How do I make my login and registration page secure?
How do I make my login and registration page secure?
Please do not PM for support issues: a private solution doesn't benefit the community.
Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.
Assuming you already have a secure server*
edit the following 2 files:
Admin/Includes/Configure.php
and
Includes/Configure.php
in the begining of both files you will see code that needs to say the following (www.yourdomain.com need to be replaced with your real domain name):
define('HTTP_SERVER', 'http://www.yourdomain.com');
define('HTTPS_SERVER', 'https://www.yourdomain.com');
define('HTTP_CATALOG_SERVER', 'http://www.yourdomain..com');
define('HTTPS_CATALOG_SERVER', 'https://www.yourdomain.com');
define('ENABLE_SSL_ADMIN', 'true');
define('ENABLE_SSL_ADMIN', 'true');
Make sure the domain names are all correct for both HTTP and HTTPS and also make sure that 'ENABLE_SSL_ADMIN' and 'ENABLE_SSL_CATALOG' both say 'true' and not 'false'.
Once you upload the files you will need to make sure to change the permissions for the file "includes/configure.php" to 444 or tell your hosting company to change the permissions for you if you do not know how.
*If you do not have a secure server you will need to get a secure server, so if your domain is http://www.yourdomain.com then a secure server will allow https://www.yourdomain.com to work, as you see http is now followed by an "s" in the second example, call you hosting company they more than likely will have that option available.
Hope this helps...
I have done all this and still my log in page is not secure. My admin section is, so what can I be doing wrong?
Please post your /includes/configure.php without your password
Please do not PM for support issues: a private solution doesn't benefit the community.
Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.
Ok, here it is.
<?php
/**
*
* @package Configuration Settings
* @copyright Copyright 2003-2006 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
*/
/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/
// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg, http://www.yourdomain.com
// HTTPS_SERVER is your Secure webserver: eg, https://www.yourdomain.com
define('HTTP_SERVER', 'http://www.okcfishlady.com');
define('HTTPS_SERVER', 'https://www.okcfishlady.com');
// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');
// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/store/');
define('DIR_WS_HTTPS_CATALOG', '/store/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');
define('DIR_WS_PHPBB', '//okcfishlady.com/public_html/yabb/');
// * DIR_FS_* = Filesystem directories (local/physical)
//the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
define('DIR_FS_CATALOG', '/home/fishl/public_html/store/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/');
define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);
define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
// define our database connection
define('DB_TYPE', 'mysql');
define('DB_PREFIX', '');
define('DB_SERVER', 'localhost');
define('DB_SERVER_USERNAME', );
define('DB_SERVER_PASSWORD', ');
define('DB_DATABASE', '');
define('USE_PCONNECT', 'false'); // use persistent connections?
define('STORE_SESSIONS', 'db'); // use 'db' for best support, or '' for file-based storage
// The next 2 "defines" are for SQL cache support.
// For SQL_CACHE_METHOD, you can select from: none, database, or file
// If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
// or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
// ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
define('SQL_CACHE_METHOD', 'none');
define('DIR_FS_SQL_CACHE', '/home/fishl/public_html/store/cache');
?>
Please explain why you think your login page is not secure ...
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Hi,
Just checked your https site and everything is looks good and secure.
Your certificate checks out ok.
Ronald.
[FONT="Verdana"]http://www.xlventures.eu[/FONT]
When I bring up the login page, I do not get the https://. Shouldn't I be getting that in the address bar?
Hi.
Yes when you select login the page should change to https.
I could not check that because i do not know your site address
I just checked that https://www.okcfishlady.com was valid and uses an valid certificate.
If you give your shop url i be happy to check it for you.
Ronald.
[FONT="Verdana"]http://www.xlventures.eu[/FONT]
Bookmarks