Contact us page - Redirect loop using default setup with Classic

[lat9]

Well interesting,

Lat9, I tried the code thing that you suggested
Code:

Code:

// if (ENABLE_SSL == 'true' && $request_type != 'SSL') {
//  zen_redirect(zen_href_link(FILENAME_CONTACT_US, '', 'SSL'));
// }

// default email and name if customer is logged in
if($_SESSION['customer_id']) {
  $sql = "SELECT customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id
          FROM " . TABLE_CUSTOMERS . "
          WHERE customers_id = :customersID";

  $sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer');
  $check_customer = $db->Execute($sql);
  $email_address = $check_customer->fields['customers_email_address'];
  $name= $check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'];
}

As you can see I have commented out those lines. Now when opening the Contact Us page - it now opens but not displaying correctly. There is a change tho.

Am still looking for the other codes to put up now....

Thanks,

*********************************************

John,
Webmaster

John, that confirmed my suspicion. Your webhost's shared SSL is not being recognized as SSL by Zen Cart.

Would you make (yet another) modification and send me a PM with the contents of the myDEBUG log file that's generated? I ask you to send it via PM because there might be some "secret" information within the $_SERVER variables.

Code:

// if (ENABLE_SSL == 'true' && $request_type != 'SSL') {
//  zen_redirect(zen_href_link(FILENAME_CONTACT_US, '', 'SSL'));
// }
error_log ('$_SERVER: ' . print_r ($_SERVER, true));

// default email and name if customer is logged in
if($_SESSION['customer_id']) {
  $sql = "SELECT customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id
          FROM " . TABLE_CUSTOMERS . "
          WHERE customers_id = :customersID";

  $sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer');
  $check_customer = $db->Execute($sql);
  $email_address = $check_customer->fields['customers_email_address'];
  $name= $check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'];
}

[lhungil]

Probably not the issue, but looks like HTTP_SERVER is off in the configure.php.

Code:

...
  define('HTTP_SERVER', 'http://www.thescrapinshack.com');
  define('HTTPS_SERVER', 'https://gator4175.hostgator.com/~pritchar');

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  define('DIR_WS_CATALOG', '/zencart/');
  define('DIR_WS_HTTPS_CATALOG', '/zencart/');
...

lat9, you are a genius (server appears to be nginx - if running under fastcgi, it may be missing the "fastcgi_param HTTPS on" or using something else in the server configuration to denote HTTPS). The $_SERVER dump should contain some valuable information about the server setup for HTTPS, so definitely follow through on lat9's request.

[mc12345678]

Wouldn't it be that the HTTPS_SERVER is "off"?

That instead of:

Code:

https://gator4175.hostgator.com/~pritchar

it should be

Code:

https://gator4175.hostgator.com

And

Code:

define('DIR_WS_HTTPS_CATALOG', '/zencart/');

should be:

Code:

define('DIR_WS_HTTPS_CATALOG', '/~pritchar/zencart/');

?

This would support any comparisons of the uri without the server address to information in the DIR_WS_HTTPS_CATALOG constant concatenated with the identified "current page". If it was intended for that shared host information to stay in the http_catalog/https_catalog constant, then perhaps on the contact us page that is not handled the same way as it is elsewhere in the code?

[BADBUNNY36]

After some more testing,

I have found that all pages are showing and load correctly with IE ( I have IE 11 on win 8 ) but not in google chrome. Contact us and Login pages are not showing in chrome just the code and boxes to sign in or email. Now I have a session time out error when trying to sign in ( I had made a customer account to test products and purchasing ) now when trying to sign in page comes up with Session Timeout and wont let me log in with customer from shop front. Admin is still working fine.

Might just start over and reload zencart from scratch again.....

Thanks,

***********************************************

John,
Webmaster

[lhungil]

Wouldn't it be ...

Cannot remember the exact reason, but it worked better that way for some hosting environments. Keeping the paths the same with a Shared SSL Certificate is currently the recommendation in the "advanced" section in the SSL guide.

...Might just start over and reload zencart from scratch again...

