Quick question regarding SSL and Mixed Content

[chadlly2003]

I am currently getting an error on my checkout page.

Mixed Content: The page at 'https://www.xxxxxx.com/index.php?main_page=login' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://www.xxxxxx.com/index.php?main_page=advanced_search_result'. This endpoint should be made available over a secure connection.


to solve this i changed the following:
File: templates/tpl_header.php

action="<?php echo zen_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'NONSSL', false) ?>"
to
action="<?php echo zen_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'SSL', false) ?>"

The result worked but now when I go to a page that is not secure and add to cart i get the following

"The information you have entered on this page will be sent over an insecure connection and could be read by a third party.
Are you sure you want to send this information?"

I guess my question is what is the best way to solve this issue? Should I make my entire site HTTPS. Are there any pros and cons to that?

If someone could assist me or lead me in the right direction I would greatly appreciate it.

Also how would I make the entire site "https" is that an adjustment in the configuration files?

Chad

[DrByte]

In the case of that particular form, one of many ways to approach this is to change replace 'NONSSL' with $request_type

[chadlly2003]

<form name="quick_find_header" action="<?php echo zen_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'NONSSL', false) ?>" method="get" class="form-inline form-search pull-right">

changed to

<form name="quick_find_header" action="<?php echo zen_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', '$request_type', false) ?>" method="get" class="form-inline form-search pull-right">

But I get an error -- am i misunderstanding this?

Error!
Unable to determine connection method on a link!
Known methods: NONSSL SSL

[frank18]

<form name="quick_find_header" action="<?php echo zen_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'NONSSL', false) ?>" method="get" class="form-inline form-search pull-right">

changed to

<form name="quick_find_header" action="<?php echo zen_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', '$request_type', false) ?>" method="get" class="form-inline form-search pull-right">

But I get an error -- am i misunderstanding this?

Error!
Unable to determine connection method on a link!
Known methods: NONSSL SSL

'$request_type' should be $request_type (without the single quotes)

[chadlly2003]

I made the change ---- '$request_type' should be $request_type (without the single quotes) and it seems to work. The issue I am having -- when i am in HTTPS and do a search I kind of fall into the loop because of the $request_type.

When I do a search from am https and click add to cart the error comes back up.
Is there a way that when I do a search it automatically goes to http. Almost like a redirect. This would solve my issue but I am not sure if I am on the right track. If someone has a solution or a recommendation i would greatly appreciate it.

[chadlly2003]

the only solution I could come up with in reference to the advance search only use http: rather than https:


file edited was: tpl_header.php.

I changed the action field. I know that is not the best solution but it works. Does anyone else have a better recommendation

Code:

<form name="quick_find_header" action="//xxxxxx.com/index.php?main_page=advanced_search_result" method="get" class="form-inline form-search pull-right">

                                    <?php 

                                        echo zen_draw_hidden_field('main_page',FILENAME_ADVANCED_SEARCH_RESULT);

                                        echo zen_draw_hidden_field('search_in_description', '1') . zen_hide_session_id();

                                    ?>

                                    <label class="sr-only" for="searchInput">Search</label>

                                    <input class="form-control" id="searchInput" type="text" name="keyword" />

                                    <button type="submit" class="button-search"><i class="fa fa-search"></i><b><?php echo BOX_HEADING_SEARCH ?></b></button>

                                </form>

[mc12345678]

Two solutions I can think of,
The easier is:
Maybe in includes/modules/pages/advanced_search_result/header_php.php

Have your redirect test:
[Code]if ($request_type == 'SSL' && strtolower(substr(HTTP_HOST, 0, 5)) == 'http:') {
zen_redirect(zen_href_link(FILENAME_ADVANCED_SEARCH_RESULT, $parameters, 'NONSSL'));
}[Code]

The other is to repeat the previously suggested action for items associated with the advanced_search_result page.

At the moment I don't have a specific suggestion of where to place the above code, whether before the various checks of whether the customer ought to otherwise be redirected away or not shown particular information.

[DrByte]

[Code]if ($request_type == 'SSL' && strtolower(substr(HTTP_HOST, 0, 5)) == 'http:') {
zen_redirect(zen_href_link(FILENAME_ADVANCED_SEARCH_RESULT, $parameters, 'NONSSL'));
}[Code]

Passing $request_type to zen_href_link() takes care of all that logic.

[mc12345678]

Passing $request_type to zen_href_link() takes care of all that logic.

Meaning that if the current page is loaded SSL that using $request_type again will change it back to NONSSL?
Issue attempting to resolve is for the form on one side to have a reference to a page that is https, but when arriving at the destination page for it to be served as http.

The above logic was to check if the page is https: and if it was then if there is a possible destination that could be http: to go ahead and switch to http:. Now the reason "suggested" to use that code was based on the report of using $request_type on the originating page sent the individual to a SSL page that didn't then fully support SSL. I did no independent testing nor code review and was only treating the symptom with the above suggested code.