.htaccess and Admin Area Problem

**Sanguinarius** · 15 Mar 2013, 03:00 AM

I'm using ZC 1.5.0. new install from my hosting company cPanel. I have SSL and all that.

I wanted to make the following urls all automatically forward to https://www.sanguinarius.org/store/ :

http://www.sanguinarius.org/store/
http://sanguinarius.org/store/
https:/sanguinarius.org/store/

I contacted my hosting company and they told me to use a .htaccess file with this in it:

Code:

RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.sanguinarius.org/store/$1 [R=301,L]

and upload it to my store directory. (That is so the rest of my website doesn't get forwarded to https://;blahblahblah.

OK, fine. I did that. Then I went to edit a product and submit it to the database and I get the pink strip at the top that says:

Error ERROR: The data you submitted was found to be empty. YOUR CHANGES HAVE *NOT* BEEN SAVED. You may have a problem with your browser or your internet connection.

=====

What did I do wrong and how do I make it right short of removing the .htaccess file and having people going to http://www.sanguinarius.org/store/ and it not being secure? Or do I remove the file and do something else that you ZC guys here know about but my webhost's tech support doesn't?

**DrByte** · 15 Mar 2013, 03:12 AM

What's so sensitive about your site that you need it to serve everything over SSL?

To do it, it would be a whole lot simpler if you simply deleted that .htaccess change and merely set all the URLs in your configure.php files to point to https:// instead of a mix of http:// and https://

**schoolboy** · 15 Mar 2013, 11:26 AM

Originally Posted by Sanguinarius

I contacted my hosting company and they told me ...

I would cancel my hosting account IMMEDIATELY, and move the installation to a crowd that knows eCommerce and zencart in particular.

The minute a host indicates that they have little idea about how important platforms and systems work should be a clear signal to go find one that knows what they are doing.

**Sanguinarius** · 16 Mar 2013, 12:54 AM

Originally Posted by schoolboy

I would cancel my hosting account IMMEDIATELY, and move the installation to a crowd that knows eCommerce and zencart in particular.

The minute a host indicates that they have little idea about how important platforms and systems work should be a clear signal to go find one that knows what they are doing.

I canceled my old host immediately and moverd to my current one BECAUSE they DID support Zen Cart. I've paid for a year: hosting, dedicated IP and SSL certificate and I can't afford to move at this point. I'm on a fixed income but hoping to eventualy break out of the cycle by becoming a webepreneur. :) Anyway, I like them. I think I just got a hold of one that was a dummy.

**DrByte** · 16 Mar 2013, 01:02 AM

To secure your checkout pages with SSL, simply enabled it in your configure.php files. That way Zen Cart will intelligently use SSL on pages that need it, and not on pages that don't.

FAQ explaining it: http://www.zen-cart.com/content.php?...alled-zen-cart

**Sanguinarius** · 16 Mar 2013, 01:04 AM

This is what I have in my catalog/includes/configure.php folder:

Code:

// Define the webserver and path parameters
  // HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
  // HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
  define('HTTP_SERVER', 'http://sanguinarius.org');
  define('HTTPS_SERVER', 'https://sanguinarius.org');

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'false');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  define('DIR_WS_CATALOG', '/store/');
  define('DIR_WS_HTTPS_CATALOG', '/store/');

Shouldn't this following snippet of code be set to "true"? WOuld that alone solve my problem?:

Code:

// Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'false');

This is what I have in my admin/includes/configure.php file:

Code:

/**
 * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
 * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
 */
  define('HTTP_SERVER', 'http://sanguinarius.org');
  define('HTTPS_SERVER', 'https://sanguinarius.org');
  define('HTTP_CATALOG_SERVER', 'http://sanguinarius.org');
  define('HTTPS_CATALOG_SERVER', 'https://sanguinarius.org');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'true');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'true');

**DrByte** · 16 Mar 2013, 01:26 AM

Two changes, highlighted and bolded in red:

Originally Posted by Sanguinarius

catalog/includes/configure.php:

Code:

// Define the webserver and path parameters
  // HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
  // HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
  define('HTTP_SERVER', 'http://sanguinarius.org');
  define('HTTPS_SERVER', 'https://sanguinarius.org');

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  define('DIR_WS_CATALOG', '/store/');
  define('DIR_WS_HTTPS_CATALOG', '/store/');

This is what I have in my admin/includes/configure.php file:

Code:

/**
 * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
 * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
 */
  define('HTTP_SERVER', 'https://sanguinarius.org');
  define('HTTPS_SERVER', 'https://sanguinarius.org');
  define('HTTP_CATALOG_SERVER', 'http://sanguinarius.org');
  define('HTTPS_CATALOG_SERVER', 'https://sanguinarius.org');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'true');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'true');

**Sanguinarius** · 16 Mar 2013, 03:45 AM

In the admin configure, won't this line of code (below) make my whole domain SSL?

Code:

define('HTTP_SERVER', 'https://sanguinarius.org');

Do I need my whole domain to be secure? Is that something I should have enabled anyway or not? Does it make it safer from hackers?

**Sanguinarius** · 16 Mar 2013, 03:54 AM

Well, you're the Sensei, DrByte. It works, so I'm not going to question that. I can continue with my customizing and adding products. Thank you.

**DrByte** · 16 Mar 2013, 05:22 AM

NOTE: You quoted your catalog AND admin configure.php files, and I told you to put the "s" in ONLY on the admin one. Not the other one. Heed that.

Thread: .htaccess and Admin Area Problem

Thread Tools

Search Thread

Display

.htaccess and Admin Area Problem

Re: .htaccess and Admin Area Problem

Re: .htaccess and Admin Area Problem

Re: .htaccess and Admin Area Problem

Re: .htaccess and Admin Area Problem

Re: .htaccess and Admin Area Problem

Re: .htaccess and Admin Area Problem

Re: .htaccess and Admin Area Problem

Re: .htaccess and Admin Area Problem

Re: .htaccess and Admin Area Problem

Similar Threads

v150 Ultimate SEO .htaccess problem and broken Admin interface

Admin area and limiting by IP with HTAccess?

Admin area not displaying stylesheet? (fasthosts & .htaccess fun I think...)

Cannot access admin area after .htaccess directory - gives me page not found

Bookmarks

Bookmarks

Posting Permissions