SSL works in catalog (sort of??) but not admin

**styledata** · 7 Nov 2012, 09:28 PM

Just migrated over a old ZC 1.3.8 site to a fresh new 1.5.1 site on new hosting company. SSL certificate purchased and installed. It is not working correctly, however (at least in admin), and this is prohibiting me from setting up my paypal pro which is a big problem.

What I am finding is that in the catalog side, only the "account" and "checkout" pages actually get secured. The catalog pages and the shopping cart do not. I think that is correct.... I never noticed that the shopping cart did not get secured on the old site however.

The real issue is in the admin side. The "login" screen is secured, and the first page it lands on is, but nothing after that! So of course I can't setup the payment gateway with the new ZC requirement for the setup to be secured. Even if I put https:// in the URL, it still thinks it is unsecured.

Yes, I ran the fix cache tool a bunch of times. Tried different browsers, too.

Host is godaddy through fastfwd.info. I have another domain with an SSL on a wordpress site and it works great.

My config files are below.

This is a big bump I did not expect and I need to get it fixed today. Hoping someone reads this and has an idea of what I need to do.

admin:
define('HTTP_SERVER', 'http://www.photoimprints.com');
define('HTTPS_SERVER', 'https://www.photoimprints.com');
define('HTTP_CATALOG_SERVER', 'http://www.photoimprints.com');
define('HTTPS_CATALOG_SERVER', 'https://www.photoimprints.com');

// secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_ADMIN', 'true');

// secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_CATALOG', 'true');

non admin includes:
define('HTTP_SERVER', 'http://www.photoimprints.com');
define('HTTPS_SERVER', 'https://www.photoimprints.com');

**styledata** · 7 Nov 2012, 10:37 PM

I have also tried the config file without the www in them, as follows:
admin:
define('HTTP_SERVER', 'http://photoimprints.com');
define('HTTPS_SERVER', 'https://photoimprints.com');
define('HTTP_CATALOG_SERVER', 'http://photoimprints.com');
define('HTTPS_CATALOG_SERVER', 'https://photoimprints.com');

In the hosting panel I ran an SSL validation install and it came up fine. IT is on port 443

**styledata** · 7 Nov 2012, 11:01 PM

Yes, I have changed permissions before edit and then locked it down after each edit. And downloaded the file and checked it. My edits ARE being saved. And, if I manually add the https:// at the beginning of the admin url, such as https://www.photoimprints.com/myadmi...odule=paypaldp
and then click on the SSL lock it says the page IS secured. But zencart thinks it is not.

**styledata** · 8 Nov 2012, 12:22 AM

I have just spent a couple of hours on phone with hosting account. There are NO ISSUES on their end that are causing this. And again, if I force write in https://photoimprints.com/myadmin/mo...odule=paypaldp and click on the link it says the page IS secured. But the https goes away anytime I navigate to another page. And I can't install paypal website payment pro. So... if I can't get ssl working in admin (which I did just fine with for YEARS on the old zencart) can someone help me figure out how to manually add the necessary info to the database? I have the settings from the old zc database. But I don't know which tables and config stuff are involved.

**dbltoe** · 8 Nov 2012, 12:31 AM

Could you post your reNamedAdminFolder/includes/configure.php without the database's username and password?

As to the www versus non-www, it should match the applied SSL. If the SSL was requested for www.whatever, you will need to keep the www.

**styledata** · 8 Nov 2012, 12:45 AM

Thanks for your response. The admin/includes/config.php file is below with actual settings removed. I let the hosting company do the actual install so that all the paths and such would be correct.
I have tried, in the config files, "https:'' and "http:'' and for good measure, no "http" at all, just the domain, which results in a 404. Again, catalog side working fine, just the admin fails. And... it does work on the login page itself, and on the admin/index.php page. But when I navigate away from that page, I am presented with "photomprints.com/admin/anypage". It loses the "http" altogether, much less the "https". My host said that does not matter.

