=notify&' . substr($notify_string, 0, -1); } if ( strlen($notify_string) ) header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT . '?' . $notify_string ); else header('Location: ' . HTTP_SERVER . '/' . FILENAME_DEFAULT ); } // tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string)); tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string,'NONSSL') . "\n"); } Link to comment Share on other sites More sharing options...
MrPhil Posted May 9, 2012 Share Posted May 9, 2012 First of all, are you satisfied that the osC code is discovering whether a page is SSL or not is working correctly? Some servers return '1' instead of 'on' for getenv('HTTPS'), while others require a different variable name, and still others have $_SERVER['HTTPS'] defined while others don't. Flash aside, does your store appear to be using SSL (https) on the correct pages? switch ( basename($PHP_SELF) ) { default: $request_type = 'NONSSL'; case FILENAME_ACCOUNT: .............. What are you doing here? You are aware that the default case will fall through into the FILENAME_ACCOUNT case, unless you put a break; in there? Was the original problem that certain SSL-enabled pages were no longer serving up certain content (Flash)? Were you getting browser warnings that there was insecure content on those pages? Whatever code you added to display Flash will either have to be removed/disabled on SSL pages, or you will need to modify it so that it invokes whatever it's invoking via https: instead of http:. If this is to your own site, do you even need to give httpX://your domain, or can you just give the HTML path to the file? Sorry if these questions seem all too obvious, but sometimes people get themselves all tangled up trying use a complex solution when a very easy one is possible. Link to comment Share on other sites More sharing options...
germ Posted May 10, 2012 Share Posted May 10, 2012 Minor correction. The replacment code should be: if ( strlen($notify_string) ) header('Location: ' . HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_DEFAULT . '?' . $notify_string ); else header('Location: ' . HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_DEFAULT ); The only difference being if you have a non-root install the old code throws you back to the root. The index should NEVER be SSL, and as far as I can tell with the code I posted it isn't. It never is on my WAMP server. Maybe you should switch hosts and stop fighting problems caused by an inept server. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
officer Posted May 20, 2012 Author Share Posted May 20, 2012 Thanks for the help. to make the things simple I have removed my site and reinstalled the oscommerece default site. I enabled the ssl. testng the site with ssl enabled sending me to https:// index page my configuration is same as below (6) In includes/configure.php, set the SSL to "true"; it should look something like this near the top, if you assigned the SSL to www.yoursite.com: define('HTTP_SERVER', 'http://www.yoursite.com'); define('HTTPS_SERVER', 'https://www.yoursite.com'); define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', '.yoursite.com'); define('HTTPS_COOKIE_DOMAIN', '.yoursite.com'); (7) In admin/includes/configure.php, set the SSL to "true" and add an "s" after all the http's. So it'll look something like this, if assigned to www.yoursite.com: define('HTTP_SERVER', 'https://www.yoursite.com/'); define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com/'); define('HTTPS_CATALOG_SERVER', 'https://www.yoursite.com/'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module Link to comment Share on other sites More sharing options...
MrPhil Posted May 20, 2012 Share Posted May 20, 2012 You should never have https: on an HTTP_ entry. That will make all pages under SSL, which you don't want. What are you trying to do? It sounds like either you aren't picking up SSL when you should (see above discussion on getenv('HTTPS'), etc.), or you have a hard coded http: URL being used on an SSL page. Embedded content (images, css, js, flash, etc.) need to be https: if used on an SSL (https) page, or you'll get a browser error about insecure content. If a resource is on your site, omit the http://domain and just use the path (absolute or relative) for the URL. I would hope that osC is smart enough to just give the path and filename for embedded content, but maybe it isn't. The browser will figure out the right thing to do. http: page links are OK, but might give a warning that you are leaving a secure page. Link to comment Share on other sites More sharing options...
officer Posted May 21, 2012 Author Share Posted May 21, 2012 MrPhil I have default osCommerce package loaded and enabled ssl with the above settings. there are no other changes made in the code whatsoever. I did a test purchase. on confirming the order the index page comes up with https. Link to comment Share on other sites More sharing options...
MrPhil Posted May 21, 2012 Share Posted May 21, 2012 Your configure.php file(s) are incorrect. You have https: on the HTTP_ entries. Fix that. Link to comment Share on other sites More sharing options...
germ Posted May 21, 2012 Share Posted May 21, 2012 MrPhil I have default osCommerce package loaded and enabled ssl with the above settings. there are no other changes made in the code whatsoever. I did a test purchase. on confirming the order the index page comes up with https. There exists a flaw in the default code. After a "vanilla" install when you checkout it accesses the index with a HTTPS URL. I've already posted code to fix that. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.