SSL Confusion

[Sykth]

Hi All,

I've been browsing through the forums trying to identify a similar problem to the one I'm having but so far have had no such luck.

I've recently had my webhost install a dedicated SSL certificate for my website. I've modified the settings in the admin/includes/configure.php and includes/configure.php files.

I want my admin area and checkout area to be SSL secured. When I go to my admin area using "http" i can login successfully. However when I login using the "https" in the web address, the admin login appears but it does not accept my login details.

Also when I access my site using "http" it loads perfectly, but if I use "https" the site appears unstyled.

I have contacted my webhost and as far as I'm aware there seems to be only one folder for all my files.

Another problem I'm running into is that I enabled SSL for checkout, yet when i login with my dummy account the checkout process is still done with "http" in the web browser.

Does anyone have any ideas as to why this would be happening?

Sorry for the speel - and if I've missed something obvious!

[Ajeh]

Sounds like issues might be either with the server or with your configure.php files ...

Could you post, from the server, without your username and password, the two files:
/includes/configure.php
/admin/includes/configure.php

so that we can peek and see if there are errors in them ...

[Sykth]

Hey there,

I did have one error in my configure.php file pointing at the wrong location which I've amended.

The problem I'm having now is that I still cannot access my admin area, and when I try to login in as a dummy user I receive the error message "There was a security error when trying to login."

I've had a look at the following guide: https://www.zen-cart.com/tutorials/i...hp?article=312 , and copied fresh installs of :

- /includes/templates/YOUR_TEMPLATE/templates/tpl_login_default.php
- /includes/templates/YOUR_TEMPLATE/templates/tpl_timeout_default.php
- /admin/login.php

(and also the sessions.php in the functions folder).

However I'm still experiencing the same errors!

Help please! :)

[Ajeh]

If you disable the secure in the configure.php does everything work properly?

If you enable it, can you do anything on any secure page?

If you disable it, and change to Classic Template does everything work?

If you enable it, and change to Classic Template does everything work?

Have you an URL that we can peek at to see this in action?

[Sykth]

Hi Ajeh,

First off thanks for taking the time to help me with this problem.

Ok,

I've found the answers to your questions:

-If I disable SSL in the admin area, I can login successfully, and the web address is still a "Https" (no idea how that works!). Also when i turn off the checkout SSL I can login into the site as a customer! The webpage is a "Http".
I'm very confused now :< Does that mean the admin areas are secure even though I've turned off SSL in the relevant configure files?

This is my current admin/includes/configure.php snippet:

PHP Code:

  define('HTTP_SERVER', 'https://www.xclusiveimports.com');
  define('HTTPS_SERVER', 'https://www.xclusiveimports.com/');
  define('HTTP_CATALOG_SERVER', 'https://www.xclusiveimports.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.xclusiveimports.com/');

  // Use secure webserver for catalog module and/or admin areas?
  define('ENABLE_SSL_CATALOG', 'false');
  define('ENABLE_SSL_ADMIN', 'false'); 


This is my current includes/configure.php file:

PHP Code:

// Define the webserver and path parameters
  // HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
  // HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
  define('HTTP_SERVER', 'http://www.xclusiveimports.com');
  define('HTTPS_SERVER', 'https://www.xclusiveimports.com/');

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'false'); 


Also if I revert to the classic templates I encounter the same errors with SSL enabled in the admin and checkout areas.

my url is www.xclusiveimports.com/store (please excuse site it has a few validation errors I need to fix).

[Ajeh]

The problem most likely is related to the trailing slashes in your settings ... remove those in both files and see if things work better ...

Also, delete the cookies for your site and clear your cache, often this will help ...

[Sykth]

! I can't believe it was something so small and simple!

Thanks so much for your help!

[Ajeh]

Thanks for the update that setting up your configure.php files correctly was able to resolve the issues that you were experiencing ...