Using HostGator and Shared SSL, Secure and Unsecure Items?

[DrByte]

Oops. I was certain that I took that content from your login page. Apparently I did not.

Your real problem is this:

On a Secure page, you're still getting a base href URL for non-secure content:

Code:

<base href="http://www.criticalthinkersonline.net/" />

Ideally that should switch to the URL for your secure site, ie:

Code:

<base href="https://sonata.websitewelcome.com/~critical/" />

There are a couple causes for the automatic switching to not occur properly:
1) ENABLE_SSL is not set to 'true'. (Yours must be or your login pages wouldn't be switching into SSL mode, so that's not the problem in your case.)
2) The SSL certificate is not actually fully valid or secure
3) The many industry-standard detection options available to determine whether the page is actually "secure" are not working on your server. This is VERY common on Network Solutions and Fasthosts hosting plans. But I've not seen that problem on HostGator normally.

If you care to figure out what technical issue is preventing proper detection, here is the logic that determines whether the page has been delivered in SSL mode:

Code:

$request_type = ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') 
                 || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == '1') 
                 || (isset($_SERVER['HTTP_X_FORWARDED_BY']) && strstr(strtoupper($_SERVER['HTTP_X_FORWARDED_BY']),'SSL')) 
                 || (isset($_SERVER['HTTP_X_FORWARDED_HOST']) &&  strstr(strtoupper($_SERVER['HTTP_X_FORWARDED_HOST']),'SSL')) 
                 || (isset($_SERVER['SCRIPT_URI']) && strtolower(substr($_SERVER['SCRIPT_URI'], 0, 6)) == 'https:') 
                 || (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443' )   )  ? 'SSL' : 'NONSSL';

You may have to work with their tech support to determine why none of these common modes for SSL operation can be detected on the server you've been assigned to.

[davewest]

Not sure if this will help you, but when I first open my site I used HostGator shared SSL. I couldn't get it to work at all, after asking them why, they told me that the shared cert would not work with php5. Didn't make much seance to me, but what I did I had set my .htaccess file up with,

AddHandler application/x-httpd-php5 .php

Changing it to;

AddHandler application/x-httpd-php .php

the shared SSL work fine after that change.

This was before they upgraded the servers to php5 and I had my own cert installed. I also noticed that even after upgrading to php5 and changing the Addhandler to php5, they commented it out. They may still be having issues with php5 and shared certs.

[daxxruckus]

Thanks Dave. I'm going to contact HG support this weekend and see whats up. I appreciate all the help everyone. If you have any more ideas, please keep them coming!

[daxxruckus]

I spoke with HG support and they said to "Check with the Zen Cart folks and see if it uses caching".

I don't understand what the issue is, and why I'm still getting secured/unsecured items?!

[DrByte]

I spoke with HG support and they said to "Check with the Zen Cart folks and see if it uses caching".

"caching"? If they're referring to HTML or PHP caching, the answer is no.
Out-of-the-box, Zen Cart only does database-query-caching, not HTML page caching, nor any PHP caching.

I don't understand what the issue is, and why I'm still getting secured/unsecured items?!

As I described earlier, the server is not providing conventional hooks by which to identify that the page is actually being served over SSL, and thus is being treated as a non-SSL page. That results in images and stylesheets being loaded over an unencrypted connection, hence the warnings.