Page 1 of 2 12 LastLast
Results 1 to 10 of 20
  1. #1
    Join Date
    Nov 2006
    Posts
    512
    Plugin Contributions
    0

    Default Notice of Combining Shopping Cart > Login > Secure Shopping Cart > Security Warning

    I like the new 1.3.8a feature of being directed to the Shopping Cart to view cart items from the last visit and see the notice of combined items.

    However, If an existing customer shops>goes to checkout (via login page) they land on an https secure shopping cart page, then when using the "update cart" button a security warning appears.

    Aside from changing the admin setting of not going to the cart page (which I like), is there a way around the update cart button giving off a security warning?
    Attached Images Attached Images  

  2. #2
    Join Date
    Jun 2005
    Location
    Cumbria, UK
    Posts
    10,262
    Plugin Contributions
    3

    Default Re: Notice of Combining Shopping Cart > Login > Secure Shopping Cart > Security Warni

    A security warning appears when components of a HTTPS page are actually HTTP. This commonly occurs when remote http:// URL's are embedded into the page (either through hard-coding, or through being called via a script that has not pre-defined the link as https or SSL.)

    If you are getting the warning, when it says "do you want to show the insecure items?" - - - choose "No".

    In this way you will be able to see what the non-secure component of the page is - because it won't display.

    Then you've narrowed down the offending http:// reference, and you can then look at how it can be changed - either by modifying the code calling the link, or by using https:// rather than http:// as the URL prefix.
    19 years a Zencart User

  3. #3
    Join Date
    Nov 2006
    Posts
    512
    Plugin Contributions
    0

    Default Re: Notice of Combining Shopping Cart > Login > Secure Shopping Cart > Security Warni

    Thank you for the tip! I didn't know about the trick about how to view what is non-secure.

    For this page, the non-secure link is the ZC "update cart" action itself:

    PHP Code:
    <?php echo zen_draw_form('cart_quantity'zen_href_link(FILENAME_SHOPPING_CART'action=update_product')); ?>
    If the shopping cart is in https (fresh off the login page), and the customer wishes to update their cart using the "update cart" button, that is what is giving the warning.

    I have changed the above code to SSL which works, but then the shopping cart goes SSL after each update

    I could be changing the wrong code...there are other references to the update cart button, that are beyond my knowledge on this page.

  4. #4
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Notice of Combining Shopping Cart > Login > Secure Shopping Cart > Security Warni

    Quote Originally Posted by dharma View Post
    Thank you for the tip! I didn't know about the trick about how to view what is non-secure.
    There's an FAQ on that issue too: https://www.zen-cart.com/tutorials/i...hp?article=150
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Nov 2006
    Posts
    512
    Plugin Contributions
    0

    Default Re: Notice of Combining Shopping Cart > Login > Secure Shopping Cart > Security Warni

    Thank you Dr. Byte, that is a good page for reference, I am aware of non-secure warnings due to img etc and full URL's. But my issue appears to be php ZC related, that is the update cart button sends the "update" as non SSL from a SSL page (if landing from login page (https: shopping cart) due to the Notice of Combining Shopping Cart setting.

    Has anyone else noticed this? or have I got this all wrong?

  6. #6
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Notice of Combining Shopping Cart > Login > Secure Shopping Cart > Security Warni

    If you want your shopping cart page to be SSL when the "combined" action happens, change the NONSSL to SSL in this section of your /includes/modules/pages/login/header_php.php:
    Code:
                if (SHOW_SHOPPING_CART_COMBINED == 1) {
                  // show warning and send to shopping cart for review
                  $messageStack->add_session('shopping_cart', WARNING_SHOPPING_CART_COMBINED, 'caution');
                  zen_redirect(zen_href_link(FILENAME_SHOPPING_CART, '', 'NONSSL'));
                }
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Nov 2006
    Posts
    512
    Plugin Contributions
    0

    Default Re: Notice of Combining Shopping Cart > Login > Secure Shopping Cart > Security Warni

    Your code works well, however the shopping cart page is already SSL (as is every page right after the login page) Is there a solution to this? I would love to fix that more than anything.

    --

    if not the issue still persists:

    So far this error appears in Firefox for Mac not in Safari Mac...I have not checked in IE yet.

    How do I change the update cart action to SSL? to avoid the warning and but not force the shopping cart page to go SSL afterwards? (see previous post)

    Would work:
    Login>Combined SSL Shopping cart (sadly forced by login)> SSL Update Cart action [no warnings] > NON SSL Shopping cart

    Ideally:
    Login>Combined NON SSL Shopping cart > NON SSL Update Cart action > NON SSL Shopping cart

    Update cart:
    PHP Code:
    <?php echo zen_draw_form('cart_quantity'zen_href_link(FILENAME_SHOPPING_CART'action=update_product')); ?>
    Last edited by dharma; 4 Mar 2008 at 08:24 PM.

  8. #8
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Notice of Combining Shopping Cart > Login > Secure Shopping Cart > Security Warni

    If you want to change those links to SSL, just add the SSL parameter ... same format as my previous post.

    If you'd rather your shopping cart were not SSL, then turn off the combined-contents-goes-to-cart.

    Switching between modes can be tough to code for. Keep in mind that the shopping cart page *before* login is not SSL-protected. After login, it normally is not either, unless you come back to it from the checkout-confirmation page in order to change something in the cart at the last minute.

    Do you have the same options set in all your different browsers with respect to how they alert you to ssl issues? Seems like you've got one browser complaining but others are not. Maybe it's just how you've got that set up.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  9. #9
    Join Date
    Nov 2006
    Posts
    512
    Plugin Contributions
    0

    Default Re: Notice of Combining Shopping Cart > Login > Secure Shopping Cart > Security Warni

    Yes good old number 2 is looking good right now:

    2= Yes show notice, but do not go to shopping cart
    However, unless combined shipping is off completely, customers will still end up on the SSL shopping cart page (if there is a stock issue).

    Maybe a work around would be to force the next page after login to always be the My Accounts page?

    But for now hello #2!

  10. #10
    Join Date
    May 2007
    Location
    Los Angeles
    Posts
    89
    Plugin Contributions
    0

    Default Re: Notice of Combining Shopping Cart > Login > Secure Shopping Cart > Security Warni

    Quote Originally Posted by dharma View Post
    Yes good old number 2 is looking good right now:



    However, unless combined shipping is off completely, customers will still end up on the SSL shopping cart page (if there is a stock issue).

    Maybe a work around would be to force the next page after login to always be the My Accounts page?

    But for now hello #2!
    Hi, I have the same issue. Where in admin you can turn off combining shopping cart?
    Thanks!

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Shopping Cart menu as a sidebox outside Zen-Cart -security
    By fl33140 in forum Templates, Stylesheets, Page Layout
    Replies: 11
    Last Post: 18 Feb 2011, 09:03 PM
  2. Replies: 1
    Last Post: 10 Sep 2009, 09:14 PM
  3. Replies: 2
    Last Post: 11 Nov 2008, 09:56 AM
  4. Warning notice when adding products to shopping cart
    By John Vieth in forum General Questions
    Replies: 12
    Last Post: 26 Sep 2008, 01:32 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR