problem with no padlock on ssl

[eyetech 0]

Hey every this 1and 1 guys have a great package but the configuration of this OS is getting crazy huh. I have had the same problems as well and if I don't allow my images to come across the site stays secure. How are you placing the images on the secure server with it being shared. Kind of has me stumped..just a note as far as I can tell everything is being called from the root /images/blahblah.gif. I also have the same problems in my admin not having the images show up as well. Any pointers at this point would be appreciated.

 

Thanks in advance..My Webpage

[goring_gap 0]

As anyone sorted out the image problem yet? My head hurts! My site now works fine with the

 

$request_type = (eregi($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

fix, except my images don't display when in secure mode (all images icons, products, everything goes). Any suggests would be most welcome.

 

cheers

Simon

[alexh 0]

Hi,

 

I came here looking for the answer to my problems and this thread fixed it! Thanks!

 

However, (and I'm also using oneandone webhosting), I found that I had to alter the code subtly to get it to work.

 

I had to change this:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

to this:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'NONSSL' : 'SSL';

 

Hope this helps someone :D

woohoo, I have had such a headache over this. Thankyou so much guys!!!

[adiwillow 0]

okay.. the above fixed worked for me as wel.. but with one problem. My CSS is missing !!! Anyone any ideas?

 

website here !

[adiwillow 0]

sorted now ! it was the css link in my sts template.

[wootang 0]

can someone look at this code? I have purchased a non-shared SSl certificate from Geotrust.

 

can you look at this code in configure.php?

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'https://mysite.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://mysite.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL','true'); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'http://mysite.com');

define('HTTPS_COOKIE_DOMAIN', 'https://mysite.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', '/catalog/images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . '/catalog/icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/hsphere/local/home/mysite/mysite.com/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'mydbase.myhost.com'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'mydbase_mine');

define('DB_SERVER_PASSWORD', 'mypassword');

define('DB_DATABASE', 'my_dbase');

define('USE_PCONNECT', 'TRUE'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

[AlanR 3]

Without a real link to your site you're wasting people's time asking them to guess at such a problem.

[siavash 0]

I had no luck with 1&1 shared SSL! encountered all of the previosly mentioned problems. and the remedies above didn't help! Well i have just purchased my GeoTrust QuickSSL. my 1&1 Cpanel says that it is set up. i can't get it to work! apart from changing the config file in includes do i need to do anything else!

 

this is what i have done:

 

define('HTTP_SERVER', 'http://www.me.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://me.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

for https server i have dropped the WWW's as the certificate is given for me.com! but anyway any combinaton of http and https and www with them or without i have tried does not work! problem gotta be somewhere else! is it perhaps that i need to wait to get setup instruction from my host?

[AlanR 3]

I had no luck with 1&1 shared SSL! encountered all of the previosly mentioned problems. and the remedies above didn't help! Well i have just purchased my GeoTrust QuickSSL. my 1&1 Cpanel says that it is set up. i can't get it to work! apart from changing the config file in includes do i need to do anything else!

 

this is what i have done:

 

define('HTTP_SERVER', 'http://www.me.com'); // eg, http://localhost - should not be empty for productive servers
?define('HTTPS_SERVER', 'https://me.com'); // eg, https://localhost - should not be empty for productive servers
?define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

for https server i have dropped the WWW's as the certificate is given for me.com! but anyway any combinaton of http and https and www with them or without i have tried does not work! problem gotta be somewhere else! is it perhaps that i need to wait to get setup instruction from my host?

The fix on page two has worked for everyone else on 1&1. Since their php upgrade it's required for regular ssl (your certificate) as well as shared.

 

Make sure you don't have insecure content on the page (imported images and suchlike).

[Tom1234 0]

After playing with this for a while I still dont have a padlock, my configuration is correct as I believe and I placed the pics that were not secure with the secure reference like this:

https://ssl.perfora.net/silasgroup.com/cata...images/visa.jpg within the php, you can see this if you right click on a pic and go to properties on www.silasgroup.com/catalog (the credit cards on the bottom).

 

my catalog/includes/configure.php is:

define('HTTP_SERVER', 'http://www.silasgroup.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://ssl.perfora.net/silasgroup.com/catalog/'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.silasgroup.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

my catalog/admin/includes/configure.php is:

define('HTTP_SERVER', 'http://www.silasgroup.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.silasgroup.com');

define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/silasgroup.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/homepages/0/d90723395/htdocs/sg/catalog/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/homepages/0/d90723395/htdocs/sg/catalog/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

define('DIR_FS_CATALOG', '/homepages/0/d90723395/htdocs/sg/catalog/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

my catalog/includes/application_top.php is:

// set the type of request (secure or not)

// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'NONSSL' : 'SSL';

 

I really need this done and will pay someone if need be, the time I have spent on this has really exceeded my limit, I need help please.

 

Thanks,

 

Tom

[cyanide 0]

Tom1234 :

First, it would be good if you provided an ssl link on your site.

Anyway, I just pulled this page https://ssl.perfora.net/silasgroup.com/catalog/

 

Have you done any editing of the configure.php page? There looks to be a few things you can do.

My set up is quite a bit different than yours, but here goes:

 

1. Your card logos are not the problem and you shouldn't have needed to manually point them to ssl. The main problem seems to be the base href tag, which is not calling the ssl link.

 

Try these changes ()

2. define('HTTP_SERVER', 'http://www.silasgroup.com/catalog'); This is where your shop appears to reside

3. define('HTTPS_SERVER', 'https://ssl.perfora.net/silasgroup.com/catalog No trailing slash

4. define('HTTPS_COOKIE_DOMAIN', ''); and define('DIR_WS_HTTPS_CATALOG', ''); and define('DIR_WS_HTTPS_CATALOG', ''); are currently empty but can/should be the same as the HTTP entries (right above them)

 

 

(make a copy/backup before editing)

[AlanR 3]

After playing with this for a while I still dont have a padlock, my configuration is correct as I believe and I placed the pics that were not secure with the secure reference like this:

You need the application_top.php mod for 1&1 hosting.

 

http://forums.oscommerce.com/index.php?showtopic=72486&st=10

 

It's now needed for dedicated and shared ssl

[ptrinephi 0]

THIS HAS FIXED MY PROBLEM!!!!!!

 

YEPPY!!!!!!

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'NONSSL' : 'SSL';

The Colors Have to match up inorder for this to work correctly

 

the http = NONSSL 

the https = SSL

 

GET IT

GOT IT

GOOD!

<{POST_SNAPBACK}>

 

Friends,

 

I gotta say this: You people are amazing. Thank you for the fix. It works for me with my Yahoo host.

 

1 quick question though. Phelpsi, you talked about switching NONSSL and SLL. It seems that most the people got it to work one way or the other. In my case I did not have to switch. Any explaination why?

 

BTW, I see a lot of people using ssl links such as https://sslserver.com/mydomain.com, well, what I've done on my site is I created a sub domain called secure.mydomain.com that points to https://sslserver.com/mydomain.com. This way the customer always stays on the same site going between www.mydomain.com and secure.mydomain.com. This actually work pretty good.

[tshabs 0]

Hi there,

 

Thank you so much for your help, this is just what I was looking for however I am still having a problem.

 

I have tried both versions of the fix, when i change to the following in application top:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

My secure pages are fine, but then, all my unsecure pages uses images from secure server (https).

 

My site is located at www.121ink.co.uk

 

I you coulp please help it would be greatly appreciated.

 

Kind Regards,

 

Thomas Shababi.

[fishbone2 0]

Hi,

 

I came here looking for the answer to my problems and this thread fixed it! Thanks!

 

However, (and I'm also using oneandone webhosting), I found that I had to alter the code subtly to get it to work.

 

I had to change this:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

to this:

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'NONSSL' : 'SSL';

 

Hope this helps someone  :D

<{POST_SNAPBACK}>

 

 

THANK YOU SOOOOO MUCH!!!! I couldn't have asked for any easy yet more elusive solution. :thumbsup:

[wheeloftime 0]

THANK YOU SOOOOO MUCH!!!!  I couldn't have asked for any easy yet more elusive solution.  :thumbsup:

<{POST_SNAPBACK}>

 

I didn't have the padlock problem but I tried this tip anyway but it does have one side effect which made me reverse the change immediately. Besides the picture problem I read here there is also a warning after this change when you try to delete a product from the shopping cart by clicking on the update button. Any secure/non secure warning popping up on your webshop will scare customers away forever. Don't use this change unless you have checked *everything* thoroughly for unwanted side effects.

[♥Vger 9]

define('HTTP_SERVER', 'https://www.mysite.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.mysite.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL','true'); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');

define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com');

define('HTTP_COOKIE_PATH', '/catalog');

define('HTTPS_COOKIE_PATH', '/catalog');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

 

define('USE_PCONNECT', 'false');

Vger

can someone look at this code? I have purchased a non-shared SSl certificate from Geotrust.

 

can you look at this code in configure.php?

 

<?php

/*

? osCommerce, Open Source E-Commerce Solutions

? http://www.oscommerce.com

 

? Copyright ? 2003 osCommerce

 

? Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

? define('HTTP_SERVER', 'https://mysite.com'); // eg, http://localhost - should not be empty for productive servers

? define('HTTPS_SERVER', 'https://mysite.com'); // eg, https://localhost - should not be empty for productive servers

? define('ENABLE_SSL','true'); // secure webserver for checkout procedure?

? define('HTTP_COOKIE_DOMAIN', 'http://mysite.com');

? define('HTTPS_COOKIE_DOMAIN', 'https://mysite.com');

? define('HTTP_COOKIE_PATH', '/catalog/');

? define('HTTPS_COOKIE_PATH', '/catalog/');

? define('DIR_WS_HTTP_CATALOG', '/catalog/');

? define('DIR_WS_HTTPS_CATALOG', '/catalog/');

? define('DIR_WS_IMAGES', '/catalog/images/');

? define('DIR_WS_ICONS', DIR_WS_IMAGES . '/catalog/icons/');

? define('DIR_WS_INCLUDES', 'includes/');

? define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

? define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

? define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

? define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

? define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

? define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

? define('DIR_FS_CATALOG', '/hsphere/local/home/mysite/mysite.com/catalog/');

? define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

? define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

? define('DB_SERVER', 'mydbase.myhost.com'); // eg, localhost - should not be empty for productive servers

? define('DB_SERVER_USERNAME', 'mydbase_mine');

? define('DB_SERVER_PASSWORD', 'mypassword');

? define('DB_DATABASE', 'my_dbase');

? define('USE_PCONNECT', 'TRUE'); // use persistent connections?

? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

<{POST_SNAPBACK}>

[remixstore 0]

What about 1and1's dedicated SSL's

 

remixstore.com

 

thanks-

Eric

 

 

 

Ok, got it fixed.  :D

 

The fix for oneandone hosting with shared SSL is as follows:

 

backup your /includes/application_top.php by making a duplicate copy.

 

edit your /includes/application_top.php

 

Find this code (at around line 41):

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Comment out the existing getenv() command with "//" and add the following one, like so:

 

// set the type of request (secure or not)
//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
 $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

Make sure you haven't got any spare lines after the last "?>" line on the page.

 

Save the file, upload it (overwrite the old file in /includes/).

 

Try your checkout now.

 

Hope this works for you, too.  B)

 

Thanks to Emerson in this thread for the fix.

 

Peace.

<{POST_SNAPBACK}>

[♥Vger 9]

What about 1and1's dedicated SSL's

 

Waste of money!

 

Vger

[sputnikinternet 0]

Mr Genius

 

I've been having the same problem, I'm on the verge of resolving it with 2 things.

 

1. I've got some unsecure stuff on my homepage somewhere. I think it might be the codebase macromedia stuff.

2. i've changed the HHTP to point to the secure server as well in Configure

 

Andy

 

Edit: yup, that worked. just took out the extra Macromedia Flash code that Dreamweaver etc sticks in there. Not sure if i've overkilled, but it works!

[sputnikinternet 0]

A better FLASH solution. You can have an https as follows

 

<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"

WIDTH="230" HEIGHT="257" id="movie" ALIGN="">

 

 

....so no need to take the code out

[siavash 0]

i seem to have the problem with SSL again! please read this thread:

 

http://forums.oscommerce.com/index.php?sho...9&st=0&p=506838

 

it doesn't make a difference whether i use the chagne of code in application top or leave it as it originally was the problem is the same. the thing is it was resolved after i applied the fix but just a few days ago when i uploaded some products i noticed the old problem!!! any comments?

 

thanks for help.

[siavash 0]

i wonder if there are others experienceing the same problem identified and discussed above or in my thread here:

 

http://forums.oscommerce.com/index.php?showtopic=126269

 

some argued that the fix proposed in this thread was only to be applied to shared SSL and a dedicated SSL should work fine! on the conterary my site that uses dedicated SSL certificated experienced similar problems! after some deliberation and trial and error and gooling i bumped into a recent bug report that proposed a minor change which solved the problem.

 

to read the bug report click the below link:

http://www.oscommerce.com/community/bugs,1...tions+&+Classes

 

do the following:

 

0. back up! back up! back up!

1. just keep the original code. do not apply the fix in this thread.

2. in your catalog/includes/applucation_top.php around line 40 look for the following line:

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

3. change (getenv('HTTPS') == 'on') to (getenv('HTTPS') == '1')

 

or simply replace that line with this one:

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

with this solution you will be able to see both the padlock and HTTPS in your browsers and you sholdn't get the message that there are secure and unsecure data in the page, etc.

 

it has worked for me nicely.

[matcollins 0]

Hi All,

 

Excuse me if this is a stupid question, but I'm relatively new when it comes to ssl. I have recently installed oscommerce via cpanel and have been given access to a shared ssl by my host. I have entered the url to the ssl host during the setup and the site seems to link to this perfectly. I'm at a loss however as to how it's supposed to render the pages.

 

Should I be copying part of the store files to the ssl ftp and if so which files? I' scoured the site for info on this but haven't been able to find any.

 

Thanks

Matt

[siavash 0]

Hi All,

 

Excuse me if this is a stupid question, but I'm relatively new when it comes to ssl. I have recently installed oscommerce via cpanel and have been given access to a shared ssl by my host. I have entered the url to the ssl host during the setup and the site seems to link to this perfectly. I'm at a loss however as to how it's supposed to render the pages.

 

Should I be copying part of the store files to the ssl ftp and if so which files? I' scoured the site for info on this but haven't been able to find any.

 

Thanks

Matt

<{POST_SNAPBACK}>

 

as far as i know all you need to do for the SSL on Oscommerce to work you need to change the relevant settings in the configure.php file in includes folder. check that the following lines of code in configure.php are properly set:

 

define('HTTPS_SERVER', 'https://www.yourdomain.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

there's no need to upload files to a different (secure) directory, etc. just make the changes and all should work. if you use shared SSL your hosting company has already given you the link to your SSL site i suppose. use that instead of the https://www.yourdomain.com.