Forums / General Questions / secure and nonsecure items base href?

secure and nonsecure items base href?

Locked
Results 1 to 20 of 21
This thread is locked. New replies are disabled.
02 Jan 2010, 01:53
#1
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

secure and nonsecure items base href?

website: www.bestfriendsquilts.com

I'm getting the dreaded "this page contains both secure and nonsecure items" error message when accessing supposedly secure pages. If I choose NO, do not display nonsecure items, it basically throws out the entire stylesheet. I cannot find any http: coded images or links in either my header or footer template, or my stylesheet.

Also, having read some of the other related threads, I looked at my source code and noticed my base href is not https.

My config files all say to use secure checkout.

This error does not occur in IE6, but does in IE7. I haven't tried the newest IE yet.

Btw, in Firefox 3.5.6, I don't get an error message when I go to Log In, but it boots me back to the Home Page... but then lets me through the checkout process normally after that.

JJ Doench
02 Jan 2010, 02:17
#2
kim avatar

kim

Obaa-san

Join Date:
Jun 2003
Posts:
26,564
Plugin Contributions:
0
02 Jan 2010, 02:28
#3
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

Re: secure and nonsecure items base href?

Maybe I am coding them incorrectly? This is what is in my tpl_header.php file:

<a href="index.php?main_page=index">
				<IMG SRC="images/logo_01.gif" WIDTH=293 HEIGHT=100 BORDER=0 ALT="Best Friends Quilt Shoppe"></a></TD>


And so on for the logo_02.gif, etc.

JJDoench
02 Jan 2010, 02:34
#4
tino_schlegel avatar

tino_schlegel

Totally Zenned

Join Date:
Nov 2007
Posts:
532
Plugin Contributions:
0

Re: secure and nonsecure items base href?

You should use the zen-image function to include pictures

Example:
zen_image($template->get_template_dir(HEADER_LOGO_IMAGE, DIR_WS_TEMPLATE, $current_page_base,'images'). '/' . 'logo_01.gif', HEADER_ALT_TEXT, HEADER_LOGO_WIDTH, HEADER_LOGO_HEIGHT) .


It is assumed that the images are located in the template folder in the images folder.
02 Jan 2010, 02:36
#5
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

Re: secure and nonsecure items base href?

I will try this - thank you!
JJDoench
02 Jan 2010, 03:00
#6
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

Re: secure and nonsecure items base href?

okay, so I get how to do the . zen_image part...

What I don't get is how to set up the links

How do I get
<a href="' . HTTP_SERVER . DIR_WS_CATALOG . '">


to link to specific places within my catalog?

JJDoench
02 Jan 2010, 03:09
#7
tino_schlegel avatar

tino_schlegel

Totally Zenned

Join Date:
Nov 2007
Posts:
532
Plugin Contributions:
0

Re: secure and nonsecure items base href?

Depends where you want to link to. There are many predefined pages existing and you can choose if the link it SSL or NONSSL.

But this has nothing to do with your warnings in SSL pages, only when a customer clicks on a link it may say that you leave the secure page.

Few example:
<a href="<?php echo zen_href_link(FILENAME_SHOPPING_CART, '', 'NONSSL'); ?>"><?php echo HEADER_TITLE_CART_CONTENTS; ?></a>
<a href="<?php echo zen_href_link(FILENAME_LOGOFF, '', 'SSL'); ?>"><?php echo HEADER_TITLE_LOGOFF; ?></a>
<a href="<?php echo zen_href_link(FILENAME_ACCOUNT, '', 'SSL'); ?>"><?php echo HEADER_TITLE_MY_ACCOUNT; ?></a>
<a href="<?php echo zen_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'); ?>"><?php echo HEADER_TITLE_CHECKOUT; ?></a>
02 Jan 2010, 03:11
#8
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

Re: secure and nonsecure items base href?

okay, so I could link them the way they were, with the
<a href=index... > right?

JJDoench
02 Jan 2010, 03:41
#9
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

Re: secure and nonsecure items base href?

So, I changed out all the image links in the header template to be zen_image links. It doesn't seem to have made any difference to the secure/nonsecure problem.

This is what I currently have:
<?php echo '<a href="index.php?main_page=index&cPath=1168">' . zen_image($template->get_template_dir(HEADER_LOGO_IMAGE, DIR_WS_TEMPLATE, $current_page_base,'images'). '/' . 'logo_02.gif', HEADER_ALT_TEXT) . '</a>'; ?>


What did I do wrong?

JJDoench
www.bestfriendsquilts.com
02 Jan 2010, 05:05
#10
barco57 avatar

barco57

Totally Zenned

Join Date:
Apr 2006
Posts:
2,841
Plugin Contributions:
0

Re: secure and nonsecure items base href?

