Jump to content

Archived

This topic is now archived and is closed to further replies.

SirPsycho

OsC not using secure (SSL) https for checkout

Recommended Posts

Oupss, sorry. The shop is here: http://www.dharmaling.info/shop/catalog/index.php

OK, when I look at the source for the main page (in plain old http) I find...

 

<base href="https://www.dharmaling.info/shop/catalog/">

 

So, either you've got the configure.php file set wrong or you're on a confused server. This server problem seems to happen fairly often.

 

Post the includes/configure.php file


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

Ok. Done. Here is my config.php (catalog/include):

<?php
 define('HTTP_SERVER', 'http://www.dharmaling.info'); 
 define('HTTPS_SERVER', 'https://www.dharmaling.info'); 
 define('ENABLE_SSL', 'true'); 
 define('HTTP_COOKIE_DOMAIN', 'www.dharmaling.info');
 define('HTTPS_COOKIE_DOMAIN', 'www.dharmaling.info');
 define('HTTP_COOKIE_PATH', '/shop/catalog/');
 define('HTTPS_COOKIE_PATH', '/shop/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/shop/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/shop/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/homepages/XXXXXXXXXX/htdocs/dharmaling/shop/catalog/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'XXXXXXX'); 
 define('DB_SERVER_USERNAME', 'XXXXXX');
 define('DB_SERVER_PASSWORD', 'XXXXXXXX');
 define('DB_DATABASE', 'XXXXXXXX');
 define('USE_PCONNECT', 'false'); 
 define('STORE_SESSIONS', 'mysql');
?>

The link to the catalog is: http://www.dharmaling.info/shop/catalog/index.php

 

Thank you for your help :)

Share this post


Link to post
Share on other sites

That's better, at least the http page is OK. The log in is still flakey though.

 

I've not seen exactly this before but follow the little edit in GLK's post in this thread and see what happens.

 

http://forums.oscommerce.com/index.php?showtopic=72486&st=10

 

I've got a 1&1 account with the ssl set up that you have (Geotrust) and it works without this fix but it's worth a shot. The base ref should cut to https when going to log in.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

You didn't end up with an extra configure.php file in incudes/local when you reinstalled, right?


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

No, I don't have any extra config in includes/local...

 

About the mix in language, it seems to be only on some product pages. This ms2 is coming from the oscommerce-fr.info... :rolleyes:

 

Ah, yes!! I went to change the file "application_top" as explained here: http://forums.oscommerce.com/index.php?showtopic=72486&st=10 and now, the images do appear!! :D But but but... the lock doesn't appear in https!?! :huh:

 

I have a spell on my web site! <_<

Share this post


Link to post
Share on other sites

Odd.

 

I get the padlock but no images on the log in page. But this comes up just fine directly.

 

https://www.dharmaling.info/shop/catalog/im...round_login.gif

 

Set the images folder permissions to 777


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

Further to that last post. Clicking on the link brings up a "permission" denied error but if you add a space after the address and hit return the image loads. This is an old trick to get around some hot linking protection. You don't have hot linking disabled somewhere through an .htaccess file or elsewhere do you?

 

Some people have had this problem when they had hot linking protection set. The system sees the https calls as a foreign server.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites
You don't have hot linking disabled somewhere through an .htaccess file
Aha! That can be... Here is the content of my .htaccess file in web root:
RewriteEngine on  
RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?dharmaling.info/.*$ [NC] 
RewriteRule \.(gif|jpg)$ - [F]

Anything wrong?

Share this post


Link to post
Share on other sites
You don't have hot linking disabled somewhere through an .htaccess file
Aha! That can be... Here is the content of my .htaccess file in web root:
RewriteEngine on ?
RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?dharmaling.info/.*$ [NC] 
RewriteRule \.(gif|jpg)$ - [F]

Anything wrong?

I'm not expert on this stuff but I'd add this line.

 

RewriteCond %{HTTP_REFERER} !^https://(www\.)?dharmaling.info/.*$ [NC]

 

or maybe

 

RewriteCond %{HTTPS_REFERER} !^https://(www\.)?dharmaling.info/.*$ [NC]

 

Or just rename the file for now and see if your problems go away. Make it xtaccess.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

My problem is solved! Thank you all for your precious help :)

I just added one line in the .htaccess file displayed some post above:

RewriteCond %{HTTP_REFERER} !^https://www.dharmaling.info/.*$ [NC]

And now it "allows" the images to display!

Pfffiu!

Thanks again :)

Share this post


Link to post
Share on other sites

I tried everything changing the configure files in the admin/includes and /includes folders, and I can not get my checkout page to show the SSL lock. I have no configure file in the local folder. The SSL works fine, and if i set the HTTP_SERVER to https:// it works, but I only want a secure checkout. Anybody have any ideas?

 

Here is my /includes/configure.php

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.urbanhutdesign.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://ssl.perfora.net/urbanhutdesign.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'urbanhutdesign.com');

define('HTTPS_COOKIE_DOMAIN', 'urbanhutdesign.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/kunden/homepages/22/d101766819/htdocs/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'db94.perfora.net'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'dbo103108840');

define('DB_SERVER_PASSWORD', 'urbanhut');

define('DB_DATABASE', 'db103108840');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

define('STS_START_CAPTURE', DIR_WS_INCLUDES . 'sts_start_capture.php');

define('STS_STOP_CAPTURE', DIR_WS_INCLUDES . 'sts_stop_capture.php');

define('STS_RESTART_CAPTURE', DIR_WS_INCLUDES . 'sts_restart_capture.php');

define('STS_TEMPLATE_DIR', DIR_WS_INCLUDES . 'sts_templates/');

define('STS_DEFAULT_TEMPLATE', DIR_WS_INCLUDES . 'sts_template.html');

define('STS_DISPLAY_OUTPUT', DIR_WS_INCLUDES . 'sts_display_output.php');

define('STS_USER_CODE', DIR_WS_INCLUDES . 'sts_user_code.php');

define('STS_PRODUCT_INFO', DIR_WS_INCLUDES . 'sts_product_info.php');

 

?>

Share this post


Link to post
Share on other sites

Oh man... :blink:

 

The never ending thread...

 

Lemmee have a look.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

Woohoo, thanks AlanR, you are a genius.

 

Just had to add

// set the type of request (secure or not)

// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

to application_top.php

Share this post


Link to post
Share on other sites

×