Mixed Content issue

[shags38]

v1.5.1 PHP 5.6

I have a couple of sites that have been allowed to wallow as v1.5.1 and am in the process of trying to revive them. Both sites are giving mixed content warnings in browsers (Firefox and Chrome). The lock in the browser bar that should be green is an orange warning triangle. After using an ssl check site the warnings results related primarily* to images, i.e. images links the greater majority of which are http links.

Both admin and store configure files have all servers set to https and ssl set to true (store and admin) - I have checked and re-checked, and the ssl certificate is valid - there is also a redirect, domain/www.domain >> https in the .htaccess file in the root. So my understanding is that these configurations should have all urls in the site directing / redirecting to https versions (??).

(*primarily - there is this widget code on some pages that I can modify to https or even get rid of - it has no influence on the majority of pages on the site)

Is there something I am missing ??

cheers,
Mike

Code:

/*************** NOTE: This file is similar, but DIFFERENT from the "store" version of configure.php. ***********/
/***************       The 2 files should be kept separate and not used to overwrite each other.      ***********/

/**
 * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
 * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
 */
  define('HTTP_SERVER', 'https://www.mothersdayaustralia.net.au');
  define('HTTPS_SERVER', 'https://www.mothersdayaustralia.net.au');
  define('HTTP_CATALOG_SERVER', 'https://www.mothersdayaustralia.net.au');
  define('HTTPS_CATALOG_SERVER', 'https://www.mothersdayaustralia.net.au');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'true');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'true');

/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/***************       The 2 files should be kept separate and not used to overwrite each other.      ***********/

// Define the webserver and path parameters
  // HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
  // HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
  define('HTTP_SERVER', 'https://www.mothersdayaustralia.net.au');
  define('HTTPS_SERVER', 'https://www.mothersdayaustralia.net.au');

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  define('DIR_WS_CATALOG', '/');
  define('DIR_WS_HTTPS_CATALOG', '/');

[mc12345678]

Just looking at the source code of the main page, there are at least 3 cases of src="http:// style items. These appear to be hardcoded and need to be corrected. there may be other issues causing the mixed content, but those need to be addressed first.

[lat9]

You could give Find http:// References (https://www.zen-cart.com/downloads.php?do=file&id=2197) a try. It will locate those references in your .PHP files as well as in database content (e.g. products and/or EZ-pages) and generate a report.

[shags38]

You could give Find http:// References (https://www.zen-cart.com/downloads.php?do=file&id=2197) a try. It will locate those references in your .PHP files as well as in database content (e.g. products and/or EZ-pages) and generate a report.

@ lat9 and mc12345678 - thank you both for your input. After your responses I went back to the ssl checker online tool and copied and pasted the myriads of http links and slowly but surely worked through every instance and changed http to https on every affected page (or in some cases deleted the unneeded reference altogether).

It took a while but it eventually hit me that the references are all external to the page or even the site - yep the penny finally dropped (nothing to do with configures). I hadn't experienced this before so now I know what to do in future.

Thanks again,
Mike