<?php
/**
* @package Configuration Settings circa 1.5.1
* @copyright Copyright 2003-2012 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* File Built by zc_install on 2012-10-05 03:01:04
*/

/*************** NOTE: This file is similar, but DIFFERENT from the "store" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/

/**
* WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
* To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
*/
define('HTTP_SERVER', 'http://photoimprints.com');
define('HTTPS_SERVER', 'https://photoimprints.com');
define('HTTP_CATALOG_SERVER', 'http://photoimprints.com');
define('HTTPS_CATALOG_SERVER', 'https://photoimprints.com');

// secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_ADMIN', 'true');

// secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_CATALOG', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
$t1 = parse_url(HTTP_SERVER);$p1 = $t1['path'];$t2 = parse_url(HTTPS_SERVER);$p2 = $t2['path'];

define('DIR_WS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p1) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p2) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_CATALOG_IMAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'images/');
define('DIR_WS_CATALOG_TEMPLATE', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/templates/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_CATALOG_LANGUAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/languages/');

// * DIR_FS_* = Filesystem directories (local/physical)
define('DIR_FS_ADMIN', realpath(dirname(__FILE__) . '/../') . '/');
//the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
define('DIR_FS_CATALOG', '/home/content/02/9930202/html/');

//the following path is a COMPLETE path to the /logs/ folder eg: /var/www/vhost/accountname/public_html/store/logs ... and no trailing slash
define('DIR_FS_LOGS', '/home/content/02/9930202/html/logs');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
define('DIR_FS_CATALOG_TEMPLATES', DIR_FS_CATALOG . 'includes/templates/');
define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

// define our database connection
define('DB_TYPE', 'mysql');
define('DB_PREFIX', 'zen_');
define('DB_CHARSET', 'latin1');
define('DB_SERVER', 'mydatabasehost.hostedresource.com');
define('DB_SERVER_USERNAME', 'mydatabaseusername');
define('DB_SERVER_PASSWORD', 'mydatabasepassword');
define('DB_DATABASE', 'mydatabase');

// The next 2 "defines" are for SQL cache support.
// For SQL_CACHE_METHOD, you can select from: none, database, or file
// If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
// or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
// ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
define('SQL_CACHE_METHOD', 'none');
define('DIR_FS_SQL_CACHE', '/home/content/02/9930202/html/cache');

// Define the webserver and path parameters
// Main webserver: eg-http://www.your_domain.com -
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
// HTTP_CATALOG_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_CATALOG_SERVER is your Secure webserver: eg-https://www.your_domain.com
/*
* URLs for your site will be built via:
* HTTP_SERVER plus DIR_WS_ADMIN or
* HTTPS_SERVER plus DIR_WS_HTTPS_ADMIN or
* HTTP_SERVER plus DIR_WS_CATALOG or
* HTTPS_SERVER plus DIR_WS_HTTPS_CATALOG
* ...depending on your system configuration settings
*/
// EOF

**Ajeh** · 8 Nov 2012, 01:13 AM

What happens if you change these:

Code:

define('HTTP_SERVER', 'https://www.photoimprints.com');
define('HTTPS_SERVER', 'https://www.photoimprints.com');
define('HTTP_CATALOG_SERVER', 'https://www.photoimprints.com');
define('HTTPS_CATALOG_SERVER', 'https://www.photoimprints.com');

**styledata** · 8 Nov 2012, 01:19 AM

Oh my gosh! That seems to have worked!!!!!!!!! Now whenever I navigate through any admin pages I am getting "https:" in the url. Can you explain what that does? I have never seen any recommendation to do that in zencart before, and I am curious as to why that works.
I am forever grateful....

**Ajeh** · 8 Nov 2012, 01:29 AM

The Admin, at this time, only has secure pages on the Login ...

By changing both the secure and non-secure URLs to be your secure pages, now ALL off the Admin runs as secure ...

**styledata** · 8 Nov 2012, 01:55 AM

Thank you, that makes sense. Curious though, why given the "https" applied to all server settings in the config file, the admin pages are all ssl, and the catalog still is ssl on only account and checkout pages. It seems to me that both would be all ssl. Which I'm glad they are not... product pages certainly don't need to be secure. just curious.
And I thank you again!

Thread: SSL works in catalog (sort of??) but not admin

Thread Tools

Search Thread

Display

SSL works in catalog (sort of??) but not admin

Re: SSL works in catalog (sort of??) but not admin

Re: SSL works in catalog (sort of??) but not admin

Re: SSL works in catalog (sort of??) but not admin

Re: SSL works in catalog (sort of??) but not admin

Re: SSL works in catalog (sort of??) but not admin

Re: SSL works in catalog (sort of??) but not admin

Re: SSL works in catalog (sort of??) but not admin

Re: SSL works in catalog (sort of??) but not admin

Re: SSL works in catalog (sort of??) but not admin

Similar Threads

SSL works but all links remain http not https

server change: admin works, but not catalog

Store works but not admin

Installed and admin works but not the catalog

SSL works when hard coded but not dynamically

Bookmarks

Bookmarks

Posting Permissions