1 page is showing up as https

[lidlchris]

[Note: remember to include site URL, ZC version, list of plugins, PHP version, etc ... read the Posting Tips shown above for information to include in your post here. And, remove this comment before actually posting!]

using 1.5.5f and php 7.1. all of the pages on the website are http except the contact page - https://www.swordsofhonor.com/index....age=contact_us. any ideas why that is happening?

[gilby]

Standard zen-cart behaviour...
All sensitive page usually switch to https including contact us, login, checkout, etc
What were you expecting to happen?

The settings are found in includes/configure.php

[lidlchris]

Thank you, I didn't know that. Was having problems with Chrome saying the page did not exist.

[mc12345678]

Thank you, I didn't know that. Was having problems with Chrome saying the page did not exist.

If you have obtained/installed an SSL, then the issue is with that installation, if not, then change the ENABLE_SSL in includes/configure.php and admin/includes/configure.php to 'false' instead of 'true':

Code:

define('ENABLE_SSL', 'false');

That will prevent attempting to access the pages reference by Gilby from trying to be presented with https:.

When making changes to includes/configure.php you will likely need to change the access rights to 0644 before saving the changes.

[lidlchris]

If you have obtained/installed an SSL, then the issue is with that installation, if not, then change the ENABLE_SSL in includes/configure.php and admin/includes/configure.php to 'false' instead of 'true':

Code:

define('ENABLE_SSL', 'false');

That will prevent attempting to access the pages reference by Gilby from trying to be presented with https:.

When making changes to includes/configure.php you will likely need to change the access rights to 0644 before saving the changes.

thank you.

[dbltoe]

Respectfully, MC# may have missed the fact that you do have an SSL certificate assigned to swordsofhonorDOTcom. This is good. Most browsers prefer sites to be completely https:// versus http://

Otherwise, there are a couple of problems. NOTE: In all text, the DOT stands for . This is to keep out the script kiddies while we fix. In the items below, change DOT to . in each case.

First, it appears that your configure.php files are set to go to www.swordsofhonorDOTcom versus swordsofhonorDOTcom. I would do two things in both the configure.php files. (one is in includes/configure.php - the other in YOUR_ADMIN/includes/configure.php:

Make sure that the HTTP_SERVER, HTTPS_SERVER, HTTP_CATALOG_SERVER, and HTTPS_CATALOG_SERVER are all set to https://swordsofhonorDOTcom This will make the browsers happy and make your site match the SSL certificate's non-www setup.

Also, instead of false, each define for enabling SSL (ENABLE_SSL and ENABLE_SSL_CATALOG) should be set to 'true'.

You now are using your SSL properly and the browsers will not report your site as insecure as long as you have not hard-coded a http:// link somewhere in your site. If so, the browser will probably report "mixed content." If you have those, return back here and we can help.

Lastly, you may need to consider adding a .htaccess file to your root (if you don't have 301 redirects elsewhere) with the following code:

Code:

# Needed before any rewritingRewriteEngine On


### Built using the .htaccess 301 Redirect Generator from Web Site Advantage
### https://websiteadvantage.com.au/HtAccess-301-Redirect-Generator
### Place after 'RewriteEngine On' and before any CMS specific rewrite rules


# Redirect HTTP with www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
# Redirect HTTP without www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect HTTPS with www to HTTPS without www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]


## 301 Redirects

This will ensure that all links coming to your site will revert to https://swordsofhonorDOTcom.

[lidlchris]

Respectfully, MC# may have missed the fact that you do have an SSL certificate assigned to swordsofhonorDOTcom. This is good. Most browsers prefer sites to be completely https:// versus http://

Otherwise, there are a couple of problems. NOTE: In all text, the DOT stands for . This is to keep out the script kiddies while we fix. In the items below, change DOT to . in each case.

First, it appears that your configure.php files are set to go to www.swordsofhonorDOTcom versus swordsofhonorDOTcom. I would do two things in both the configure.php files. (one is in includes/configure.php - the other in YOUR_ADMIN/includes/configure.php:

Make sure that the HTTP_SERVER, HTTPS_SERVER, HTTP_CATALOG_SERVER, and HTTPS_CATALOG_SERVER are all set to https://swordsofhonorDOTcom This will make the browsers happy and make your site match the SSL certificate's non-www setup.

Also, instead of false, each define for enabling SSL (ENABLE_SSL and ENABLE_SSL_CATALOG) should be set to 'true'.

You now are using your SSL properly and the browsers will not report your site as insecure as long as you have not hard-coded a http:// link somewhere in your site. If so, the browser will probably report "mixed content." If you have those, return back here and we can help.

Lastly, you may need to consider adding a .htaccess file to your root (if you don't have 301 redirects elsewhere) with the following code:

Code:

# Needed before any rewritingRewriteEngine On


### Built using the .htaccess 301 Redirect Generator from Web Site Advantage
### https://websiteadvantage.com.au/HtAccess-301-Redirect-Generator
### Place after 'RewriteEngine On' and before any CMS specific rewrite rules


# Redirect HTTP with www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
# Redirect HTTP without www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect HTTPS with www to HTTPS without www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]


## 301 Redirects

This will ensure that all links coming to your site will revert to https://swordsofhonorDOTcom.

This didn't quite work as you spelled out. but the redirects still seem to work. There were no fields in the includes/configure.php called 'HTTP_CATALOG_SERVER, and HTTPS_CATALOG_SERVER'. There WERE fields called 'DIR_WS_CATALOG' and 'DIR_WS_HTTPS_CATALOG' which were set to '/' (backslash) but when i changed those to https://swordsofhonor.com, the site didn't work, so i reset those 2 fields to '/' and the site now seems to work???

[mc12345678]

This didn't quite work as you spelled out. but the redirects still seem to work. There were no fields in the includes/configure.php called 'HTTP_CATALOG_SERVER, and HTTPS_CATALOG_SERVER'. There WERE fields called 'DIR_WS_CATALOG' and 'DIR_WS_HTTPS_CATALOG' which were set to '/' (backslash) but when i changed those to https://swordsofhonor.com, the site didn't work, so i reset those 2 fields to '/' and the site now seems to work???

The two constants identified above, as described in the writeup, are in or are related to the ADMIN/includes/configure.php.

Note that my earlier posting was intended for you to identify whether you had or did not have an SSL. Fortunately dbltoe went and did the extra homework to identify the presence and correct server hostname to support its use.

Hopefully you have though also gone back to your ADMIn/includes/configure.php and applied the changes described understanding that some of the values are self determined and some need to be given to the software.

[dbltoe]

Just a small quote from my earlier post.

First, it appears that your configure.php files are set to go to www.swordsofhonorDOTcom versus swordsofhonorDOTcom. I would do two things in both the configure.php files. (one is in includes/configure.php - the other in YOUR_ADMIN/includes/configure.php:

While you may need to read through some instructions a couple of times to figure what we mean, most of us in the Totally Zenned club try to be very specific when posting links, VARIABLE_TEXT, and instructions.

When you decide to change something different from that specified, you void the 50/50 guarantee. Fifty feet or fifty seconds, whichever comes first.

[lidlchris]

This all appears to working correctly now except for 1 problem in Microsoft Edge browser. The URL https://swordsofhonor.com shows up as 'not secure'. doesn't happen in any other browser.