Jump to content

Archived

This topic is now archived and is closed to further replies.

prosat

problem with no padlock on ssl

Recommended Posts

I have ssl installed and i use oneandone as a host with a shared ssl via sslrelay.com

i can not get the padlock to show at all. :huh:

i have tried some suggestions posted earlier.

none seem to work for me.

any help would be apreciated

www.solutionspoint.co.uk

p.s. i'm a bit of a newbie, so be plain and simple with your responses.... thank you. :rolleyes:

Share this post


Link to post
Share on other sites

Greetings,

 

I'm having the exact same problem, and I'm also on 1&1's Professionals package. I'm using the exact same SSL proxy server as you. lol

 

Check my thread on the same subject: http://forums.oscommerce.com/index.php?showtopic=72437

 

I haven't had any joy, as yet... but I'm messing around with my /includes/application_top.php because I think it's something to do with:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

So far I've tried the following alternatives:

 

  $request_type = ($HTTP_SERVER_VARS['SERVER_PORT'] == 443) ? 'SSL' : 'NONSSL';
 $request_type = ($HTTP_SERVER_VARS["HTTPS"] == 'on') ? 'SSL' : 'NONSSL';
 $request_type = ($GLOBALS["SERVER_PORT"] == 443) ? 'SSL' : 'NONSSL';

 

If you goto my shop http://www.recordlounge.co.uk/shop/ and goto checkout, you'll notice that the padlock flicks on and then turns off. Try the same on your checkout, if you hit refresh a few times you'll see what I mean.

 

This is kind of urgent for me. There are also two other threads on the same subject currently:

http://forums.oscommerce.com/index.php?showtopic=72437

http://forums.oscommerce.com/index.php?showtopic=72477

 

Hope we can resolve this soon.

 

 

Jondab

Share this post


Link to post
Share on other sites
place all your images in your secure site folder . . .

Which "secure site folder"? My FTP doesn't show up any secure site folder.

 

The way our SSL works is that it simply maps a subdom (alias) of my main dom to a virtual directory on an SSL proxy server.

 

ie. http://secure.recordlounge.co.uk maps to https://sslrelay.com/secure.recordlounge.co.uk

 

But in FTP, there is no "secure" subdir like on btinternet, etc. It simply runs the entire site through this SSL proxy to secure it.

 

The problem we're having is that for some reason, when we changeover servers to sslrelay.com, the img src's all revert back to http, thereby leaving us with a bunch of mixed content and no padlock.

 

Please elaborate on what you meant? Thanks.

Share this post


Link to post
Share on other sites

Ok, got it fixed. :D

 

The fix for oneandone hosting with shared SSL is as follows:

 

backup your /includes/application_top.php by making a duplicate copy.

 

edit your /includes/application_top.php

 

Find this code (at around line 41):

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Comment out the existing getenv() command with "//" and add the following one, like so:

 

// set the type of request (secure or not)
//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
 $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

Make sure you haven't got any spare lines after the last "?>" line on the page.

 

Save the file, upload it (overwrite the old file in /includes/).

 

Try your checkout now.

 

Hope this works for you, too. B)

 

Thanks to Emerson in this thread for the fix.

 

Peace.

Share this post


Link to post
Share on other sites

THANKYOU THANKYOU THANKYOU

 

I have been searching for this solution for ages, no matter what I tried in my configure.php I just could make my images secure (hence loss of padlock)

 

THANKS AGAIN!! :D :D

Share this post


Link to post
Share on other sites

I'm confused by your posts. Doesn't the padlock just come on when you actually do something like a secure payment? if you do payments like PayPal or bank transfer they don't need SSL as PayPal handles it itself and the Bank Payment (it is argued) doesn't need it as it only dispay a bank account number? Isn't only when you use credit cards directly that you need it?

 

You don't need it when displaying pages outside checkout??


Kym

Projects Director @ ozEworks.com

Share this post


Link to post
Share on other sites

As I understand it, the padlock ensures that all data sent between the server & the end user is encrypted and therefore cannot be intercepted & read

 

Therefore it is useful to have the SSL on when logging in to an account so that usernames & passwords cannot be intercepted & abused

 

After all would you like someone to be able to log in as you and view/edit your address and other personal details?

