Admin log-In fail with http security message

[kevin_a]

The browsers Firefox and Chrome are delivering a security message that prevents me logging into the Admin Area.


THE PROBLEM
At
https://rarecoinsandtokens.co.uk/zcadmin/login.php


The message has a red strike through padlock (but not on the address bar at top) and reads.
“This connection is not secure. Logins entered here could be compromised”
When I press Continue, another pop up is presented with a similar message.
Although the popup offers a button to Continue, it cycles back to the login page, not onto the admin.


THE HOSTING SERVICE ADVICE:


My Hosting service has advised me as follows.
“The message "Mixed Content: The page at 'https://rarecoinsandtokens.co.uk/zcadmin/login.php' was loaded over a secure connection, but contains a form that targets an insecure endpoint http://rarecoinsandtokens.co.uk/zcad...rn29cu48uoes67 means that while the webpage itself is secured with HTTPS, there is a form on the page that is submitting data to an insecure HTTP link instead of an HTTPS link. The insecure endpoint refers to the HTTP URL where the login form is submitting data. To resolve this, we recommend reaching out to your web developer and go through your template files and website content and ensure that all sources/links are HTTPS.”


EFFORTS TO RESOLVE
I cannot find where the login.php is targetting an insecure end point.
I have found the only two references in https://rarecoinsandtokens.co.uk/zcadmin/login.php
to http as follows:


Lines 63 – 65


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?php echo HTML_PARAMS; ?>>
<head>


I cannot enter the admin area to aquire logs.


This is a new development.
There have been no file changes to trigger this lock out.


Can someone help throw some light please.


ZC Ver 1.5.5b (about to upgrade to current)


Many thanks

[lat9]

Make sure that the server-related settings in zcadmin/includes/configure.php look like the following, i.e. each definition starts with https://

Code:

/**
 * Enter the domain for your Admin URL. If you have SSL, enter the correct https address in the HTTP_SERVER setting, instead of just an http address.
 */
define('HTTP_SERVER', 'https://rarecoinsandtokens.co.uk');
/**
 * Note about HTTPS_SERVER:
 * There is no longer an HTTPS_SERVER setting for the Admin. Instead, put your SSL URL in the HTTP_SERVER setting above.
 */

/**
 * Note about DIR_WS_ADMIN
 * The DIR_WS_ADMIN value is now auto-detected.
 * In the rare case where it cannot be detected properly, you can add your own DIR_WS_ADMIN definition below.
 */

/**
 * Enter the domain for your storefront URL.
 * Enter a separate SSL URL in HTTPS_CATALOG_SERVER if your store supports SSL.
 */
define('HTTP_CATALOG_SERVER', ' https://rarecoinsandtokens.co.uk');
define('HTTPS_CATALOG_SERVER', 'https://rarecoinsandtokens.co.uk');

/**
 * Do you use SSL for your customers login/checkout on the storefront? If so, enter 'true'. Else 'false'.
 */
define('ENABLE_SSL_CATALOG', 'true');

[swguy]

Sometimes it's a coding issue inside your template - see

https://docs.zen-cart.com/user/runni...#mixed-content

[kevin_a]

THANKYOU! Lat9
The problem resolved by following your advice.
best wishes
kevin_a

(and thankyou swguy... fortunately no need to look further)