SSL problem in Google Chrome

[RodG]

I don't know how well https://www.whynopadlock.com/ works but I checked https://dxxxxmed.com/index.php?main_page=login and it returned all items being secure.

Right at the top/start of the page you have the following code:

Code:

<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml">

This is why the page is showing insecure items (at a guess)

Cheers
RodG

[doooomed]

Right at the top/start of the page you have the following code:

Code:

<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml">

This is why the page is showing insecure items (at a guess)

Cheers
RodG

Thanks but I removed that code and still get the same results

[RodG]

Thanks but I removed that code and still get the same results

There's another..

Code:

<!--bof-header logo and navigation display-->


<div class="fb-like" data-colorscheme="dark" data-font="verdana" data-href="http://www.doooomed.com" data-send="true" data-show-faces="false" data-width="300">


    &nbsp;</div>


<div id="headerWrapper">

Cheers
Rod

[doooomed]

There's another..

Code:

<!--bof-header logo and navigation display-->


<div class="fb-like" data-colorscheme="dark" data-font="verdana" data-href="http://www.doooomed.com" data-send="true" data-show-faces="false" data-width="300">


    &nbsp;</div>


<div id="headerWrapper">

Cheers
Rod

Unfortunately still no change. All that code I am removing has been there a long time...!

[RodG]

Unfortunately still no change. All that code I am removing has been there a long time...!

I'm pretty much out of ideas/suggestions. About the only other thing I'm seeing shouldn't be causing the problem anyway, but that is, at the very bottom of the page is a stray "<" character.


Aha! I think I found it.

Code:

                                             <script><!--
function session_win() {
  window.open("http://doooomed.com/index.php?main_page=info_shopping_cart","info_shopping_cart","height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes").focus();
}
//--></script>

Cheers
RodG

[doooomed]

Aha! I think I found it.

Code:

                                             <script><!--
function session_win() {
  window.open("http://doooomed.com/index.php?main_page=info_shopping_cart","info_shopping_cart","height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes").focus();
}
//--></script>

Are you saying this code is incorrect or shouldn't be there at all? I removed it but nothing changed. I put it back because I don't know what it does.

[RodG]

Are you saying this code is incorrect or shouldn't be there at all? I removed it but nothing changed. I put it back because I don't know what it does.

Good morning.

Apparently I wasn't thinking too clearly last night with my previous suggestions. I'll put it down to being overtired.

I've taken another look into this today and am kicking myself for all the bad leads I gave you.

The problem is being caused because one of the form actions is pointing to a non ssl page. Specifically,

Code:

<!--// bof: artists //-->
<div class="rightBoxContainer" id="artists" style="width: 190px">
<h3 class="rightBoxHeading" id="artistsHeading"><label>Bands</label></h3>
<div id="artistsContent" class="sideBoxContent centeredContent">
<form name="artist_form" action="http://dxxxxmed.com/index.php?main_page=index" method="get"><input type="hidden" name="main_page" value="index" /><input type="hidden" name="typefilter" value="artist" />
<select name="artists_id" onchange="this.form.submit();" size="MAX_RECORD_ARTISTS_LIST" style="width: 90%; margin: auto;">

The 'action' link needs to be "https://dxxxxmed.com"

I made this determination by viewing the page with Chrome, then from the Chrome menu selecting 'tools->Javascript_console'

This gave the following info:
The page at 'https://dxxxxmed.com/index.php?main_page=login' was loaded over HTTPS, but is submitting data to an insecure location at 'http://dxxxxmed.com/index.php?main_page=index': this content should also be submitted over HTTPS.

This gave me a clue that I should be looking at the form/submit elements, so I then did a search on the "view-source" of the page which gave me the form link I've given above. It is the only form link on the page that doesn't use "https".

The only thing that puzzles me now is *why* this link isn't using https, because to the best of my knowledge these links are dynamically generated from the configure.php settings. I think that this is something you'll need to determine for yourself though.

Also, although not relevant to the problem, you see the "MAX_RECORD_ARTISTS_LIST"? This should actually 'resolve' to a number (so it reads something like size="25". This implies that there is probably a missing entry in your database configuration table.

Hopefully this info will help you resolve the problem.
Apologies for leading you astray last night. I should have used the Chrome tools in the 1st place rather than just looking at the page code.

Cheers
RodG