Originally Posted by
dbltoe
IF your site is Joseph Harley Flowers, it is not secure and you have some problems with your configure.php files as trying to force https causes the template to disappear.
You mentioned the .htaccess file. There is not one in the root of an initial install UNLESS cpanel adds it to establish your site's PHP level. Sometimes a 301 redirect is added later in the process.
I would attach both configure.php files and the root's .htaccess here using the # (button on the button bar) to show them. Be sure to remove admin directory names and DB access info. I bet we find something in one of those.
Originally Posted by
dbltoe
IF your site is XXXX, it is not secure and you have some problems with your configure.php files as trying to force https causes the template to disappear.
You mentioned the .htaccess file. There is not one in the root of an initial install UNLESS cpanel adds it to establish your site's PHP level. Sometimes a 301 redirect is added later in the process.
I would attach both configure.php files and the root's .htaccess here using the # (button on the button bar) to show them. Be sure to remove admin directory names and DB access info. I bet we find something in one of those.
OK - yes, the .htaccess files are set by the host to determine PHP version, plus they rewrite to SSL
configure.php in includes:
Code:
<?php
/**
* @package Configuration Settings
* @copyright Copyright 2003-2018 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* File Built by Zen Cart Installer on Mon Nov 25 2019 15:13:22
*/
/*************** NOTE: This file is VERY similar to, but DIFFERENT from the "admin" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/
/**
* Enter the domain for your store
* HTTP_SERVER is your Main webserver: eg-http://www.yourdomain.com
* HTTPS_SERVER is your Secure/SSL webserver: eg-https://www.yourdomain.com
*/
define('HTTP_SERVER', 'https://mysitesdomain.co.uk');
define('HTTPS_SERVER', 'https://mysitesdomain.co.uk');
/**
* If you want to tell Zen Cart to use your HTTPS URL on sensitive pages like login and checkout, set this to 'true'. Otherwise 'false'. (Keep the quotes)
*/
define('ENABLE_SSL', 'true');
/**
* These DIR_WS_xxxx values refer to the name of any subdirectory in which your store is located.
* These values get added to the HTTP_CATALOG_SERVER and HTTPS_CATALOG_SERVER values to form the complete URLs to your storefront.
* They should always start and end with a slash ... ie: '/' or '/foldername/'
*/
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
/**
* This is the complete physical path to your store's files. eg: /var/www/vhost/accountname/public_html/store/
* Should have a closing / on it.
*/
define('DIR_FS_CATALOG', '/var/sites/j/mysitesdomain.co.uk/public_html/');
/**
* The following settings define your database connection.
* These must be the SAME as you're using in your admin copy of configure.php
*/
define('DB_TYPE', 'mysql'); // always 'mysql'
define('DB_PREFIX', ''); // prefix for database table names -- preferred to be left empty
define('DB_CHARSET', 'utf8mb4'); // 'utf8mb4' or older 'utf8' / 'latin1' are most common
define('DB_SERVER', 'XXX'); // address of your db server
define('DB_SERVER_USERNAME', 'XXX');
define('DB_SERVER_PASSWORD', 'XXX');
define('DB_DATABASE', 'XXX');
/**
* This is an advanced setting to determine whether you want to cache SQL queries.
* Options are 'none' (which is the default) and 'file' and 'database'.
*/
define('SQL_CACHE_METHOD', 'none');
/**
* Reserved for future use
*/
define('SESSION_STORAGE', 'reserved for future use');
/**
* Advanced use only:
* The following are OPTIONAL, and should NOT be set unless you intend to change their normal use. Most sites will leave these untouched.
* To use them, uncomment AND add a proper defined value to them.
*/
// define('DIR_FS_SQL_CACHE' ...
// define('DIR_FS_DOWNLOAD' ...
// define('DIR_FS_LOGS' ...
// End Of File
configure.php in admin/includes:
Code:
<?php
/**
* @package Configuration Settings
* @copyright Copyright 2003-2018 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* File Built by Zen Cart Installer on Mon Nov 25 2019 15:13:22
*/
/*************** NOTE: This file is VERY similar to, but DIFFERENT from the "store" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/
/**
* Enter the domain for your Admin URL. If you have SSL, enter the correct https address in the HTTP_SERVER setting, instead of just an http address.
*/
define('HTTP_SERVER', 'https://mysitesdomain.co.uk/');
/**
* Note about HTTPS_SERVER:
* There is no longer an HTTPS_SERVER setting for the Admin. Instead, put your SSL URL in the HTTP_SERVER setting above.
*/
/**
* Note about DIR_WS_ADMIN
* The DIR_WS_ADMIN value is now auto-detected.
* In the rare case where it cannot be detected properly, you can add your own DIR_WS_ADMIN definition below.
*/
/**
* Enter the domain for your storefront URL.
* Enter a separate SSL URL in HTTPS_CATALOG_SERVER if your store supports SSL.
*/
define('HTTP_CATALOG_SERVER', 'https://mysitesdomain.co.uk');
define('HTTPS_CATALOG_SERVER', 'https://mysitesdomain.co.uk');
/**
* Do you use SSL for your customers login/checkout on the storefront? If so, enter 'true'. Else 'false'.
*/
define('ENABLE_SSL_CATALOG', 'true');
/**
* These DIR_WS_xxxx values refer to the name of any subdirectory in which your store is located.
* These values get added to the HTTP_CATALOG_SERVER and HTTPS_CATALOG_SERVER values to form the complete URLs to your storefront.
* They should always start and end with a slash ... ie: '/' or '/foldername/'
*/
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
/**
* This is the complete physical path to your store's files. eg: /var/www/vhost/accountname/public_html/store/
* Should have a closing / on it.
*/
define('DIR_FS_CATALOG', '/var/sites/j/mysitesdomain.co.uk/public_html/');
/**
* NOTE about DIR_FS_ADMIN
* The value for DIR_FS_ADMIN is now auto-detected.
* In the very rare case where there is a need to override the autodetection, simply add your own definition for it below.
*/
/**
* The following settings define your database connection.
* These must be the SAME as you're using in your non-admin copy of configure.php
*/
define('DB_TYPE', 'mysql'); // always 'mysql'
define('DB_PREFIX', ''); // prefix for database table names -- preferred to be left empty
define('DB_CHARSET', 'utf8mb4'); // 'utf8mb4' or older 'utf8' / 'latin1' are most common
define('DB_SERVER', 'XXX'); // address of your db server
define('DB_SERVER_USERNAME', 'XXX');
define('DB_SERVER_PASSWORD', 'XXX');
define('DB_DATABASE', 'XXX');
/**
* This is an advanced setting to determine whether you want to cache SQL queries.
* Options are 'none' (which is the default) and 'file' and 'database'.
*/
define('SQL_CACHE_METHOD', 'none');
/**
* Reserved for future use
*/
define('SESSION_STORAGE', 'reserved for future use');
/**
* Advanced use only:
* The following are OPTIONAL, and should NOT be set unless you intend to change their normal use. Most sites will leave these untouched.
* To use them, uncomment AND add a proper defined value to them.
*/
// define('DIR_FS_SQL_CACHE' ...
// define('DIR_FS_DOWNLOAD' ...
// define('DIR_FS_LOGS' ...
// End Of File
.htaccess in root:
Code:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.mysitesdomain.co.uk/$1 [R=301,L]
AddType x-httpd-php72 .php
.htaccess in admin:
Code:
#
# @copyright Copyright 2003-2016 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version $Id: .htaccess 19328 Modified in v1.6.0 $
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
# AllowOverride Limit Options Indexes
#</Directory>
###############################
DirectoryIndex index.php
# deny *everything*
<FilesMatch ".*\..*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
</FilesMatch>
# allow access to the root
<FilesMatch "^$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
</IfModule>
</FilesMatch>
# but now allow just *certain* necessary files:
<FilesMatch "(?i).*\.(php|js|css|html?|ico|otf|jpe?g|gif|webp|png|swf|flv|xml|xsl)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
</IfModule>
</FilesMatch>
IndexIgnore */*
<limit POST PUT>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
</limit>
## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI
##################
## Optional caching improvements
## Requires mod_header and mod_deflate to be enabled within Apache
##################
<IfModule mod_headers.c>
Header unset Pragma
FileETag None
Header unset ETag
#Header set Cache-Control "no-transform"
<FilesMatch "(?i).*\.(ico|jpe?g|gif|otf|webp|png|swf|flv|svg|svgz)$">
Header set Cache-control "max-age=864000, public, must-revalidate"
Header unset Last-Modified
</FilesMatch>
<FilesMatch "(?i).*\.(html|htm|xml|txt|xsl)$">
Header set Cache-control "max-age=7200, must-revalidate"
</FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
<FilesMatch "(?i)\.(js|css)$">
SetOutputFilter DEFLATE
</FilesMatch>
</IfModule>
##################
## Optional improvements
## Requires mod_expires to be enabled within Apache
##################
<ifmodule mod_expires.c>
ExpiresActive On
ExpiresDefault A300
ExpiresByType application/x-javascript A3600
ExpiresByType text/css A3600
ExpiresByType image/gif A604800
ExpiresByType video/x-flv A604800
ExpiresByType application/pdf A604800
ExpiresByType text/html A300
ExpiresByType image/x-icon A86400
ExpiresByType image/jpeg A2592000
ExpiresByType image/png A2592000
ExpiresByType text/cache-manifest "access plus 0 seconds"
</ifmodule>
#turn off X-PHP-Originating-Script header when sending emails from admin
#uncomment to activate:
# php_flag mail.add_x_header Off
.htaccess in admin/includes:
Code:
#
# @copyright Copyright 2003-2016 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version $Id: Author: DrByte Thu Mar 3 13:00:42 2016 -0500 Modified in v1.6.0 $
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
# AllowOverride Limit Options Indexes
#</Directory>
###############################
# deny *everything*
<FilesMatch ".*">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
</FilesMatch>
# but now allow just *certain* necessary files:
<FilesMatch "(?i).*\.(js|css|jpg|gif|png|otf|cur|map|eot|svg|ttf|woff2?)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
</IfModule>
</FilesMatch>
IndexIgnore */*
Bookmarks