https://www.bestfriendsquilts.com/index.php?main_page=login (23) 123.03 KB
www.bestfriendsquilts.com (19) 108.37 KB
html (1) Unknown
https://www.bestfriendsquilts.com/index.php?main_page=login Unknown
Stylesheet (5) 29.17 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/css/style_imagehover.css 434 Bytes
http://www.bestfriendsquilts.com/includes/templates/barebones/css/stylesheet.css 24.07 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/css/stylesheet_dotline.css 295 Bytes
http://www.bestfriendsquilts.com/includes/templates/barebones/css/stylesheet_header_menu.css 2.52 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/css/login.css 1.87 KB
Script (1) 5.92 KB
http://www.bestfriendsquilts.com/includes/templates/template_default/jscript/jscript_imagehover.js 5.92 KB
Background (2) 7.52 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/images/headerBG.jpg Unknown
http://www.bestfriendsquilts.com/includes/templates/barebones/images/emailSignupBackground.jpg 7.52 KB
Image (8) 62.89 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/images/logo_01.gif 4.19 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/images/logo_02.gif 6.72 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/images/logo_03.gif 8.67 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/images/logo_04.gif 8.04 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/images/logo_05.gif 6.62 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/images/logo_06.gif 6.61 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/images/freeshippingover150DOLLARS.jpg 2.23 KB
https://www.bestfriendsquilts.com/images/cot.gif 19.81 KB
Input Image (2) 2.87 KB
http://www.bestfriendsquilts.com/includes/templates/barebones/buttons/english/btn_continue_checkout_green.gif 1.58 KB
http://www.bestfriendsquilts.com/images/sign_up.gif 1.28 KB
secure.comodo.net (1) 4.72 KB
Script (1) 4.72 KB
https://secure.comodo.net/trustlogo/javascript/cot.js 4.72 KB
ssl.google-analytics.com (1) 9.81 KB
Script (1) 9.81 KB
https://ssl.google-analytics.com/ga.js 9.81 KB
secure.comodo.com (2) 126 Bytes
html (1) 63 Bytes
https://secure.comodo.com/trustlogo/images/cot_bgf0.gif 63 Bytes
Image (1) 63 Bytes
https://secure.comodo.com/trustlogo/images/cot_bgf0.gif 63 Bytes


Did you hard code the base href? because on the login page which has a secure url I see this in the view source:
<base href="http://www.bestfriendsquilts.com/" />
so as shown above everything on the page including stylesheets is get called unsecure except the hard coded secure calls for google analytics and your trustlogo.
02 Jan 2010, 05:13
#11
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

Re: secure and nonsecure items base href?

Where does the base href code come from? I would not likely have hard coded that.

JJDoench
02 Jan 2010, 14:37
#13
drbyte avatar

drbyte

Sensei

Join Date:
Jan 2004
Posts:
63,506
Plugin Contributions:
173

Re: secure and nonsecure items base href?

Who is your hosting company?

There are several hosting companies whose non-conventional server configurations prevent proper operation and detection of traditional SSL use.
02 Jan 2010, 21:26
#14
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

Re: secure and nonsecure items base href?

It is a local guy - eblairsolutions.com.

JJDoench
02 Jan 2010, 21:38
#15
drbyte avatar

drbyte

Sensei

Join Date:
Jan 2004
Posts:
63,506
Plugin Contributions:
173

Re: secure and nonsecure items base href?

Something's wrong with your hosting server configuration then.

Perhaps it's not giving you *real* SSL, but is only simulating it: a sign of a hosting company who is either unskilled at proper configuration or who is cutting corners seriously to cut costs, and advertising a service they're not really providing.

Or, perhaps they've done one or more other unconventional things.

Regardless, the problem is with the server, and not with Zen Cart.

Read here for some technical guidance: http://www.zen-cart.com/forum/showpost.php?p=779302&postcount=6
05 Jan 2010, 00:56
#16
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

Re: secure and nonsecure items base href?

I had my host look into it - this is what he says:

"1. Your Zencart was not properly configured for SSL. The HTTPS setting was www.bestfriendsquilts.com. The SSL Cert is setup for bestfriendsquilts.com (w/o the www.). I fixed that.

2. If you load in IE and tell it to only load secure content (you should be prompted when you load the page), it will not load files that are not coming through a secure channel. When I do this I lose your stylesheet and template graphics, which comes back to the base href. It is set at http://www.bestfriendsquilts.com. That means that anything that has a virtual address will come through http: rather than https:. That's why the graphics and SSL are not secure.

It's not the server, it is something in Zencart. I updated the config but the change isn't happening. Either the template has hard coded things that are supposed to be dynamic or there is a cache involved that needs to be reset."


What do you think? Is there a cache? How would I reset it?
05 Jan 2010, 01:35
#17
drbyte avatar

drbyte

Sensei

Join Date:
Jan 2004
Posts:
63,506
Plugin Contributions:
173

Re: secure and nonsecure items base href?

No, it has nothing to do with cache.

The base href is determined based on the success of being able to detect whether the server is actually serving the page in SSL or not, using the traditional methods enumerated in the post I mentioned earlier: http://www.zen-cart.com/forum/showpost.php?p=779302&postcount=6
Your server is apparently not conforming to any of those traditional methods of serving SSL. That often is a result of using redirects to serve SSL instead of truly serving real SSL directly.
05 Jan 2010, 03:51
#18
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

Re: secure and nonsecure items base href?

Could this be the problem? I found this line in my html_header.php in my Custom template folder:

<base href="<?php echo (($request_type == '../Local%20Settings/Temp/fz3temp-1/SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_CATALOG : HTTP_SERVER . DIR_WS_CATALOG ); ?>" />
05 Jan 2010, 03:55
#19
drbyte avatar

drbyte

Sensei

Join Date:
Jan 2004
Posts:
63,506
Plugin Contributions:
173

Re: secure and nonsecure items base href?

Um ... ya ... that would be bad. Who put that there?
05 Jan 2010, 03:56
#20
jjdoench avatar

jjdoench

New Zenner

Join Date:
Feb 2008
Posts:
41
Plugin Contributions:
0

Re: secure and nonsecure items base href?

No idea - it looks like the links that Dreamweaver manufactures sometimes when saving something locally. Usually I catch that stuff.

What should that line say? Can I just change it back to match what is in the original file?