Adam_Maynard Posted December 31, 2018 Share Posted December 31, 2018 I am trying to get an old site fully https secure, And after installing the SSL Certs it still shows not fully secure (due to some links being http). Many of the links on the page source are still http, and after changing them in the .php files and the sitemap they still show the same. Also, now we seem to be having trouble with our shopping cart not adding products when customer tries to add to cart, and it forgets the customers password next time they try to log in. Our Site is: https://www.bibbtool.com/ I could really use some help or advice, I am fairly new to all this. Appreciate any help. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted December 31, 2018 Share Posted December 31, 2018 For SSL there is no short-cut you have to check all your code for http and cange it to https for all links in the code. Use the browser inspect tool to check for any mixed content. Mixed Content: The page at 'https://www.bibbtool.com/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://www.bibbtool.com/advanced_search_result.php'. This endpoint should be made available over a secure connection. a simple audit shows all these pages have issues. Fix those and you should be ok. You can check again using this tool. https://www.jitbit.com/sslcheck/ The password could be related so fix the SSL first abd check all redirects and see what you get. Also check your error log to see if it holds any clues. Pages with unsecure content: https://www.bibbtool.com/ ? https://www.bibbtool.com/login.php?osCsid=5ktp19tuahuh8l2vin83ncqog4 ? https://www.bibbtool.com/help.php?osCsid=5ktp19tuahuh8l2vin83ncqog4 ? https://www.bibbtool.com/account.php?osCsid=5ktp19tuahuh8l2vin83ncqog4 ? https://www.bibbtool.com/all_manufacturers.php ? https://www.bibbtool.com/bandsaw_blades.php ? https://www.bibbtool.com/coldsaw_blades.php ? https://www.bibbtool.com/password_forgotten.php?osCsid=5ktp19tuahuh8l2vin83ncqog4 ? https://www.bibbtool.com/create_account.php?osCsid=5ktp19tuahuh8l2vin83ncqog4 ? https://www.bibbtool.com/login.php?osCsid=asmg2n3io6gb5da18sign3a7d4 ? https://www.bibbtool.com/help.php?osCsid=asmg2n3io6gb5da18sign3a7d4 ? https://www.bibbtool.com/account.php?osCsid=asmg2n3io6gb5da18sign3a7d4 ? https://www.bibbtool.com/freud-m-157.html?page=2&sort=2a&osCsid=5ktp19tuahuh8l2vin83ncqog4 ? https://www.bibbtool.com/freud-m-157.html?page=3&sort=2a&osCsid=5ktp19tuahuh8l2vin83ncqog4 ? https://www.bibbtool.com/freud-m-157.html?page=4&sort=2a&osCsid=5ktp19tuahuh8l2vin83ncqog4 ? https://www.bibbtool.com/freud-m-157.html?page=5&sort=2a&osCsid=5ktp19tuahuh8l2vin83ncqog4 ? https://www.bibbtool.com/freud-m-157.html?page=6&sort=2a&osCsid=5ktp19tuahuh8l2vin83ncqog4 ? Link to comment Share on other sites More sharing options...
Adam_Maynard Posted December 31, 2018 Author Share Posted December 31, 2018 Thank you! So as far as checking the code, do you mean check file by file? Is there any other place to look? Like the advanced_search_result.php , I have changed the file to https in that file, but it still loads as http. So it is pulling the results in from some other place? Again, it is appreciated, thanks! Link to comment Share on other sites More sharing options...
♥JcMagpie Posted December 31, 2018 Share Posted December 31, 2018 Yes you need to manualy check each of the files listed above. Then clear the cache on your server so it loads new files to clear old redirects and check again. The advance search did not show up in the audit so it may just be a cache issue. You also need to remove any links to none SSL sites even ones to images or icons. These 2 both are not SSL Links and Resources Directory of Woodworking - Links to woodworking sites Wood Web Links - A directory of wood related websites organised by subject Link to comment Share on other sites More sharing options...
♥JcMagpie Posted December 31, 2018 Share Posted December 31, 2018 This kind of link needs to be fixed. If any of this is sensative then pm to do it in private. Link to comment Share on other sites More sharing options...
