Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Time to get secure (if you haven't already)


frankl

Recommended Posts

@@Omar_one Not sure what version you are using but I have this in my template_top.php file....

 

<link rel="icon" type="image/x-icon" href="images/favicon.ico"/>

 

and I moved my favicon.ico to the images folder....at least I think that is what I did.

 

Dan

Link to comment
Share on other sites

  • Replies 140
  • Created
  • Last Reply

@@John W @@Dan Cole

Sorry I typed  the error wrong here is the right one :

2.Insecure URL: http://www.mysite.com/testshop/favicon.ico 

Found in: https://mysite.com

 

so copied the favicon.ico to mysite and to mysite/testshop

 

but still same thing

Get the latest Responsive osCommerce CE (community edition) here .

Link to comment
Share on other sites

@@Omar_one

 

@@Dan Cole

mysite.com based on oscommerce 2.2 rc2a

and testshop based on oscommerce 2.3 bs Edge

 

Did you add the link to template_top.php?

 

Dan

Link to comment
Share on other sites

@@Omar_one  If you use FireFox can you check with your inspector tool?  Other browsers probably have something similar.   If not, do you have a URL we can look at?

 

Dan

Link to comment
Share on other sites

thank you @@Dan Cole

adding the link on mysite.com/index.php fixed the problem ..

 until there  is some kind of  that link there for favicon.ico  .

and it was working before adding SSL ..

but i still have this one

Server supports SSLv3, may be vulnerable to POODLE attack. It is suggested to disable the SSLv3 protocol.

 

 

and still the same looking on search bar (the browser)

post-339096-0-03022500-1480003671_thumb.png

Get the latest Responsive osCommerce CE (community edition) here .

Link to comment
Share on other sites

@@Omar_one  I'm confused...if you are still seeing that error it's not working....what do you see in https://www.whynopadlock.com/

now.

 

Regarding the Poodle issue you need to take that up with your ISP.

 

Dan

Link to comment
Share on other sites

@@Omar_one  Also be sure to check the rest of your site...you might have other pages that link to insecure images or other content.

 

Dan

Link to comment
Share on other sites

I agree, Poodle has been out more than a year and SSLv3 should not be used at all.  It's a very quick fix for them to do, but it should have been done already.  You really want a server supporting TLS 1.2 at this point.  Most credit card processors won't even allow that connection level.  Some require only TLS 1.2.

I'm not really a dog.

Link to comment
Share on other sites

@@John W   @@Dan Cole @@frankl Thank you for your help

I will  contact my web hosting provider to fix that..

 

there is something when I edit the config (catalog) the login not work so no orders

  define('HTTP_COOKIE_DOMAIN', '.www.mysite.com');
  define('HTTPS_COOKIE_DOMAIN', '.www.mysite.com');

but its working when i change it to

  define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');
  define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com');

:thumbsup:

Get the latest Responsive osCommerce CE (community edition) here .

Link to comment
Share on other sites

@@Omar_one  Interesting....mine is set like this....

 

  define('HTTP_COOKIE_DOMAIN', '');
  define('HTTPS_COOKIE_DOMAIN', '');

 

I have no idea what determines how it should be set, besides whether it works or not.

 

Dan

Link to comment
Share on other sites

@@Dan Cole

But now the testshop not working .... can't login to the admin just blank page ...

catalog the links not work good(category menu), And the in the product_info the product images not working good they are all big...

 

maybe because the testshop isn't in the root..maybe some change in .htaccess file will help?

Get the latest Responsive osCommerce CE (community edition) here .

Link to comment
Share on other sites

@@Omar_one I had a problem like that recently with the modular navbar.  I uninstalled one of the dropdown list modules...ie currency or my account and reinstalled it....the problem when away....I don't know if that will work for you or not but it's an easy thing to try.

 

Dan

Link to comment
Share on other sites

I have hopefully updated my BS site. I already had an SSL certificate so changed all HTTP in both of the configure files to HTTPS.

 

I also added the redirect for the htaccess file as posted back in this thread.

 

I then created new sitemaps using the addon that I use, and then added these new sitemaps to google and bing webmaster tools after deleting the old ones.

 

My site loaded correctly but on testing showed a few errors about insecure images. I went through all the additional pages that I have added and changed all HTTP to HTTPS on internal links and images.

 

Now I appear to have a green padlock showing on every page of the site as far as I can see in firefox, chrome and edge. Not tried any others. I have created new accounts and new orders on those accounts and all seems to be working fine. Some of my sites back links also work from other sites so I can only assume that the redirect is working. You can also enter with or without the https and the site goes to the correct page.

 

Time will tell what impact the change has.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

@@14steve14 Those are the steps I would follow Steve...I think you'll be fine....let us know if you see a temporary drop in page ranking or not.

 

Dan

Link to comment
Share on other sites

@@Dan Cole

I can't fix it because I got blank page when I login to admin on the mysite.com/testshop/admin

 

maybe because the testshop isn't in the root..maybe some change in .htaccess file will help?

Get the latest Responsive osCommerce CE (community edition) here .

Link to comment
Share on other sites

@@Omar_one Search the forums here....I haven't had that problem but I remember reading/seeing a lot of posts about it.  It seemed to be a common issue for awhile.

 

Dan

Link to comment
Share on other sites

  • 4 weeks later...

I have just had a customer ring me and say that when using Chrome there was an exclamation mark rather than a green padlock on a site that I changed to all HTTPS. As he talked me through what he was doing, the green padlock disappeared and changed to an exclamation mark when logged in. Clicking the exclamation mark led me to a page where I was told that there was mixed content.

 

I then looked at the page source and indeed there was a plain http This is the bit of code it is in

<div class="panel panel-default">
  <div class="panel-heading">Manufacturers</div>
  <div class="panel-body"><form name="manufacturers" action="http://www.mywebsite.com/index.php" method="get"><select name="manufacturers_id" onchange="this.form.submit();" size="1" style="width: 100%" class="form-control"><option value="" selected="selected">Please Select</option><option value="36">4Ground</option><option value="29">Albion Alloys</option><option value="31">Am-Tech</option><option value="14">Ancorton Models</option><option value="24">Antex</option><option value="10">Dapol</option><option value="28">DAS</option><option value="33">Elmer's Adhesives</option><option value="13">Expo tools</option><option value="35">Humbrol</option><option value="2">Javis</option><option value="25">Milliput</option><option value="7">Model Craft</option><option value="19">Other</option><option value="4">Plastruct</option><option value="32">Railwayscenics</option><option value="1">RS Electrics</option><option value="34">Seawhite</option><option value="17">Silverline</option><option value="12">South Eastern Fineca..</option><option value="23">Superquick</option><option value="6">Swann morton</option><option value="16">Toolzone</option><option value="27">Velleman</option><option value="5">X-Acto</option><option value="20">Xuron</option></select></form></div>
</div>

Now that is coming from the manufacturers box. When I disable the box the error goes away. This is only happening in Chrome.

 

Where is that link being pulled from as I cannot find any code in includes/modules/boxes/manufacturers.php or the template file, or the language file that may be creating this http link. Any help gratefully received.

 

I am using Bootstrap oscommerce.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...