Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HTTP to HTTPS help?


Adam_Maynard

Recommended Posts

I am trying to get an old site fully https secure, And after installing the SSL Certs it still shows not fully secure (due to some links being http).

Many of the links on the page source are still http, and after changing them in the .php files and the sitemap they still show the same.

Also, now we seem to be having trouble with our shopping cart not adding products when customer tries to add to cart, and it forgets the customers password next time they try to log in.

Our Site is: https://www.bibbtool.com/

I could really use some help or advice, I am fairly new to all this.

Appreciate any help.

Link to comment
Share on other sites

For SSL there is no short-cut you have to check all your code for http and cange it to https for all links in the code. Use the browser inspect tool to check for any mixed content.

Mixed Content: The page at 'https://www.bibbtool.com/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://www.bibbtool.com/advanced_search_result.php'. This endpoint should be made available over a secure connection.

a simple audit shows all these pages have issues. Fix those and you should be ok. You can check again using this tool. https://www.jitbit.com/sslcheck/

The password could be related so fix the SSL first abd check all redirects and see what you get. Also check your error log to see if it holds any clues.

Pages with unsecure content:
https://www.bibbtool.com/ ?
https://www.bibbtool.com/login.php?osCsid=5ktp19tuahuh8l2vin83ncqog4 ?
https://www.bibbtool.com/help.php?osCsid=5ktp19tuahuh8l2vin83ncqog4 ?
https://www.bibbtool.com/account.php?osCsid=5ktp19tuahuh8l2vin83ncqog4 ?
https://www.bibbtool.com/all_manufacturers.php ?
https://www.bibbtool.com/bandsaw_blades.php ?
https://www.bibbtool.com/coldsaw_blades.php ?
https://www.bibbtool.com/password_forgotten.php?osCsid=5ktp19tuahuh8l2vin83ncqog4 ?
https://www.bibbtool.com/create_account.php?osCsid=5ktp19tuahuh8l2vin83ncqog4 ?
https://www.bibbtool.com/login.php?osCsid=asmg2n3io6gb5da18sign3a7d4 ?
https://www.bibbtool.com/help.php?osCsid=asmg2n3io6gb5da18sign3a7d4 ?
https://www.bibbtool.com/account.php?osCsid=asmg2n3io6gb5da18sign3a7d4 ?
https://www.bibbtool.com/freud-m-157.html?page=2&sort=2a&osCsid=5ktp19tuahuh8l2vin83ncqog4 ?
https://www.bibbtool.com/freud-m-157.html?page=3&sort=2a&osCsid=5ktp19tuahuh8l2vin83ncqog4 ?
https://www.bibbtool.com/freud-m-157.html?page=4&sort=2a&osCsid=5ktp19tuahuh8l2vin83ncqog4 ?
https://www.bibbtool.com/freud-m-157.html?page=5&sort=2a&osCsid=5ktp19tuahuh8l2vin83ncqog4 ?
https://www.bibbtool.com/freud-m-157.html?page=6&sort=2a&osCsid=5ktp19tuahuh8l2vin83ncqog4 ?

 

Link to comment
Share on other sites

Thank you!

So as far as checking the code, do you mean check file by file?

Is there any other place to look?

Like the advanced_search_result.php , I have changed the file to https in that file, but it still loads as http. So it is pulling the results in from some other place?

Again, it is appreciated, thanks!

Link to comment
Share on other sites

Yes you need to manualy check each of the files listed above. Then clear the cache on your server so it loads new files to clear old redirects and check again.

The advance search did not show up in the audit so it may just be a cache issue.

You also need to remove any links to none SSL sites even ones to images or icons. These 2 both are not SSL

Links and Resources

 

Link to comment
Share on other sites

There are two configure.php files. Change all mention of "http:" to "https:" including the HTTP_ entries.

