Help - security error message when searching -- when customer required to login first

[ebaobao]

Hello,

I have my website www.usifloral.com setup to require customer login before they are able to browse the website. Thus when people visit the website, they are first presented with the login page which is secured "https". Now when I type something in the search box and click search, I get this scary message:

"Although this page is encrypted, the info you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?"

This message also comes up if I login successfully and immediately type something in the search box and click search. Clicking on categories and any other links doesn't have a problem. Its only when they type something in search box and click search.

This only happens on firefox.

What can I do to fix this problem?

Thanks in advance.

[Ajeh]

Switch to the Classic Template ... does it work now?

What version of Zen Cart?

Clean install or an Upgrade?

The submits were updated in v1.3.9 to manage secure/non-secure on the submits to avoid that problem ... so it sounds like you may have an old Zen Cart version or an old template that is missing these changes ...

[ebaobao]

Hi Linda,

Thanks for your reply.

Switching to classic template has same problem.

I'm on v1.3.8a

Its not a clean install, I've made quite a bit of changes, but never touched the code as far as search box goes.

Do you think upgrading will fix this problem? I'm so scared of doing upgrades.

Why does it only happen on firefox and not IE?

[ebaobao]

Do you think its possible to change the <form action="http..> part for the search box to be relative to the page being secured or not?

Will this fix it? and if so, how can I accomplish this? Thanks.

[Ajeh]

If you cannot upgrade to v1.3.9f ...

I would get a clean copy of v1.3.9f and a clean copy of c1.3.8 and compare the versions to see where all of the additions of the $request_type were added to the submits ...

NOTE: I would also take the time to ensure that you have applied all Security Patches and Updates to your v1.3.8 ...
http://www.zen-cart.com/forum/showthread.php?t=131115

NOTE: it is also a good time to review that you have applied all of the Known Bug Fixes for v1.3.8 ...
http://www.zen-cart.com/forum/showthread.php?t=153143

NOTE: all of these and more have been done in v1.3.9f ...

[ebaobao]

Hi Linda,

Thanks for the reply. I've manage to remove the search box when customer is not login. Is there a way to change the search box form code to have the action link relative to secure or not secured? Once that is done, I've fixed my problem.

I really don't want to do the upgrade for many reasons that will take too long to explain.

[ebaobao]

Hi Linda,

I fixed the problem:

in the zen_href_link() I changed the parameter of 'NONSSL' to $request_type and it fixed the issue

Thanks for replies!

[Ajeh]

This is why I suggested you look at these submit forms comparing v1.3.8 to v1.3.9 ...

For example, the sidebox for tpl_search.php ... just the change to the code from:

Code:

  $content .= zen_draw_form('quick_find', zen_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'NONSSL', false), 'get');

to read:

Code:

  $content .= zen_draw_form('quick_find', zen_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', $request_type, false), 'get');

will submit it as non-secure or secure based on the current page ...

All of the forms can be adjusted in this manner ...