Hi there. I know there have been a lot of SSL support posts (and I promise I read at least 50 in the last few hours), but I haven't been able to resolve my particular problem and was hoping some one could help.
Here is a breakdown of my problem:
1. Recently purchased a 128-bit SSL certificate from BliksemHosting.com to be used on a client's site (which is also hosted with Bliksem).
2. Changed both config.php files to the following
PHP Code:
// CODE FROM INCLUDES/CONFIG.PHP
// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg, http://www.yourdomain.com
// HTTPS_SERVER is your Secure webserver: eg, https://www.yourdomain.com
define('HTTP_SERVER', 'http://northwoodsfloor.com');
define('HTTPS_SERVER', 'https://northwoodsfloor.com');
// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');
// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
// CODE FROM ADMIN/INCLUDES/CONFIG.PHP
define('HTTP_SERVER', 'http://northwoodsfloor.com');
define('HTTPS_SERVER', 'https://northwoodsfloor.com');
define('HTTP_CATALOG_SERVER', 'http://northwoodsfloor.com');
define('HTTPS_CATALOG_SERVER', 'https://northwoodsfloor.com');
// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'true');
define('ENABLE_SSL_ADMIN', 'true');
// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_ADMIN', '/admin/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/admin/');
define('DIR_WS_HTTPS_CATALOG', '/');
3. SSL is working perfectly for the admin area. The login page automatically reverts to https:// when I navigate to http://northwoodsfloor.com/admin/
The main site, however, does not.
4. If I manually enter https:// for the domain like so, then SSL seems to work fine (the lock is not broken). However...it does not automatically revert when navigating to or within the the site via regular http:// (and also reverts back to http:// when I navigate away from my manually entered https:// page).
Note: Ideally, I would only like the checkout pages to be secure...but will worry about this once I can figure out why it isn't working at all right now.
Here are the steps I've taken to troubleshoot
After browsing through many SSL-related posts (I am amazed - and relieved - at what a strong, friendly support network Zen Cart has), I tried to verify the following:
1. Have tried setting the config up with & without the www prefix. Doesn't seem to matter either way. Result is the same - admin area works...regular site does not.
2. Have verified that there is no content or images being called directly from http:// - from what I can see, everything in my template is set up relatively (../images/etc). Also, because SSL works when I manually enter https:// on any given page (the lock isn't broken), I'm thinking this means my problem isn't with external content.
3. The template I'm using is based on the classic template. In the week I've been working on the site...I've been tweaking things to my own needs, but nothing (*I think*) which would have broken the default SSL/NON-SSL linking behaviors. Even so, here is a link to the directory showing .txt versions of some of the main tpl pages I modified.
4. I came across the post about modifying the application_top.php, but my code was completely different than the examples shown and wasn't sure where else to look.
Basically, the problem doesn't seem to be that my pages are insecure (evident by the manually entered https:// working), but that my template or zen install is getting confused about what pages/links to be secured.
The following SSL logic seems to be inoperable:
PHP Code:
<a href="<?php echo zen_href_link(FILENAME_LOGIN, '', 'SSL'); ?>"><?php echo HEADER_TITLE_LOGIN; ?></a>
Ultimately, my only real goal is to make sure that the customer login and credit card pages are secure. I'd be fine with even a messy hack to make this happen..but don't know if any exist.
Thanks in advance to anyone who wouldn't mind sharing their ideas....
Bookmarks