If you have add-ons for banners, etc., you might have to change hard-coded "http:" to "https:". Note that this should be only for your site's links, not for other sites. The easiest way to search is to have a copy of your files on your PC (as a backup, if nothing else). On Linux, grep for http:, and on Windows, findstr for http:.

Finally, once your site is producing nothing but https: internal links, your .htaccess (or the equivalent) should redirect incoming http: addresses to https:. An example:

RewriteEngine On
RewriteCond  %{HTTPS} !on  [OR]
RewriteCond  %{HTTP_HOST}  !^www\.  [NC]
RewriteRule  ^(.*)$  https://www.yoursite.com/$1  [R=301,L]

This assumes you want "www." on your domain name, and that you're not using any subdomains. If either is not true, this code will have to be adjusted.

Link to comment
Share on other sites

I have fixed quite a few of these now, and if I scan the site using https://www.jitbit.com/sslcheck/  it shows the recurring link most commonly to be the

advanced_search_result.php

If it is not in the file itself, why does it show as insecure?

As far as the cache, we do not have it enabled under settings.

 

 

advanced_search_result.php

Link to comment
Share on other sites

The error states line 122 in index.php is using a form that links to a http link now this is not stock as far as I know so may be to do with a addon you are using but look for quick_find and the link shown and fix it.

<!-- product search -->

<form name="quick_find" action="http://www.bibbtool.com/advanced_search_result.php" method="get"><div id="search"><div><h4 id="search_title">PowerSearch</h4><input type="text" name="keywords" size="20" maxlength="30" value="Keyword(s) or model no." style="margin: 0px; padding: 0px; float: left;" onclick="if (this.value == 'Keyword(s) or model no.') { this.value=''};" /><input type="image" src="includes/languages/english/images/buttons/button_quick_find.gif" alt="PowerSearch" title=" PowerSearch " style="float: right; margin-left: -2px;" />(<a href="http://www.bibbtool.com/advanced_search_result.php"><b>Advanced Search</b></a>)<br style="clear:both;" /></div></div></form>
<!-- / product search -->

<!-- product_filter_box_bof //-->

 

Link to comment
Share on other sites

Code Design Error haraldpdl

Problem in $connection function argument

tep_href_link function ($ page = '', $ parameters = '', $ connection = 'NONSSL', $ add_session_id = true, $ search_engine_safe = true) {

}

He's not needed
Enough to use ENABLE_SSL = true in includes / configure.php

In file includes/functions/html_output.php

for function tep_href_link argument $connection = 'SSL'

and replace code

    if ($connection == 'NONSSL') {
      $link = HTTP_SERVER . DIR_WS_ADMIN;
    } elseif ($connection == 'SSL') {
      if (ENABLE_SSL == true) {
        $link = HTTPS_SERVER . DIR_WS_HTTPS_ADMIN;
      } else {
        $link = HTTP_SERVER . DIR_WS_ADMIN;
      }
    } else {
      die('</td></tr></table></td></tr></table><br /><br /><font color="#ff0000"><strong>Error!</strong></font><br /><br /><strong>Unable to determine connection method on a link!<br /><br />Known methods: NONSSL SSL<br /><br />Function used:<br /><br />tep_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</strong>');
    }

to

    if ($connection == 'SSL') {
      if (ENABLE_SSL == true) {
        $link = HTTPS_SERVER . DIR_WS_HTTPS_ADMIN;
      } else {
        $link = HTTP_SERVER . DIR_WS_ADMIN;
      }
    } else {
      die('</td></tr></table></td></tr></table><br /><br /><font color="#ff0000"><strong>Error!</strong></font><br /><br /><strong>Unable to determine connection method on a link!<br /><br />Known methods: NONSSL SSL<br /><br />Function used:<br /><br />tep_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</strong>');
    }

This will eliminate all NONSSL in the catalog code.

Link to comment
Share on other sites

Even easier is to change the two configure.php files to tell them to use https: for everything, including HTTP_ entries. That way, everything using tep_href_link() automatically ends up with https: (SSL), with no code editing.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...