Secure non secure issues

[enzo-ita]

Is this true also for zc 1.5.1?

dr. Byte said:
Zen Cart v1.3.x currently checks for the following conditions based on $_SERVER variables available to PHP. If any of these tests passes, Zen Cart treats the page as SSL:
HTTPS = 'on' or '1'
HTTP_X_FORWARDED_BY = 'SSL'
HTTP_X_FORWARDED_HOST = 'SSL' (and v1.4 and newer will check whether this matches the HTTPS_SERVER name too)
SCRIPT_URI is passed and contains 'https:'
SERVER_PORT = 443

(this all depends on ENABLE_SSL being set to 'true' in your configure.php file, which you've already confirmed to be the case)

thanks.
enzo

[lat9]

Here's the code fragment (from /includes/init_includes/init_file_db_names.php) that determines SSL vs. NONSSL based on $_SERVER parameters:

Code:

$request_type = (((isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == '1'))) ||
                 (isset($_SERVER['HTTP_X_FORWARDED_BY']) && strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_BY']), 'SSL') !== false) ||
                 (isset($_SERVER['HTTP_X_FORWARDED_HOST']) && (strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_HOST']), 'SSL') !== false || strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_HOST']), str_replace('https://', '', HTTPS_SERVER)) !== false)) ||
                 (isset($_SERVER['SCRIPT_URI']) && strtolower(substr($_SERVER['SCRIPT_URI'], 0, 6)) == 'https:') ||
                 (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] == '1' || strtolower($_SERVER['HTTP_X_FORWARDED_SSL']) == 'on')) ||
                 (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && (strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'ssl' || strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https')) ||
                 (isset($_SERVER['HTTP_SSLSESSIONID']) && $_SERVER['HTTP_SSLSESSIONID'] != '') ||
                 (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443')) ? 'SSL' : 'NONSSL';

[enzo-ita]

Thank a lot.
enzo