I would suggest first following up with the hosting provider (or another knowledgeable person) to ensure PHP / Zen Cart can detect when a request was for HTTPS... This needs to be addressed before re-installing Zen Cart on the same hosting provider... Long term I would recommend an SSL certificate specific to your domain (no matter the host or the shopping cart software).

[BADBUNNY36]

Thanks lhungil,

all valid points.. I have just sent my debug report to Lat9 to review so will see if anything can be found and follow up with my hosting company for any more advice.

Thanks all for the posts and help.

**************************************

John,
Webmaster

[BADBUNNY36]

Great mews everyone,

Looks like is all fixed....

Thanks ihugil for the prompt about SSL Guide. I read it when first setup my shop front but did not quite understand it..... So after reading it again and checking the web site - http://www.thescrapinshack.com I tested the web site with HTTPS:// and indeed it is running SSL from the site.

I went into my configure.php and changed the shared hostgator address to the website address and voila I have found all pages are displaying correctly in Google and IE
I can now get the customer sign in page to show and is now logging in correctly wothout any session timeouts.

Thanks for all the help everyone.... Going through an error like this sure does get you to find and see how a lot of the pages and configuration works.

Great help from everyone thanks a bunch guys....

********************************************

John,
Webmaster

[lat9]

Thanks lhungil,

all valid points.. I have just sent my debug report to Lat9 to review so will see if anything can be found and follow up with my hosting company for any more advice.

Thanks all for the posts and help.

**************************************

John,
Webmaster

I've taken a look at the $_SERVER information. Two things:
1) [SCRIPT_URI] => http://gator4175.hostgator.com/~pritchar/zencart/index.php ... shouldn't this start with https://? Are you sure that the HTTPS_SERVER definition in /includes/configure.php starts that way?
2) [HTTPS] is not set, so that init_file_db_names.php is going to set the $request_type to 'NONSSL' -- that's where the redirect loop occurred within the contact_us page.

[lat9]

Great mews everyone,

Looks like is all fixed....

Thanks ihugil for the prompt about SSL Guide. I read it when first setup my shop front but did not quite understand it..... So after reading it again and checking the web site - http://www.thescrapinshack.com I tested the web site with HTTPS:// and indeed it is running SSL from the site.

I went into my configure.php and changed the shared hostgator address to the website address and voila I have found all pages are displaying correctly in Google and IE
I can now get the customer sign in page to show and is now logging in correctly wothout any session timeouts.

Thanks for all the help everyone.... Going through an error like this sure does get you to find and see how a lot of the pages and configuration works.

Great help from everyone thanks a bunch guys....

********************************************

John,
Webmaster

Your problem is not fixed until your contact_us page operates properly after restoring the contents of /includes/modules/pages/contact_us/header_php.php to its original form. The commenting-out that I suggested was simply to determine the source of the issue, not to provide a long-term solution.

[lhungil]

Your problem is not fixed until your contact_us page operates properly after restoring the contents of /includes/modules/pages/contact_us/header_php.php to its original form. ...

I cannot stress this enough.
With those lines commented out, your website does not ensure personal data is encrypted using SSL/TLS between the customer / visitor and the website. In some countries this violates legal requirements.

... I went into my configure.php and changed the shared hostgator address to the website address and voila I have found all pages are displaying correctly in Google and IE ...

If your site has a dedicated certificate and is accessible via "http://www.thescrapinshack.com/" and "https://www.thescrapinshack.com/", a number of other changes should be made.

For "/includes/configure.php":

Code:

...
  define('HTTP_SERVER', 'http://www.thescrapinshack.com');
  define('HTTPS_SERVER', 'https://www.thescrapinshack.com');

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'true');

...

  define('DIR_WS_CATALOG', '/zencart/');
  define('DIR_WS_HTTPS_CATALOG', '/zencart/');
...

For "/includes/admin/configure.php":

Code:

...
  define('HTTP_SERVER', 'https://www.thescrapinshack.com');
  define('HTTPS_SERVER', 'https://www.thescrapinshack.com');
  define('HTTP_CATALOG_SERVER', 'http://www.thescrapinshack.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.thescrapinshack.com');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'true');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'true');

...
  define('DIR_WS_CATALOG', '/zencart/');
...
  define('DIR_WS_HTTPS_CATALOG', '/zencart/');
...