Admin pages jumps from https to http

[fontgarden]

Hi,
I just made the switch from osCommerce to ZenCart as it has a bit more functions, but now when I am in admin area https and clicks anything in the admin area ZenCart jumps to http = not secure pages. I have looked in the configure files, and the cataolgues are configured as I see it properly like this:

Code:

define('HTTP_SERVER', 'http://www.fontgarden.com');
  define('HTTPS_SERVER', 'https://www.fontgarden.com');
  define('HTTP_CATALOG_SERVER', 'http://www.fontgarden.com/fontshop');
  define('HTTPS_CATALOG_SERVER', 'https://www.fontgarden.com/fontshop');

  // Use secure webserver for catalog module and/or admin areas?
  define('ENABLE_SSL_CATALOG', 'true');
  define('ENABLE_SSL_ADMIN', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  define('DIR_WS_ADMIN', '/fontshop/admin/');
  define('DIR_WS_CATALOG', '/fontshop/');
  define('DIR_WS_HTTPS_ADMIN', '/fontshop/admin/');
  define('DIR_WS_HTTPS_CATALOG', '/fontshop/');

Can anyone find the error? I do have SSL cert installed on my server :)
Thanks in advance for any help!

Ellinor

[Merlinpa1969]

Only the login is secure,
the way to make it totally secure is to change

Code:

define('HTTP_SERVER', 'http://www.fontgarden.com');
  define('HTTPS_SERVER', 'https://www.fontgarden.com');
  define('HTTP_CATALOG_SERVER', 'http://www.fontgarden.com/fontshop');
  define('HTTPS_CATALOG_SERVER', 'https://www.fontgarden.com/fontshop');

to

Code:

define('HTTP_SERVER', 'https://www.fontgarden.com');
  define('HTTPS_SERVER', 'https://www.fontgarden.com');
  define('HTTP_CATALOG_SERVER', 'https://www.fontgarden.com/fontshop');
  define('HTTPS_CATALOG_SERVER', 'https://www.fontgarden.com/fontshop');

[fontgarden]

Thanks! That looks like it's fixed :)

[Alex Clarke]

Only the login is secure,
the way to make it totally secure is to change

Code:

define('HTTP_SERVER', 'http://www.fontgarden.com');
  define('HTTPS_SERVER', 'https://www.fontgarden.com');
  define('HTTP_CATALOG_SERVER', 'http://www.fontgarden.com/fontshop');
  define('HTTPS_CATALOG_SERVER', 'https://www.fontgarden.com/fontshop');

to

Code:

define('HTTP_SERVER', 'https://www.fontgarden.com');
  define('HTTPS_SERVER', 'https://www.fontgarden.com');
  define('HTTP_CATALOG_SERVER', 'https://www.fontgarden.com/fontshop');
  define('HTTPS_CATALOG_SERVER', 'https://www.fontgarden.com/fontshop');

What if you only want to completely secure the admin and not completely secure the catalogue side?

I hope that makes sense! :|

[Merlinpa1969]

You do the same thing

the settings in the admin configure.php file ONLY control the admin side links

[Alex Clarke]

That makes sense!

I thought the edits were for the catalog configure.php file.

Silly me! :)

[mshultise]

I had to impliment the above because when in Admin, it looked as though credit card payment account logon information (Authorize.Net) appears to be displayed on a non secure page.

In any event, after enabling SSL for all of Admin, I found that any page with the language logo (the country flag) would generate an error in IE asking if I want to view the insecure information.

It appears that the link for the flag is fully qualified and thus appears as http://www.storename.com/catalog/inc...glish/icon.gif instead of a relative directory location like /includes/languages/english/icon.gif.

I know this language icon is displayed in a number of places. How best can I force the lookup to a relative address to eliminate the warning?

[mshultise]

Anyone?

I have looked through many files, I believe the pages are using DIR_WS_CATALOG_IMAGES when they should be using /images/icon.gif or a combination of FS_CATALOG and FS_IMAGES

BecauseI'm thinking the link should be relative rather than a non-ssl full URL.

I've spent over 8 hours searhing and trying changes. I'm not sure where all the links are...

[Kim]

... and now you understand why the admin doesn't switch from HTTP to HTTPS automatically like the catalog.

You can run the whole Admin as SSL by changing your configure files. Change the HTTP paths to the HTTPS address.

[mshultise]

I had changed the 2 defines to both point to HTTPS:

define('HTTP_SERVER', 'https://www.myserver.com');
define('HTTPS_SERVER', 'https://www.myserver.com');

Everything worked fine except for displaying the flag from the language directory. Every time I went to modify a catalog item, the dreaded "mixed secure and non-secure" message came up.

I finally changed the following text from HTTP_CATALOG_SERVER to HTTPS_CATALOG_SERVER and it seems to be working now.

define('DIR_WS_CATALOG_LANGUAGES', HTTPS_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/languages/');

So if anyone needs to secure the Admin side of things (so USPS and Authorize.Net passwords are not sent in the clear when you modify their configs) just go to the Admin config file and change all 3 of the above defines to reflect HTTPS.