Admin login not working when SSL redirect is in place

[trebo1970]

Hello Zen Cart Forum,

I did a fresh install of Zen Cart 1.5.5e. Added a template from Template Monster. Just got the SSL processed through Go Daddy. Confirmed that the https url was functioning. Added the code to the two configure files (includes/configure.php and admin/includes/configure.php) and the redirect to the htaccess file. Initially the layout on the homepage was messed up but once I added the proper code to the includes/configure.php file it layed out properly however when I go to log in to the admin it won't allow me to log in. I removed the htaccess redirect and I'm able to log in to the admin and access the secure admin. So it does exist, I just can't access it when the redirect is in place.
Here is the code I added to the admin/includes/configure.php file.
define('HTTP_SERVER', 'https://www.example.com');

define('HTTP_CATALOG_SERVER', 'http:/www.example.com');
define('HTTPS_CATALOG_SERVER', 'https://www.example.com');

define('ENABLE_SSL_CATALOG', 'true');

I read this page many times, https://www.zen-cart.com/content.php...alled-zen-cart.

Also I read some other posts and tried many different ways but nothing seems to work.

Any help would be much appreciated.

thank you,
Tre

[lankeeyankee]

What redirect are you adding to the htaccess file? Is this for a URL rewriter?

[mc12345678]

If you are trying to make all pages https: then it would help ZC if all uris that it tries to use are also https:, otherwise might find the system in some sort of loop and possibly cause issues.

Therefore HTTP_CATALOG_SERVER would need to be updated to include https:

Beyond that, please answer lankeeyankee's question as well as identifying "other" things tried. The more information that is presented, the easier it is to help and the easier someone else may find a solution for their own similar/related problem.

[DrByte]

I agree: it seems incorrect .htaccess redirect is being used.

[trebo1970]

Hey guys,

Thanks for the reply's.

Here is the redirect code Godaddy sent me to add to the .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If I remove it then a user can access the non secure site and won't be redirected to the secure server.

thanks,
Tre

[DrByte]

If that's what GoDaddy is telling you to add, then they should be capable of addressing why it's not working. Ask them to support it.

Zen Cart doesn't do anything special here. It just simply generates the URL as per the configure.php contents, and expects to be able to set and read a cookie for the same URL. Very straightforward, standard procedure for any application.

[trebo1970]

I already contacted GoDaddy customer support about this issue a few times and they said that they don't do support for Zen Cart and that I should be able to get support from the Zen Cart forum.

If I remove the redirect then how do I activate just a secure checkout?

[Website Rob]

The following should help in what you what to achieve.

1. In both config files make sure to use:

define('HTTP_CATALOG_SERVER', 'https:/www.example.com');


2. Admin -> Configuration -> Sessions
Cookie Domain
Force Cookie Use
- make sure they both say True


3. Add the following at the top of you .htaccess file

Code:

#############################
##  General Settings

Options  +SymLinksIfOwnerMatch -FollowSymlinks -Indexes

RewriteEngine ON

# Define the default Character Set for Browsers
AddDefaultCharset utf-8

# if an https URL is not used then redirect to use https
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

# regardless of whether an https URL is used,
# if a URL is used without www then redirect to an https URL that does use www
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

Note that "example.com" should be changed to your Domain name.

[trebo1970]

Thanks Website Rob for the very thorough answer. I added what you suggested but I still can't log into the secure admin.

Also thanks DrByte. I contacted GoDaddy once more and they confirmed that the issue was in the htaccess file and that they could fix it for a small fee.

Here is the relevant code I have on the three pages. Maybe you can see something that I'm missing.

includes/configure.php

Code:

define('HTTP_SERVER', 'http://www.example.com');
define('HTTPS_SERVER', 'https://www.example.com');

define('ENABLE_SSL', 'true');

define('HTTP_CATALOG_SERVER', 'https:/www.example.com');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');

admin/includes/configure.php

Code:

define('HTTP_CATALOG_SERVER', 'https:/www.example.com');
define('HTTPS_CATALOG_SERVER', 'https://www.example.com');

define('ENABLE_SSL_CATALOG', 'true');

define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');

.htaccess

Code:

#############################
##  General Settings

Options  +SymLinksIfOwnerMatch -FollowSymlinks -Indexes

RewriteEngine ON

# Define the default Character Set for Browsers
AddDefaultCharset utf-8

# if an https URL is not used then redirect to use https
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

# regardless of whether an https URL is used,
# if a URL is used without www then redirect to an https URL that does use www
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

[Website Rob]

Remove this from your .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


Change to this in: includes/configure.php


define('HTTP_SERVER', 'https://www.example.com');