Need Help Properly Applying SSL to Checkout

[Bahnstoermer]

Hi everyone,

I just got off the phone with my hosting company to confirm my SSL is properly installed, and manually replacing http with https on seemingly any one of my pages works (ie, the page loads and the lock is shown in IE, etc).

My question is that I can't seem to get it to enable "automatically" as I proceed through the checkout with a test order. My site is structured as

MY_SITE (all html)
MY_SITE/catalog (zencart directory)

I have installed the authornize.net payment module in testing mode, modified both configure.php files according to: https://www.zen-cart.com/tutorials/index.php?article=14 for a certificate of my own (which I have)

They are:

define('HTTP_SERVER', 'http://MY_SITE.com');
define('HTTPS_SERVER', 'https://MY_SITE.com/catalog');
define('HTTP_CATALOG_SERVER', 'http://MY_SITE.com');
define('HTTPS_CATALOG_SERVER', 'https://MY_SITE.com/catalog');

// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'true');
define('ENABLE_SSL_ADMIN', 'false');

and:

define('HTTP_SERVER', 'http://MY_SITE.com');
define('HTTPS_SERVER', 'https://MY_SITE.com/catalog');
define('HTTP_CATALOG_SERVER', 'http://MY_SITE.com');
define('HTTPS_CATALOG_SERVER', 'https://MY_SITE.com/catalog');

// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'true');
define('ENABLE_SSL_ADMIN', 'false');

It seems the https should be enabled from the first page you're supposed to enter CC info until the transaction is done, but this is not the case. I do get an https: but only at the very last page where it attempts to contact authorize.net and it of course errors out because I'm using their test CC number. This page is after the CC number has already been entered which seems to suggest this isn't right at all.

Can someone help out with this? Thanks!

[kobra]

Your config postings are the same and these files are not the same....Hopefully you just mispasted the content...

A link is helpful

[Bahnstoermer]

Sorry about that and thanks for the help...

I found the problem after copy / paste into this forum LOL. A file permission error wasn't allowing overwriting of the file.

[poolprorich]

Hello your admin file at the top should look like this:

HTML Code:

 define('HTTP_SERVER', 'http://www.YOUR_SITE.com');

  define('HTTPS_SERVER', 'https://www.YOUR_SITE.com');

  define('HTTP_CATALOG_SERVER', 'http://www.YOUR_SITE.com');

  define('HTTPS_CATALOG_SERVER', 'https://www.YOUR_SITE.com');



  // Use secure webserver for catalog module and/or admin areas?

  define('ENABLE_SSL_CATALOG', 'true');

  define('ENABLE_SSL_ADMIN', 'true');

and if you have a subdirectory:

HTML Code:

 define('HTTP_SERVER', 'http://www.YOUR_SITE.com/YOUR_DIRECTORY');

  define('HTTPS_SERVER', 'https://www.YOUR_SITE.com/YOUR_DIRECTORY');

  define('HTTP_CATALOG_SERVER', 'http://www.YOUR_SITE.com/YOUR_DIRECTORY');

  define('HTTPS_CATALOG_SERVER', 'https://www.YOUR_SITE.com/YOUR_DIRECTORY');



  // Use secure webserver for catalog module and/or admin areas?

  define('ENABLE_SSL_CATALOG', 'true');

  define('ENABLE_SSL_ADMIN', 'true');

And for catolog side: witch is located in includes/

HTML Code:

// Define the webserver and path parameters
  // HTTP_SERVER is your Main webserver: eg, http://www.yourdomain.com
  // HTTPS_SERVER is your Secure webserver: eg, https://www.yourdomain.com
  define('HTTP_SERVER', 'http://www.YOUR_SITE.com');
  define('HTTPS_SERVER', 'https://www.YOUR_SITE.com');

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  define('DIR_WS_CATALOG', 'YOUR_DIRECTORY/');
  define('DIR_WS_HTTPS_CATALOG', ''YOUR_DIRECTORY/');

  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
  define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
  define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');

and if in a sub directory:

HTML Code:

// Define the webserver and path parameters
  // HTTP_SERVER is your Main webserver: eg, http://www.yourdomain.com
  // HTTPS_SERVER is your Secure webserver: eg, https://www.yourdomain.com
  define('HTTP_SERVER', 'http://www.YOUR_SITE.com');
  define('HTTPS_SERVER', 'https://www.YOUR_SITE.com');

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  define('DIR_WS_CATALOG', '/');
  define('DIR_WS_HTTPS_CATALOG', '/');

  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
  define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
  define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');

[Bahnstoermer]

Hey thanks a lot, I'll go through these and see. It appears I am getting a strange secure/nonsecure transition in the site somehow. Hopefully it will be corrected by something you've posted and it's not due to my linking to an external home page.