MrPhil Posted December 31, 2018 Share Posted December 31, 2018 There are two configure.php files. Change all mention of "http:" to "https:" including the HTTP_ entries. If you have add-ons for banners, etc., you might have to change hard-coded "http:" to "https:". Note that this should be only for your site's links, not for other sites. The easiest way to search is to have a copy of your files on your PC (as a backup, if nothing else). On Linux, grep for http:, and on Windows, findstr for http:. Finally, once your site is producing nothing but https: internal links, your .htaccess (or the equivalent) should redirect incoming http: addresses to https:. An example: RewriteEngine On RewriteCond %{HTTPS} !on [OR] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L] This assumes you want "www." on your domain name, and that you're not using any subdomains. If either is not true, this code will have to be adjusted. Link to comment Share on other sites More sharing options...
Adam_Maynard Posted December 31, 2018 Author Share Posted December 31, 2018 I have fixed quite a few of these now, and if I scan the site using https://www.jitbit.com/sslcheck/ it shows the recurring link most commonly to be the advanced_search_result.php If it is not in the file itself, why does it show as insecure? As far as the cache, we do not have it enabled under settings. advanced_search_result.php Link to comment Share on other sites More sharing options...
♥JcMagpie Posted December 31, 2018 Share Posted December 31, 2018 The error states line 122 in index.php is using a form that links to a http link now this is not stock as far as I know so may be to do with a addon you are using but look for quick_find and the link shown and fix it. <!-- product search --> <form name="quick_find" action="http://www.bibbtool.com/advanced_search_result.php" method="get"><div id="search"><div><h4 id="search_title">PowerSearch</h4><input type="text" name="keywords" size="20" maxlength="30" value="Keyword(s) or model no." style="margin: 0px; padding: 0px; float: left;" onclick="if (this.value == 'Keyword(s) or model no.') { this.value=''};" /><input type="image" src="includes/languages/english/images/buttons/button_quick_find.gif" alt="PowerSearch" title=" PowerSearch " style="float: right; margin-left: -2px;" />(<a href="http://www.bibbtool.com/advanced_search_result.php"><b>Advanced Search</b></a>)<br style="clear:both;" /></div></div></form> <!-- / product search --> <!-- product_filter_box_bof //--> Link to comment Share on other sites More sharing options...
♥JcMagpie Posted December 31, 2018 Share Posted December 31, 2018 The problem is caused by this add-on it is producing links which are http and not https. Link to comment Share on other sites More sharing options...
ruden Posted January 1, 2019 Share Posted January 1, 2019 Code Design Error haraldpdl Problem in $connection function argument tep_href_link function ($ page = '', $ parameters = '', $ connection = 'NONSSL', $ add_session_id = true, $ search_engine_safe = true) { } He's not needed Enough to use ENABLE_SSL = true in includes / configure.php In file includes/functions/html_output.php for function tep_href_link argument $connection = 'SSL' and replace code if ($connection == 'NONSSL') { $link = HTTP_SERVER . DIR_WS_ADMIN; } elseif ($connection == 'SSL') { if (ENABLE_SSL == true) { $link = HTTPS_SERVER . DIR_WS_HTTPS_ADMIN; } else { $link = HTTP_SERVER . DIR_WS_ADMIN; } } else { die('</td></tr></table></td></tr></table><br /><br /><font color="#ff0000"><strong>Error!</strong></font><br /><br /><strong>Unable to determine connection method on a link!<br /><br />Known methods: NONSSL SSL<br /><br />Function used:<br /><br />tep_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</strong>'); } to if ($connection == 'SSL') { if (ENABLE_SSL == true) { $link = HTTPS_SERVER . DIR_WS_HTTPS_ADMIN; } else { $link = HTTP_SERVER . DIR_WS_ADMIN; } } else { die('</td></tr></table></td></tr></table><br /><br /><font color="#ff0000"><strong>Error!</strong></font><br /><br /><strong>Unable to determine connection method on a link!<br /><br />Known methods: NONSSL SSL<br /><br />Function used:<br /><br />tep_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</strong>'); } This will eliminate all NONSSL in the catalog code. Link to comment Share on other sites More sharing options...
MrPhil Posted January 1, 2019 Share Posted January 1, 2019 Even easier is to change the two configure.php files to tell them to use https: for everything, including HTTP_ entries. That way, everything using tep_href_link() automatically ends up with https: (SSL), with no code editing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.