Results 1 to 6 of 6
  1. #1
    Join Date
    May 2006
    Posts
    5
    Plugin Contributions
    0

    Default SSL works when hard coded but not dynamically

    Hi there. I know there have been a lot of SSL support posts (and I promise I read at least 50 in the last few hours), but I haven't been able to resolve my particular problem and was hoping some one could help.

    Here is a breakdown of my problem:

    1. Recently purchased a 128-bit SSL certificate from BliksemHosting.com to be used on a client's site (which is also hosted with Bliksem).

    2. Changed both config.php files to the following


    PHP Code:
    // CODE FROM INCLUDES/CONFIG.PHP
    // Define the webserver and path parameters
      // HTTP_SERVER is your Main webserver: eg, http://www.yourdomain.com
      // HTTPS_SERVER is your Secure webserver: eg, https://www.yourdomain.com
      
    define('HTTP_SERVER''http://northwoodsfloor.com');
      
    define('HTTPS_SERVER''https://northwoodsfloor.com');

      
    // Use secure webserver for checkout procedure?
      
    define('ENABLE_SSL''true');

    // NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
    // * DIR_WS_* = Webserver directories (virtual/URL)
      // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
      
    define('DIR_WS_CATALOG''/');
      
    define('DIR_WS_HTTPS_CATALOG''/');



    // CODE FROM ADMIN/INCLUDES/CONFIG.PHP
      
    define('HTTP_SERVER''http://northwoodsfloor.com');
      
    define('HTTPS_SERVER''https://northwoodsfloor.com');
      
    define('HTTP_CATALOG_SERVER''http://northwoodsfloor.com');
      
    define('HTTPS_CATALOG_SERVER''https://northwoodsfloor.com');

      
    // Use secure webserver for catalog module and/or admin areas?
      
    define('ENABLE_SSL_CATALOG''true');
      
    define('ENABLE_SSL_ADMIN''true');

    // NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
    // * DIR_WS_* = Webserver directories (virtual/URL)
      // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
      
    define('DIR_WS_ADMIN''/admin/');
      
    define('DIR_WS_CATALOG''/');
      
    define('DIR_WS_HTTPS_ADMIN''/admin/');
      
    define('DIR_WS_HTTPS_CATALOG''/'); 
    3. SSL is working perfectly for the admin area. The login page automatically reverts to https:// when I navigate to http://northwoodsfloor.com/admin/

    The main site, however, does not.

    4. If I manually enter https:// for the domain like so, then SSL seems to work fine (the lock is not broken). However...it does not automatically revert when navigating to or within the the site via regular http:// (and also reverts back to http:// when I navigate away from my manually entered https:// page).

    Note: Ideally, I would only like the checkout pages to be secure...but will worry about this once I can figure out why it isn't working at all right now.

    Here are the steps I've taken to troubleshoot

    After browsing through many SSL-related posts (I am amazed - and relieved - at what a strong, friendly support network Zen Cart has), I tried to verify the following:

    1. Have tried setting the config up with & without the www prefix. Doesn't seem to matter either way. Result is the same - admin area works...regular site does not.

    2. Have verified that there is no content or images being called directly from http:// - from what I can see, everything in my template is set up relatively (../images/etc). Also, because SSL works when I manually enter https:// on any given page (the lock isn't broken), I'm thinking this means my problem isn't with external content.

    3. The template I'm using is based on the classic template. In the week I've been working on the site...I've been tweaking things to my own needs, but nothing (*I think*) which would have broken the default SSL/NON-SSL linking behaviors. Even so, here is a link to the directory showing .txt versions of some of the main tpl pages I modified.

    4. I came across the post about modifying the application_top.php, but my code was completely different than the examples shown and wasn't sure where else to look.

    Basically, the problem doesn't seem to be that my pages are insecure (evident by the manually entered https:// working), but that my template or zen install is getting confused about what pages/links to be secured.

    The following SSL logic seems to be inoperable:

    PHP Code:
    <a href="<?php echo zen_href_link(FILENAME_LOGIN'''SSL'); ?>"><?php echo HEADER_TITLE_LOGIN?></a>
    Ultimately, my only real goal is to make sure that the customer login and credit card pages are secure. I'd be fine with even a messy hack to make this happen..but don't know if any exist.