 

Its there to protect ANY sensitive data, not just your credit card number

Share this post


Link to post
Share on other sites
edit your /includes/application_top.php

 

Find this code (at around line 41):

// set the type of request (secure or not)
?$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Comment out the existing getenv() command with "//" and add the following one, like so:

 

// set the type of request (secure or not)
// ?$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
?$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

// set the type of request (secure or not)
 $request_type = (getenv('//') == 'on') ? 'SSL' : 'NONSSL';

// set the type of request (secure or not)
//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
 $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

that's not how it should look should it?

Share this post


Link to post
Share on other sites
arent you just forcing the 'padlock' to display, yet still not really a secure site?

No

 

After making this modification I loaded a 'secure' page and then checked the Privacy Report, and all image URLs were called from my SSL webspace NOT my normal HTTP webspace as before

 

That was the problem, for the Padlock to remain there, every single item on the entire page has to be secure, if you have 1 image that isn't you lose the padlock... this mod fixes that problem

Share this post


Link to post
Share on other sites

:P This also worked for me! I've been trying to figure this one out for a while, I was already searching for a different webhost instead of Yahoo, but this works with them too!

 

 

I also need to add to my post that OsCommerce is awesome! I don't have everything up and running yet, but from what I've seen so far, this is an amazing product.

 

If anybody has any questions about setting this up on Yahoo. Email me. :D


9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard)

 

Replace that and you're fine...

Share this post


Link to post
Share on other sites

Hi,

 

I came here looking for the answer to my problems and this thread fixed it! Thanks!

 

However, (and I'm also using oneandone webhosting), I found that I had to alter the code subtly to get it to work.

 

I had to change this:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

to this:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'NONSSL' : 'SSL';

 

Hope this helps someone :D

Share this post


Link to post
Share on other sites
Ok, got it fixed. :D

 

The fix for oneandone hosting with shared SSL is as follows:

 

backup your /includes/application_top.php by making a duplicate copy.

 

edit your /includes/application_top.php

 

Find this code (at around line 41):

// set the type of request (secure or not)
?$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Comment out the existing getenv() command with "//" and add the following one, like so:

 

// set the type of request (secure or not)
// ?$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
?$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

Make sure you haven't got any spare lines after the last "?>" line on the page.

 

Save the file, upload it (overwrite the old file in /includes/).

 

Try your checkout now.

 

Hope this works for you, too. B)

 

Thanks to Emerson in this thread for the fix.

 

Peace.

WHat a relief! I'm with 1and1.com server and have been messing with my configs for months now, puzzled with the lack of padlock in https. I just want to thank you for your fix. After following your directions, I finally got my padlock in needed secure areas of my catalog. Thank You VERY MUCH!!

 

Peace To You Too,

 

Lisa (GLK)


GLK

Share this post


Link to post
Share on other sites
Hi,

 

I came here looking for the answer to my problems and this thread fixed it! Thanks!

 

However, (and I'm also using oneandone webhosting), I found that I had to alter the code subtly to get it to work.

 

I had to change this:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

to this:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'NONSSL' : 'SSL';

 

Hope this helps someone  :D

THIS HAS FIXED MY PROBLEM!!!!!!

 

YEPPY!!!!!!

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'NONSSL' : 'SSL';

 

 

The Colors Have to match up inorder for this to work correctly

 

the http = NONSSL

the https = SSL

 

GET IT

GOT IT

GOOD!

Share this post


Link to post
Share on other sites

HI All,

 

I am having trouble getting this to work. i am too on 1&1.

 

I have changed the line at mention in the application top. but i still do nto get to see the padlock, if i refresh the screen on my login page it will show just for a second. but then it disappears, and i get the message to say it is switching between secure and non secure...

 

please could someone assist me with what else pages i need to make changes,.. i am using the osCommerce 2.2-MS2 version

Share this post


Link to post
Share on other sites
edit your /includes/application_top.php

 

Find this code (at around line 41):

 

CODE 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Comment out the existing getenv() command with "//" and add the following one, like so:

 

CODE 

// set the type of request (secure or not)

//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

 

Dear Genius,

 

It could be something you're doing wrong or something your server has or hasn't done.

 

If the error points to you:

 

1 - If you're confident you inserted this additional code properly in the right php file ( application_top.php) in your CATALOG/INCLUDES/, and you still don't get the padlock in https, you might have some pointers wrong in your CATALOG/INCLUDES/CONFIGURE.php file.

 

2 - Make sure you did not configure "persistent connection" to the SSL server because it's shared. With shared SSLs, you configure that to False in your configure.php file.

 

3- Make sure you have properly set up your SQL and your SSL from within your CPanel in admin.1and1.com

 

 

If the error points server-side:

I literally wasted a couple of months - to the point where I had daffed myself out with code :wacko: trying to blindly configure my installation. I'm new to coding, much less to php. So, if I knew what I was looking for, I might have possibly noticed much sooner that my SSL Proxy-side was not working at all, all along. I realized this only AFTER I was confident I had configured both CONFIG files correctly (with help here). That's then it dawned on me, the Proxy SSL was simply DOA! - 1and1.com had never installed it for my site!

 

So.... what I suggest... Start with TESTING YOUR SSL SITE...

visit the SSL url they gave you from your http://admin.1and1.com CPanel, SSL section, (ie; http://ssl.perfora.net/your_website.com) and see if you link successfully and with a visible, constant padlock in all pages. If you do, then it's something you're doing wrong. But if instead you get a white page with big fat red letters telling you "ERROR, SSL PROXY NOT CONFIGURED", then contact the server's support ASAP and tell them you're getting this error page. They have to get the SSL site going for you.

 

Good Luck

 

Lisa (glk)


GLK

Share this post


Link to post
Share on other sites

HI Lisa,

 

Thank you for your feedback, i have managed to solve it, basically i have the header tags module installed and in my header tags i had defined the

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

twice.. so that's why i could not see the padlock..

 

now for the next tackle, the message i get when i switch between secure and non secure pages..

Share this post


Link to post
Share on other sites

Hi Genius,

 

Just saw your post. I don't know if you've solved the broser's transition popup message you get when from http to https. I thought I'd pass on what I was told.

 

If even one link on any page comes from the non-secure side (http server), the message will pop up. To solve this, either store all files linked on site pages (ie; gifs, jpgs, docs) on the https secure server instead of your http server, OR

make sure ALL html hard-coded links of these files are not definitive - In other words, search the source of your relative php files and instead of them pointing to

links like:

 

--- ie; http://www.yoursite/images/image.gif

 

make them:

 

--- images/image.gif .

 

I haven't tried this yet but I will be getting to it. Anyway, I am closer to a newbie than anything else here, so please clarify info with the experts here or run a search on this subject. I only repeated what I found out by searching this forum.

 

Regards

 

Lisa B)


GLK

Share this post


Link to post
Share on other sites

Hey Genius Just wanted you to know your not Alone I got the same problem also using 1and1 ;(. If you hear of anything from anyone else one how to fix it please let me know. I'm checking my config file and then I'm gona come back and look sum more but so far I get the Lock and the bang its gone . Admin has the lock all the time but the box on the left says not using SSL ???? Odd weird ????

 

Lucky us!

Share this post


Link to post
Share on other sites

Hi GregMelson,

 

well it's good to know that someone out there makes out life a little bit more stressful then it is already :)...

 

Anyways.. as for your padlock issue,, check for any files or pages that may be related to your ssl pages ( eg login.php file -- see if it is calling any other pages )..

 

like i said my problem was it was calling

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

twice.. have a look in your includes/header.php may be there is an extra code refering to that.

------

 

~Hi ya Lisa,

 

Thanks for your tip, not sure why i still get the message check all what you have said and still no joy... but hoping to crack it soon.

 

ta.

Share this post


Link to post
Share on other sites
Hi,

 

I came here looking for the answer to my problems and this thread fixed it! Thanks!

 

However, (and I'm also using oneandone webhosting), I found that I had to alter the code subtly to get it to work.

 

I had to change this:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

to this:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'NONSSL' : 'SSL';

 

Hope this helps someone? :D

THIS HAS FIXED MY PROBLEM!!!!!!

 

YEPPY!!!!!!

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'NONSSL' : 'SSL';

 

 

The Colors Have to match up inorder for this to work correctly

 

the http = NONSSL

the https = SSL

 

GET IT

GOT IT

GOOD!

Everyone ----

Please be careful on changing the 'SSL' : 'NONSSL' around as noted here! I did this trying to fix my issue of the padlock disappearing and after I completely ripped my store apart and still not working, I reverted back to the original coding and everything worked.

 

SOOOO please be careful and if you have tried this and it's still not working for you, revert it back and see if this fixes it. Then start looking into pointers going to NonSecure areas.

 

:D :rolleyes:

Share this post


Link to post
Share on other sites

×