How do I make my login and registration page secure? :huh:
Printable View
How do I make my login and registration page secure? :huh:
Assuming you already have a secure server*
edit the following 2 files:
Admin/Includes/Configure.php
and
Includes/Configure.php
in the begining of both files you will see code that needs to say the following (www.yourdomain.com need to be replaced with your real domain name):
define('HTTP_SERVER', 'http://www.yourdomain.com');
define('HTTPS_SERVER', 'https://www.yourdomain.com');
define('HTTP_CATALOG_SERVER', 'http://www.yourdomain..com');
define('HTTPS_CATALOG_SERVER', 'https://www.yourdomain.com');
define('ENABLE_SSL_ADMIN', 'true');
define('ENABLE_SSL_ADMIN', 'true');
Make sure the domain names are all correct for both HTTP and HTTPS and also make sure that 'ENABLE_SSL_ADMIN' and 'ENABLE_SSL_CATALOG' both say 'true' and not 'false'.
Once you upload the files you will need to make sure to change the permissions for the file "includes/configure.php" to 444 or tell your hosting company to change the permissions for you if you do not know how.
*If you do not have a secure server you will need to get a secure server, so if your domain is http://www.yourdomain.com then a secure server will allow https://www.yourdomain.com to work, as you see http is now followed by an "s" in the second example, call you hosting company they more than likely will have that option available.
Hope this helps...
I have done all this and still my log in page is not secure. My admin section is, so what can I be doing wrong?
Please post your /includes/configure.php without your password
Ok, here it is.
<?php
/**
*
* @package Configuration Settings
* @copyright Copyright 2003-2006 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
*/
/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/
// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg, http://www.yourdomain.com
// HTTPS_SERVER is your Secure webserver: eg, https://www.yourdomain.com
define('HTTP_SERVER', 'http://www.okcfishlady.com');
define('HTTPS_SERVER', 'https://www.okcfishlady.com');
// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');
// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/store/');
define('DIR_WS_HTTPS_CATALOG', '/store/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');
define('DIR_WS_PHPBB', '//okcfishlady.com/public_html/yabb/');
// * DIR_FS_* = Filesystem directories (local/physical)
//the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
define('DIR_FS_CATALOG', '/home/fishl/public_html/store/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/');
define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);
define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
// define our database connection
define('DB_TYPE', 'mysql');
define('DB_PREFIX', '');
define('DB_SERVER', 'localhost');
define('DB_SERVER_USERNAME', );
define('DB_SERVER_PASSWORD', ');
define('DB_DATABASE', '');
define('USE_PCONNECT', 'false'); // use persistent connections?
define('STORE_SESSIONS', 'db'); // use 'db' for best support, or '' for file-based storage
// The next 2 "defines" are for SQL cache support.
// For SQL_CACHE_METHOD, you can select from: none, database, or file
// If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
// or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
// ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
define('SQL_CACHE_METHOD', 'none');
define('DIR_FS_SQL_CACHE', '/home/fishl/public_html/store/cache');
?>
Please explain why you think your login page is not secure ...
Hi,
Just checked your https site and everything is looks good and secure.:cool:
Your certificate checks out ok.
Ronald.
When I bring up the login page, I do not get the https://. Shouldn't I be getting that in the address bar?
Hi.
Yes when you select login the page should change to https.
I could not check that because i do not know your site address:huh:
I just checked that https://www.okcfishlady.com was valid and uses an valid certificate.
If you give your shop url i be happy to check it for you.
Ronald.