"View only the webpage content that was delivered securely?" Problem

[skyline2]

Hello,

I recently took over the maintenance of a ZenCart 1.3.8 site (PHP Version 5.2.6, MySQL 5.0.75) and transferred it from one webhost to another, using the ZC site transfer tutorial. With the previous webhost, the site used a shared SSL certificate, but with the new host, we purchased our own certificate and updated the configuration files accordingly.

• Background: After the transfer, the first problem of two was that on all of the https pages, we were now getting the “not all items on this page are secure…view only the secure items?” security warning message. After researching the community postings, I fixed this by adding an “S” to the “HTTP” reference in this line (bolded), <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_CATALOG : HTTP_SERVER . DIR_WS_CATALOG); ?>" />, located in the html_header.php file in includes/templates/template_default/common.

• Problem 2 of 2, where I need help: After the fix above, now all of the https pages pull up correctly without the security message except one, the “Hello <username>/Welcome” page after a user logs in (not after logging in during checkout but rather only after a straight login to an account from the login/registration page). When I “view source” on this welcome page, the base href is now pointing to https, but in the "mainWrapper" div below it, I see the index page does not have https:
<td align="left" valign="top" width="35%" class="headerNavigation">
<a href="http://www.<domain name>.com/index.php?main_page=index">Home</a>&nbsp;|&nbsp;
<a href="https://www.<domain name>.com/index.php?main_page=logoff">Log Out</a>&nbsp;|&nbsp;
<a href="https://www.<domain name>.com/index.php?main_page=account">My Account</a>
</td>

Is this the problem? If so, where/how do I fix it? I’m new to ZenCart, and I haven’t been able to find yet where to fix it. Does anyone know? I would greatly appreciate the help.

Thank you.

P.S. In one posting, I saw a possible fix of “It's probably your server's fault. check out this post:
http://www.zen-cart.com/forum/showth...ight=base+href”, but I’ve had two webhosts tell me now that they won’t make any changes to their server since those changes would affect everyone on the server. I’m continuously sent back to figure it out in the code.

[g1smd]

All page elements need to be delivered using the same protocol: HTTP or HTTPS.

It needs fixing, however you manage to get it done. Seeing that error message makes customers jittery.

[skyline2]

Yes, thank you, that's what I was indicating; the index page was the only page in that list not pointing to https. I was asking where to fix this.

[DrByte]

The FAQ section is full of many articles on common topics.
Here's one which shows you how to figure out the problem you're talking about: https://www.zen-cart.com/tutorials/i...hp?article=150

[IDW]

Hey Skyline

Sorry Im not here to answer your question but I had to tell you something.
Earlier in your post you said:
I fixed this by adding an “S” to the “HTTP” reference in this line (bolded), <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_CATALOG : HTTP_SERVER . DIR_WS_CATALOG); ?>" />, located in the html_header.php file in includes/templates/template_default/common.

That fixed my insecure warning problem that Ive been trying to figure out for some time now. As a rookie , I learned fortran in university I would never of thought to look there.

Thank you very much for spelling out a fix.

[frank18]

When I “view source” on this welcome page, the base href is now pointing to https, but in the "mainWrapper" div below it, I see the index page does not have https:
<td align="left" valign="top" width="35%" class="headerNavigation">
<a href="http://www.<domain name>.com/index.php?main_page=index">Home</a>&nbsp;|&nbsp;
<a href="https://www.<domain name>.com/index.php?main_page=logoff">Log Out</a>&nbsp;|&nbsp;
<a href="https://www.<domain name>.com/index.php?main_page=account">My Account</a>
</td>

What you are showing here (the source view) are only the nav links to certain pages. Zencart knows when to switch between http and https. Because the 'Home' page essentially is a non-secure page, the link shows http. The other 2 pages (Login and Account) are secure pages, hence https

Those links are not the cause of your error messages. Follow DrBytes advice above for further diagnosis

Frank

[skyline2]

Thank you very much, DrByte and Frank. I saw that article and should have referenced it as well in my original posting; I didn’t think this was the cause though since the code worked with the previous host, which meant to me that nothing was hard-coded then so it shouldn’t be a problem now. Same thing with the other two options in the article --- they didn’t apply either (i.e. 1. This can also happen if you have added banners with http:// links and not told them to skip display on SSL pages. 2. This can also happen if you have added click-tracking tools to your site via javascript, which link to http:// pages somewhere.).

Could you possibly let me know which template file drives the “Hello <username>/Welcome” page? I’ve gone through so many already and can’t find it. Thanks again.

P.S. Hey IDW, thank you for the note; I’ve learned so much now from the forum postings that it made my day to hear that I finally contributed something that helped someone else.

[skyline2]

Dear DrByte and frank18,

Please disregard my last question, as I found the broken file; it was the “define_main_page.php” file under /htdocs/includes/languages/english/html_includes/classic. The reason I couldn’t find it earlier is because I was searching through the web files on my harddrive and this file was correct in there; it was only broken on the server. For some reason, the image paths in this one file was not updated in the site transfer. I searched for the old path reference in the Developer’s Tool Kit in the admin panel and realized the file that pulled up in the search did not match the file I had on my harddrive. Once I updated it on the server, it worked.

Thank you again!

[IDW]

This fix

adding an “S” to the “HTTP” reference in this line (bolded), <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_CATALOG : HTTP_SERVER . DIR_WS_CATALOG); ?>" />, located in the html_header.php file in includes/templates/template_default/common.

for the insecure items error does work.

But, After i did it I noticed my web site was considerably slower. Now all the images are delivered https all the time. I switched it back because I would rather have the error rather than a slow site.
Back to the drawing board. When some one directs my page to https some reason all the images come via http

[DrByte]

This fix

adding an “S” to the “HTTP” reference in this line (bolded), <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_CATALOG : HTTP_SERVER . DIR_WS_CATALOG); ?>" />, located in the html_header.php file in includes/templates/template_default/common.

for the insecure items error does work.

But, After i did it I noticed my web site was considerably slower.

It's actually a bad idea for more reasons than just the slowdown.
Making that change can actually seriously break the site in many cases. Granted, it's easy to recover by simply putting it back to how it was written.

I switched it back because I would rather have the error rather than a slow site.
Back to the drawing board. When some one directs my page to https some reason all the images come via http

Best to take that discussion back to whichever thread you were originally discussing it in so the history can be referenced.