[poolprorich]

you will get secure and non secure mesage from browser unless you call any external links as https://

[Bahnstoermer]

Actually when I implemented this code

define('HTTP_SERVER', 'http://www.YOUR_SITE.com/YOUR_DIRECTORY');
define('HTTPS_SERVER', 'https://www.YOUR_SITE.com/YOUR_DIRECTORY');
define ('HTTP_CATALOG_SERVER', 'http://www.YOUR_SITE.com/YOUR_DIRECTORY');
define('HTTPS_CATALOG_SERVER', 'https://www.YOUR_SITE.com/YOUR_DIRECTORY'

Instead of:
define('HTTP_SERVER', 'http://www.YOUR_SITE.com/);
define('HTTPS_SERVER', 'https://www.YOUR_SITE.com/YOUR_DIRECTORY');
define('HTTP_CATALOG_SERVER', 'http://www.YOUR_SITE.com/');
define('HTTPS_CATALOG_SERVER', 'https://www.YOUR_SITE.com/YOUR_DIRECTORY'




It "broke" my admin login by putting YOUR_DIRECTORY twice in the navigation bar, resulting in a page not found. I changed it back to the way I had it - Latter configuration from above - will this be ok or am a "fixing" a problem the wrong way? What is the HTTPS_CATALOG_SERVER? My cart is actually renamed to /catalog but this is unrelated correct?

[DrByte]

I'm afraid the advice you were given earlier is misleading. The YOURDIRECTORY part should probably be in the DIR_WS_CATALOG and DIR_WS_ADMIN instead of the HTTP_SERVER ... and similarly for the HTTPS entries.

It works like this:

For Catalog addresses, the HTTP_SERVER and DIR_WS_CATALOG are combined to make the non-SSL URL to your site.
And HTTPS_SERVER and DIR_WS_HTTPS_CATALOG are combined to make the SSL URL.

For Admin addresses, the HTTP_SERVER and DIR_WS_ADMIN make the non-SSL URL and the HTTPS_SERVER and DIR_WS_HTTPS_ADMIN make the SSL URL.
(The catalog references in the admin configure.php file operate similarly.)

Basically, the DIR_WS_xxxxx entries would contain the common foldername where your site is stored. In most situations, this is a foldername "under" the "public_html" folder.

If you have a shared-SSL setup, you should put the entire special shared URL in the HTTPS_SERVER line, but leave the "common" folder path in the DIR_WS_xxxxx line.

ie:
HTTPS_SERVER could be "https://your_site.com" and DIR_WS_CATALOG "/zencartfolder/".
or
HTTPS_SERVER could be "https://my_hosts_shared_server/~myusername" and DIR_WS_CATALOG would still be "/zencartfolder/" or DIR_WS_ADMIN would be "/zencartfolder/admin/"

[cgoldberg]

I am having this same problem with my new cart. I followed the advice posted by DrByte - but now I get this when I go to login to the admin site:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/snugabug/public_html/hp_zencart/admin/includes/configure.php:91) in /home/snugabug/public_html/hp_zencart/includes/functions/sessions.php on line 108

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/snugabug/public_html/hp_zencart/admin/includes/configure.php:91) in /home/snugabug/public_html/hp_zencart/includes/functions/sessions.php on line 108

Warning: Cannot modify header information - headers already sent by (output started at /home/snugabug/public_html/hp_zencart/admin/includes/configure.php:91) in /home/snugabug/public_html/hp_zencart/admin/includes/init_includes/init_templates.php on line 36

I've tried reverting enable status to FALSE, but this has not worked.
Please help!
Thanks.

[Ajeh]

Check and see if you have space(s) or blank line(s) at the end of your closing ?> php tag ...

php does not like those ...