In SSL Front Page can not connect with stylesheet and images

[Okanya]

Dear Professionals

I have just did the installation 1.55 but somehow i have faced a problem which i can not solve. Admin Side is ok but front Side is having problem for connecting stylesheet and images.
Please check link below to see the problem
http://www.bakkerijmachines.eu

Thanks in advance

[lat9]

What are the settings in /includes/configure.php for
HTTP_SERVER
HTTPS_SERVER
ENABLE_SSL

[mc12345678]

My suspicion is that your host is improperly configured and as a result ZC is detecting that the page(s) should be presented with https:. There are three ways that come to mind to resolve this. The first is the "easy" way which doesn't solve the underlying problem which is to change your HTTPS_SERVER. To have a path with http: in it. The second is to modify the code so that the <base tag resolves to the http: setup that is expected, the third is to contact the host and work through why particular values are coming up as true that is in the code that detects whether to present the page as https: instead of just as http:, oh I guess there is a fourth, you could buy a SSL certificate and serve all your pages as https... but from a code perspective that is unnecessary. From an eCommerce perspective the general recommendation is to have and use an SSL certificate.

[Okanya]

Thanks you, i will try and inform the result

[Okanya]

What are the settings in /includes/configure.php for
HTTP_SERVER
HTTPS_SERVER
ENABLE_SSL

Configure as below; But still have problem. Main page loads normal but while surfing problem occurs.
*/
define('HTTP_SERVER', 'http://www.bakkerijmachines.eu');
define('HTTPS_SERVER', 'https://www.bakkerijmachines.eu');

/**
* If you want to tell Zen Cart to use your HTTPS URL on sensitive pages like login and checkout, set this to 'true'. Otherwise 'false'. (Keep the quotes)
*/
define('ENABLE_SSL', '');

/**
* These DIR_WS_xxxx values refer to the name of any subdirectory in which your store is located.
* These values get added to the HTTP_CATALOG_SERVER and HTTPS_CATALOG_SERVER values to form the complete URLs to your storefront.
* They should always start and end with a slash ... ie: '/' or '/foldername/'
*/
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');

[Okanya]

My suspicion is that your host is improperly configured and as a result ZC is detecting that the page(s) should be presented with https:. There are three ways that come to mind to resolve this. The first is the "easy" way which doesn't solve the underlying problem which is to change your HTTPS_SERVER. To have a path with http: in it. The second is to modify the code so that the <base tag resolves to the http: setup that is expected, the third is to contact the host and work through why particular values are coming up as true that is in the code that detects whether to present the page as https: instead of just as http:, oh I guess there is a fourth, you could buy a SSL certificate and serve all your pages as https... but from a code perspective that is unnecessary. From an eCommerce perspective the general recommendation is to have and use an SSL certificate.

Configure.php
*/
define('HTTP_SERVER', 'http://www.bakkerijmachines.eu');
define('HTTPS_SERVER', 'https://www.bakkerijmachines.eu');

but problem still occurs

2nd sorry i couldnt understand the things or codes to do
3rd SSL certificate would be bought

But i have some sites which were working good until last 3 weeks. I would lşke to understand and solve the case. It would be happen to some other zencart users too.

Thanks your suggestions and solutions in advance

[lat9]

Your configure.php file's ENABLE_SSL setting should be either 'false' or 'true' ... not ''! I believe that this is the source of your issue.

[Okanya]

Your configure.php file's ENABLE_SSL setting should be either 'false' or 'true' ... not ''! I believe that this is the source of your issue.

I have just tried "true" and "false". But did not solve the issue.

[carlwhat]

you have a definite hosting problem...

i would first change this as such:

define('HTTP_SERVER', 'http://www.bakkerijmachines.eu');
define('HTTPS_SERVER', 'http://www.bakkerijmachines.eu');
define('ENABLE_SSL', 'false');

you do NOT have an SSL certificate properly installed, so you should not use https: until you get that done.

for whatever reason, ZC is trying to load a number of your resources over https: and as that is not properly configured, the browser can not find the resource.

i would try and get everything configured correctly using http: first. and then see about getting a SSL certificate properly installed.

these 2 pages should look similar and they do not:

http://www.bakkerijmachines.eu
https://www.bakkerijmachines.eu

as the second page gets redirected to a completely different site.

good luck!

[mc12345678]

See. Problem is, something within the following assignment is true such that $request_type is set to SSL. The test run by ZC is considered to be general enough to not miss that a site is setup to permit/show the content over a secure method, but also may misinterpret some signals because of the way the host has setup their system.

Basically if any one of these following sections is true (code is from includes/init_includes/init_file_db_names.php) then the software will attempt to present the page using https.

Code:

$request_type = (((isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == '1'))) ||
                 (isset($_SERVER['HTTP_X_FORWARDED_BY']) && strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_BY']), 'SSL') !== false) ||
                 (isset($_SERVER['HTTP_X_FORWARDED_HOST']) && (strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_HOST']), 'SSL') !== false || strpos(strtolower($_SERVER['HTTP_X_FORWARDED_HOST']), str_replace('https://', '', HTTPS_SERVER)) !== false)) ||
                 (isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && strpos(strtolower($_SERVER['HTTP_X_FORWARDED_SERVER']), str_replace('https://', '', HTTPS_SERVER)) !== false) ||
                 (isset($_SERVER['SCRIPT_URI']) && strtolower(substr($_SERVER['SCRIPT_URI'], 0, 6)) == 'https:') ||
                 (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] == '1' || strtolower($_SERVER['HTTP_X_FORWARDED_SSL']) == 'on')) ||
                 (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && (strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'ssl' || strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https')) ||
                 (isset($_SERVER['HTTP_SSLSESSIONID']) && $_SERVER['HTTP_SSLSESSIONID'] != '') ||
                 (isset($_SERVER['HTTP_X_FORWARDED_PORT']) && $_SERVER['HTTP_X_FORWARDED_PORT'] == '443') ||
                 (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443')) ? 'SSL' : 'NONSSL';

Recently seen is when a host has setup a proxy server and haven't properly setup variables/constants correctly such as HTTP_X_FORWARDED_BY and having it set such that it is the same content as what is used for connecting to the https server. Problem is, that when there is no SSL assigned to the site, then that should not evaluate to be true. It could be other such comparisons, but there is a thread around here that describes how to setup a file to put on your server, tell your host to access the file and either explain why or correct the server settings until all is right.

But the "quick" fix would be to modify your HTTPS_SERVER setting in the includes/configure.php file as already suggested.
Would also agree to use false instead of the pair of single quotes just for consistency to the concept that is generally addressed as a boolean and the instruction of using true or false not true and left empty or something similar.