Jump to content

Archived

This topic is now archived and is closed to further replies.

SirPsycho

OsC not using secure (SSL) https for checkout

Recommended Posts

Yesterday I installed an SSL cert on my site and changed the configure.php file to:

 

define('HTTP_SERVER', 'http://acehighsupply.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://acehighsupply.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'acehighsupply.com');

define('HTTPS_COOKIE_DOMAIN', 'acehighsupply.com');

 

However, OsC does not direct to a secure page at any point during checkout (or login, or anything else). The SSL cert works just fine - you can just add the "s" to http on any page and it works.

 

Is there something I am missing? Why is OsC not directing to https pages?

 

Obviously (from above), the site is http://acehighsupply.com

 

Thanks for the help!!

Share this post


Link to post
Share on other sites

i would double check the configure.php file, as when i go to the secure site, there is no problem. when i go to where it should switch to secure, it does not, therefore i think your acehighsupply.com/includes/configure.php file is incorrect.


John Oligario

 

Knowledge Base Contributions

Share this post


Link to post
Share on other sites

Thanks for the reply Mibble.

 

Below is my full configure.php file directly from the server (this is not from my computer, I made sure to get the file that is off the server). Do you see anything wrong with it?

 

<?php

/*

$Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://acehighsupply.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://acehighsupply.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'acehighsupply.com');

define('HTTPS_COOKIE_DOMAIN', 'acehighsupply.com');

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

?>

Share this post


Link to post
Share on other sites

Not for sure if this will get it, but you might want to try changing:

 

define('DIR_FS_CATALOG', dirname('/home/TYPE_ACCOUNT_USERNAME_HERE/public_html/');

 

Of course, your path may be a little different...

Share this post


Link to post
Share on other sites

Thanks for the tip . . .

 

I tried it, but it didn't seem to affect anything. Checkout is still not using https.

 

Hmmm . . . this thing has me beating my head against the wall! There should be no reason why it shouldn't work, right? Anyone else see anything that needs to be done?

Share this post


Link to post
Share on other sites

Here is acehighsupply.com/admin/includes/configure.php:

 

 

 

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2002 osCommerce

 

Released under the GNU General Public License

*/

 

// define our webserver variables

// FS = Filesystem (physical)

// WS = Webserver (virtual)

define('HTTP_SERVER', ''); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', '');

define('HTTPS_CATALOG_SERVER', '');

define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', 'http://www.acehighsupply.com/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', '');

define('DB_SERVER_USERNAME', 'mysql');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', '');

?>

Share this post


Link to post
Share on other sites

Ok,

 

Change:

define('HTTP_SERVER', ''); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', '');

define('HTTPS_CATALOG_SERVER', '');

define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module

 

to:

define('HTTP_SERVER', 'https://acehighsupply.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'https://acehighsupply.com');

define('HTTPS_CATALOG_SERVER', 'https://acehighsupply.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

and

 

define('DIR_WS_CATALOG', 'http://www.acehighsupply.com/');

 

to

 

define('DIR_WS_CATALOG', 'http://acehighsupply.com/');

 

Hopefully that will help, I don't know :)

Share this post


Link to post
Share on other sites

Thanks again for the help.

 

Still no go :(

 

Here is the admin/includes/configure.php now:

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2002 osCommerce

 

Released under the GNU General Public License

*/

 

// define our webserver variables

// FS = Filesystem (physical)

// WS = Webserver (virtual)

define('HTTP_SERVER', 'https://acehighsupply.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'https://acehighsupply.com');

define('HTTPS_CATALOG_SERVER', 'https://acehighsupply.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', 'http://acehighsupply.com/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', '');

define('DB_SERVER_USERNAME', 'mysql');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', '');

?>

Share this post


Link to post
Share on other sites

They should be. Especially since you would want to download your orders using your SSL connection, so if all the links are http:// inside your admin, that's frustrating too.

 

...scratching head.....

Share this post


Link to post
Share on other sites

You may want to try one more thing:

 

chage in admin/includes/configure.php

 

define('DIR_WS_CATALOG', 'http://acehighsupply.com/');

 

to

 

define('DIR_WS_CATALOG', '/');

 

After that, I am all out of ideas. Maybe someone else can help us.

Share this post


Link to post
Share on other sites

This is the first time I've seen this particular problem. Lots of ssl questions but never this one.

 

I've poked around a little in the code to see what might cause this but some we'll need to change a few things to test and see where the problem is.

 

I don't have time now, but late today or tommorrow I can give you a couple lines to change to isolate the problem. Check any work you've done that might have affected this. If you don't have luck by tomorrow then bump this thread.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

If you are running off your own computer,and you use apache could you provide your ssl.conf file to us to see. It seems like its a server setup problem. And to much focus is on your osc config files as they look fine from the start. Also your server needs to be started in ssl mode if apache.

Share this post


Link to post
Share on other sites

On my system, when the customer is looking at my products its not protected, only when they login or check out it displays the ssl lock. It will switch between protected and not as you move around. I don't understand why admin needs ssl proctection as you only have access to it. My live shop is at http://realhomeandgarden.com please no fake orders as it a live shop.

Share this post


Link to post
Share on other sites
I don't understand why admin needs ssl proctection as you only have access to it.

What's the point of having SSL if you don't download your customers orders over a SSL secure connection?

Share this post


Link to post
Share on other sites

Sorry, I was out backpacking the last couple days so I couldn't continue this discussion . . .

 

Anyway, I am still at square one. Nothing has changed, which means OsC does not go to a secure page for checkout or login.

 

chrislundberg - i don't want the product pages secure, just the usual checkout and login pages . . . just like OsC is supposed to work.

 

Also, I am not running this from a local computer. On the server, there is no ssl.conf file. There is a an ssl.conf folder - (root of the server)/ssl.conf/acehighsupply.com/ Within that directory, there are two files. One is the key (server.key) and the other is the cert (server.crt). Both are fine since SSL works on the site - OsC just doesn't use it.

 

Thanks to everyone for their help. Hopefully, this will be figured out soon!

 

Anyone have any new ideas?

Share this post


Link to post
Share on other sites
Thanks to everyone for their help.  Hopefully, this will be figured out soon!

 

Anyone have any new ideas?

Did you ever set this:

 

define('DIR_FS_CATALOG',

dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));

 

correctly?

 

If you don't know what it should be drop a file named phpinfo.php

 

with these three lines

 

<?
phpinfo();
?>

 

in your catalog folder and post back after you've done it.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

OK, the line should be:

 

define('DIR_FS_CATALOG', '/hsphere/local/home/sirpsych/acehighsupply.com/');

 

oops, no catalog, you're in root. :(


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

Here is my configure.php file from /includes/configure.php after the changes I have made from this thread.

 

The site still runs just fine, but there is still no switch over to a secure site during login or checkout

 

 

<?php

/*

$Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://acehighsupply.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://acehighsupply.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'acehighsupply.com');

define('HTTPS_COOKIE_DOMAIN', 'acehighsupply.com');

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/hsphere/local/home/sirpsych/acehighsupply.com/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

?>

Share this post


Link to post
Share on other sites

You've got exactly the same problem as this guy.

 

http://forums.oscommerce.com/index.php?showtopic=95438

 

So when we figure out one we'll figure them both out. I've seen a lot of problems with ssl but this is a first and seemingly so simple. I'm trying to figure out why html_output.php is not setting up the right links.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

×