Items don't add to cart. SSL?

[mmnord]

I have had my Zen-Cart operational for a few months now, unsecure, with payments going through PayPal.

Two days ago I purchased from my host (HostMonster) a dedicated IP and a SSL cert. HostMonster helped me install my SSL and they put it in the root directory of my site. My whole site is secure https://www.millwrightmasters.com (all of the main site, my phpBB, my photogallery, and my Zen-Cart). Originally I didn't think this would be an issue.

Yesterday I was making some minor changes to my Zen-Cart and discovered that if you try to add a product to the shopping cart you get redirected to an empty cart. I have had previous customer orders so I know that the cart worked.

I read and followed the FAQ reguarding installing an SSL AFTER Zen-Cart. Hopefully I did it correctly. If ANYONE has an idea of where I can start to look, I sure would appreciate it.

Thank you in advance,
Mike


Here's a look at part of the config.php:

Code:

<?php
/**
 * @package Configuration Settings circa 1.3.8
 * @copyright Copyright 2003-2007 Zen Cart Development Team
 * @copyright Portions Copyright 2003 osCommerce
 * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
 */


/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/***************       The 2 files should be kept separate and not used to overwrite each other.      ***********/

// Define the webserver and path parameters
  // HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
  // HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
  define('HTTP_SERVER', 'http://www.millwrightmasters.com');
  define('HTTPS_SERVER', 'https://www.millwrightmasters.com');

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'true');

[stevesh]

Generally, you don't want to secure your entire Zencart installation, and you really don't want/need to secure your non-Zencart pages.

Change the paths in configure.php to www.millwrightmasters.com/store/ and see if that fixes things.

[mmnord]

Thank you for the quick reply steve.

I had already tried that yesterday. It didn't work. On a whim I tried it again just now. Still no success.

To be completely honest, I really don't know the SSL procedures completely for placement and how one file can have but another cannot. It is a subject I will have to study more of to understand.

I guess the bottom line is, I thought Zen-Cart would be able to function properly even if the entire store was secure. I was thinking there must be a file somewhere that is causing this problem.

I'll keep learning...lol

Once again, thank you for the response,
Mike

[stevesh]

The way Zencart works is, if configured properly, only the Login/Create Account page and all the checkout pages are secured. Securing the whole site will usually slow things down.

In some cases, the SSL cert has to be issued to the specific directory to work properly, which wouldn't be a problem except you have the cert pointing to the root of your site, and Zencart is in /store. You might ask your host if that'll work.

What happened when you changed the config files?

BTW, your home page (non-Zencart) is showing the secure/non-secure error in IE7, caused by the content of your comments box on the right.

You might consider re-doing your site such that Zencart is in the root.

[mmnord]

When I changed the config file and refreshed my Zen-Cart store it had the appearance of a site map (if that makes sense).

Mostly words along the left side of the screen with no pix.

When I changed the file back, all was good again.

I am beginning to think that the cert should NOT have been put in my root for ALL pages to be secured.

BTW, what do you mean when you say "re-do so Zen is in the root"? What is exactly does that mean. Sorry for the simple Q, but I am very green at this whole web-building thing yet...lol

I am still self-teaching a bit here...lol

Thank you,
Mike

[stevesh]

BTW, what do you mean when you say "re-do so Zen is in the root"? What is exactly does that mean. Sorry for the simple Q, but I am very green at this whole web-building thing yet...lol

The idea is that Zencart would be your entire site, and you would configure and style the main Zencart page to look like your current home page (if you want). That way, pointing a browser to www.millwrightmasters.com would take visitors directly to your Zencart main page, and probably solve the current SSL problem.