    Thanks in advance to anyone who wouldn't mind sharing their ideas....

  2. #2
    Join Date
    May 2006
    Posts
    5
    Plugin Contributions
    0

    Default Re: SSL works when hard coded but not dynamically

    Oops...forgot to mention that I also tried switching the template to the unmodified future_zen theme to see if the problem was with my template. The problem was still there - so if it is a configuration or coding issue...I'm thinking it must be with something outside of the templates directory.

  3. #3
    Join Date
    Sep 2004
    Location
    Western Massachusetts
    Posts
    2,945
    Plugin Contributions
    5

    Default Re: SSL works when hard coded but not dynamically

    The code in your header appears to be correct: the issue seems to be that the cart isn't getting the define for HTTPS_SERVER right.
    One possibility: the file includes/configure.php is not actually being overwritten when you upload a modified file (because of permissions being set to 444). So the configure.php file that is actually on the server might still be using http: for that define. Download a copy from your server and check it.

    Just for testing, you could have the cart echo the value of that constant to confirm: temporarily change your code for the login link from
    Code:
    <?php echo HEADER_TITLE_LOGIN; ?>
    to
    Code:
    <?php echo HEADER_TITLE_LOGIN . ' ' . HTTPS_SERVER; ?></
    then look at the page again and see what it shows.



    Edit: by the way, if that possibility I mentioned is the problem, you can overcome it by deleting the existing file before uploading the new one.
    Last edited by bunyip; 25 May 2006 at 01:20 AM.
    Neville
    An assumption is what you arrive at when you get tired of thinking...

  4. #4
    Join Date
    May 2006
    Posts
    5
    Plugin Contributions
    0

    Default Re: SSL works when hard coded but not dynamically

    Uggg...I am an idiot. I figured out the problem. Even though it appeared as if my changes to the config.php file had taken effect (I edited directly on the server from CuteFTP), I just realized the changes weren't saved because I had forgotten to change the file permissions before editing (duh!).

    Sorry for the long-winded post. Hopefully this will help someone else troublehsoot their SSL-related issues....

  5. #5
    Join Date
    May 2006
    Posts
    5
    Plugin Contributions
    0

    Default Re: SSL works when hard coded but not dynamically

    Quote Originally Posted by bunyip
    The code in your header appears to be correct: the issue seems to be that the cart isn't getting the define for HTTPS_SERVER right.
    One possibility: the file includes/configure.php is not actually being overwritten when you upload a modified file (because of permissions being set to 444). So the configure.php file that is actually on the server might still be using http: for that define. Download a copy from your server and check it.

    Just for testing, you could have the cart echo the value of that constant to confirm: temporarily change your code for the login link from
    Code:
    <?php echo HEADER_TITLE_LOGIN; ?>
    to
    Code:
    <?php echo HEADER_TITLE_LOGIN . ' ' . HTTPS_SERVER; ?></
    , then look at th epage again and see what it shows.
    LOL...I must have posted my last message just as you wrote this. You were right...I forgot to change file permissions before editing. You're definitely a lot quicker than I am...it took me four hours to realize what you figured out in a couple of minutes. :)

    Thanks for looking into it though...

  6. #6
    Join Date
    Sep 2004
    Location
    Western Massachusetts
    Posts
    2,945
    Plugin Contributions
    5

    Default Re: SSL works when hard coded but not dynamically

    Glad you figured it out... I was on the right track at least
    Neville
    An assumption is what you arrive at when you get tired of thinking...

 

 

Similar Threads

  1. v151 SSL works in catalog (sort of??) but not admin
    By styledata in forum Installing on a Linux/Unix Server
    Replies: 12
    Last Post: 8 Nov 2012, 02:40 AM
  2. SSL works but all links remain http not https
    By spriggig in forum Templates, Stylesheets, Page Layout
    Replies: 2
    Last Post: 2 Oct 2008, 08:10 AM
  3. URL Hard Coded causing SSL problems
    By ion5319 in forum General Questions
    Replies: 1
    Last Post: 18 Mar 2008, 06:21 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR