Thread: Secure log in

Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Join Date
    Jun 2007
    Posts
    26
    Plugin Contributions
    0

    Default Secure log in

    How do I make my login and registration page secure?

  2. #2
    Join Date
    Jun 2003
    Posts
    33,715
    Plugin Contributions
    0

    Default Re: Secure log in

    Please do not PM for support issues: a private solution doesn't benefit the community.

    Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.

  3. #3
    Join Date
    Feb 2007
    Posts
    15
    Plugin Contributions
    1

    Default Re: Secure log in

    Assuming you already have a secure server*

    edit the following 2 files:

    Admin/Includes/Configure.php

    and

    Includes/Configure.php

    in the begining of both files you will see code that needs to say the following (www.yourdomain.com need to be replaced with your real domain name):

    define('HTTP_SERVER', 'http://www.yourdomain.com');
    define('HTTPS_SERVER', 'https://www.yourdomain.com');
    define('HTTP_CATALOG_SERVER', 'http://www.yourdomain..com');
    define('HTTPS_CATALOG_SERVER', 'https://www.yourdomain.com');

    define('ENABLE_SSL_ADMIN', 'true');
    define('ENABLE_SSL_ADMIN', 'true');

    Make sure the domain names are all correct for both HTTP and HTTPS and also make sure that 'ENABLE_SSL_ADMIN' and 'ENABLE_SSL_CATALOG' both say 'true' and not 'false'.

    Once you upload the files you will need to make sure to change the permissions for the file "includes/configure.php" to 444 or tell your hosting company to change the permissions for you if you do not know how.

    *If you do not have a secure server you will need to get a secure server, so if your domain is http://www.yourdomain.com then a secure server will allow https://www.yourdomain.com to work, as you see http is now followed by an "s" in the second example, call you hosting company they more than likely will have that option available.

    Hope this helps...

  4. #4
    Join Date
    Jun 2007
    Posts
    26
    Plugin Contributions
    0

    Default Re: Secure log in

    I have done all this and still my log in page is not secure. My admin section is, so what can I be doing wrong?

  5. #5
    Join Date
    Jun 2003
    Posts
    33,715
    Plugin Contributions
    0

    Default Re: Secure log in

    Please post your /includes/configure.php without your password
    Please do not PM for support issues: a private solution doesn't benefit the community.

    Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.

  6. #6
    Join Date
    Jun 2007
    Posts
    26
    Plugin Contributions
    0

    Default Re: Secure log in

    Ok, here it is.



    <?php
    /**
    *
    * @package Configuration Settings
    * @copyright Copyright 2003-2006 Zen Cart Development Team
    * @copyright Portions Copyright 2003 osCommerce
    * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
    */

    /*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
    /*************** The 2 files should be kept separate and not used to overwrite each other. ***********/
    // Define the webserver and path parameters
    // HTTP_SERVER is your Main webserver: eg, http://www.yourdomain.com
    // HTTPS_SERVER is your Secure webserver: eg, https://www.yourdomain.com
    define('HTTP_SERVER', 'http://www.okcfishlady.com');
    define('HTTPS_SERVER', 'https://www.okcfishlady.com');
    // Use secure webserver for checkout procedure?
    define('ENABLE_SSL', 'true');
    // NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
    // * DIR_WS_* = Webserver directories (virtual/URL)
    // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
    define('DIR_WS_CATALOG', '/store/');
    define('DIR_WS_HTTPS_CATALOG', '/store/');
    define('DIR_WS_IMAGES', 'images/');
    define('DIR_WS_INCLUDES', 'includes/');
    define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
    define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
    define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
    define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
    define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
    define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');
    define('DIR_WS_PHPBB', '//okcfishlady.com/public_html/yabb/');
    // * DIR_FS_* = Filesystem directories (local/physical)
    //the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
    define('DIR_FS_CATALOG', '/home/fishl/public_html/store/');
    define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
    define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
    define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/');
    define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);
    define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
    // define our database connection
    define('DB_TYPE', 'mysql');
    define('DB_PREFIX', '');
    define('DB_SERVER', 'localhost');
    define('DB_SERVER_USERNAME', );
    define('DB_SERVER_PASSWORD', ');
    define('DB_DATABASE', '');
    define('USE_PCONNECT', 'false'); // use persistent connections?
    define('STORE_SESSIONS', 'db'); // use 'db' for best support, or '' for file-based storage
    // The next 2 "defines" are for SQL cache support.
    // For SQL_CACHE_METHOD, you can select from: none, database, or file
    // If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
    // or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
    // ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
    define('SQL_CACHE_METHOD', 'none');
    define('DIR_FS_SQL_CACHE', '/home/fishl/public_html/store/cache');
    ?>

  7. #7
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Secure log in

    Please explain why you think your login page is not secure ...
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  8. #8
    Join Date
    Jun 2006
    Location
    Koh Samui
    Posts
    122
    Plugin Contributions
    0

    Default Re: Secure log in

    Hi,

    Just checked your https site and everything is looks good and secure.
    Your certificate checks out ok.

    Ronald.
    [FONT="Verdana"]http://www.xlventures.eu[/FONT]

  9. #9
    Join Date
    Jun 2007
    Posts
    26
    Plugin Contributions
    0

    Default Re: Secure log in

    When I bring up the login page, I do not get the https://. Shouldn't I be getting that in the address bar?

  10. #10
    Join Date
    Jun 2006
    Location
    Koh Samui
    Posts
    122
    Plugin Contributions
    0

    Default Re: Secure log in

    Hi.

    Yes when you select login the page should change to https.
    I could not check that because i do not know your site address
    I just checked that https://www.okcfishlady.com was valid and uses an valid certificate.
    If you give your shop url i be happy to check it for you.

    Ronald.
    [FONT="Verdana"]http://www.xlventures.eu[/FONT]

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Authorize.net SIM v1.3.9h Secure/Non-Secure content error
    By KevinH in forum Built-in Shipping and Payment Modules
    Replies: 1
    Last Post: 6 Oct 2012, 05:15 PM
  2. This page contains both secure and non-secure items?
    By doubletiger in forum General Questions
    Replies: 2
    Last Post: 11 Sep 2010, 01:16 PM
  3. 404 not found during secure log in
    By joe3b in forum General Questions
    Replies: 0
    Last Post: 10 Jun 2010, 02:07 AM
  4. Cart Secure After Log In/Sign Up
    By thefashionhut in forum General Questions
    Replies: 0
    Last Post: 10 Jan 2008, 03:40 PM
  5. Problems with secure log in & images
    By BuffaloGal in forum General Questions
    Replies: 6
    Last Post: 10 Aug 2007, 07:06 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR