Different domain name for shop

[TechnoTim2010]

Hi

After a clients site and specifically zencart were hacked, I was brought in to resolve the issues, secure the site and once everything is up and hunky dory, get the connection to the Payment company working (as payment was offline before).

I usually work on intranets and therefore understand PHP, MySQL XML and JSP. The public websites have never needed SSL or anything apart from basic read only security.

So I have fixed the zencart and reimported all the MYSQL data from a known good backup. Secured it all.

Then to implement SSL.

The process I went through asked for the domain name for the actual certificate (not the FQDN) So I input the domain name mywebsite.co.uk.

I now realise that this means that it will not work for https://www.mywebsite.co.uk only https://mywebsite.com

With the main website having links to the shopping cart redirecting to https://mywebsite.com/zencart/index.php and the configure.phps both having this as their https path and SSL as true I assumed that this would work.

But although the index.php is ok and https any links on the cart send the customer tp to unsecured http pages not https pages.

Is there any fix for this or do I need a site SSL Certificate for www.mywebsite.co.uk instead.

Oh and if anyone wants a gander at a trojan written in php (so you can read the innards) I have one, quite interesting but spawned loads of lifeless php scripts (70 in total)

Any advice and help would be greatly appreciated

[lat9]

Three files need to be changed:

1. /.htaccess

Code:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [R=301,L]

That update removes the www from your URL.

2. /includes/configure.php

Code:

  define('HTTP_SERVER', 'http://domain.com');
  define('HTTPS_SERVER', 'https://domain.com');

3. /YOURADMIN/includes/configure.php

Code:

  define('HTTP_SERVER', 'http://domain.com');
  define('HTTPS_SERVER', 'https://domain.com');
  define('HTTP_CATALOG_SERVER', 'http://domain.com');
  define('HTTPS_CATALOG_SERVER', 'https://domain.com');

The previous two updates make sure that the generated links to your site don't include the www.

[TechnoTim2010]

Thankyou so much you are a star.

[lat9]

I'm glad I could help ...