WorldPay Module for ZenCartv1.3x

[CES]

Another update:

Made the changes you suggest to the WorldPay module and everything works OK. Have not checked whether I get the 'problem' in IE7, shall check that later at home.

Craig

[duncanad]

Craig,

I've just put through a (cancelled) order on your site using IE7 and didn't get a "non secure items on page" message so it appears to be working OK. What I did notice is that the Shopping Cart icon at the top left does not act as a link in IE7 but does in IE6 which is strange!

Regarding SSL in Admin you are quite right it doesn't work out of the box as yet. Not all of the pages in admin need to be accessed securely e.g. the catalogue pages do not hold confidential information, however the customer pages do and should be accessed securely. I'm afraid it's a screwdriver job to fix this at present. There may be posts elsewhere on the forums detailing how to do this but here is a flavour of what needs to be done.

Edit admin/includes/boxes/customers_dhtml.php

Change:

Code:

  $za_heading = array('text' => BOX_HEADING_CUSTOMERS, 'link' => zen_href_link(FILENAME_ALT_NAV, '', 'NONSSL'));
  $za_contents[] = array('text' => BOX_CUSTOMERS_CUSTOMERS, 'link' => zen_href_link(FILENAME_CUSTOMERS, '', 'NONSSL'));
  $za_contents[] = array('text' => BOX_CUSTOMERS_ORDERS, 'link' => zen_href_link(FILENAME_ORDERS, '', 'NONSSL'));
  $za_contents[] = array('text' => BOX_CUSTOMERS_GROUP_PRICING, 'link' => zen_href_link(FILENAME_GROUP_PRICING, '', 'NONSSL'));
  $za_contents[] = array('text' => BOX_CUSTOMERS_PAYPAL, 'link' => zen_href_link(FILENAME_PAYPAL, '', 'NONSSL'));

to:

Code:

  $za_heading = array('text' => BOX_HEADING_CUSTOMERS, 'link' => zen_href_link(FILENAME_ALT_NAV, '', 'SSL'));
  $za_contents[] = array('text' => BOX_CUSTOMERS_CUSTOMERS, 'link' => zen_href_link(FILENAME_CUSTOMERS, '', 'SSL'));
  $za_contents[] = array('text' => BOX_CUSTOMERS_ORDERS, 'link' => zen_href_link(FILENAME_ORDERS, '', 'SSL'));
  $za_contents[] = array('text' => BOX_CUSTOMERS_GROUP_PRICING, 'link' => zen_href_link(FILENAME_GROUP_PRICING, '', 'SSL'));
  $za_contents[] = array('text' => BOX_CUSTOMERS_PAYPAL, 'link' => zen_href_link(FILENAME_PAYPAL, '', 'SSL'));

This isn't the whole deal. You need to find ALL of the files that link to admin pages that display confidential information and change 'NONSSL' to 'SSL' in the link code to those pages.

Regards,

Alan

[BigMacYin]

Hi Alan,

I have implemented your solution and everything is working great now. Thanks very much indeed for the time you have given to resolve the issue and my apologies for not getting back sooner.

Kindest regards,

Hamish

[duncanad]

Hamish,

Naebother big man.

Alan

[CES]

Hi Alan

Sorry in the delay replying.

Thanks for all your effort, even checking out my site. Above and beyond the call of duty.

I have noticed the IE7 problem too. Works in FF which I use most of the time and in IE6 which I check at work (Win 2000). I have to check the site at home in IE7. The 'link' is there, just aligned well to the right. I am using an adaption of the 'simple zen' template so I will probably have to post a question in that forum.

Question: Do you alter all those admin links to SSL? If I knew an update was going to address the issue soon I would probably wait. As you suggested I will check the forums if there is a definitive list.

Thanks once again

Craig

[duncanad]

Craig,

The short answer is I have changed some but not all. High on my todo list. I have encountered a bit of a bug 'though. I use a shared SSL certificate and things are configured such that I have one set of files but two paths ie
http://www.mywebsite.com
and
https://secure.securedomain.com/www.mywebsite.com
This works absolutely fine except with some of the SSL links in Admin the first time of clicking I get kicked out to the login screen. If I then log back in the problem dissappears! Others have reported similar problems elsewhere but I haven't seen any definitive solution. As far as I can ascertain this only seems to happen where a shared SSL certificate is used. Just recently I have been able to consistently reproduce this behaviour and now have a solution - but I don't know why it works. I'm still on v 1.3.5. When I upgrade to 1.3.6 I'm going to do some more rigorous testing. If I achieve consistant results I'll post the solution somewhere.

According to the Development Roadmap posted here:
http://www.zen-cart.com/forum/showthread.php?t=36912
an overhaul of the Admin is not due until 1.6 which may be some time off.

I've not tried this but a possible way to secure the whole of the admin would be set the non-secure path in the admin configuration to the secure path ie in admin/includes/configure.php:

Code:

  // Main webserver: eg, http://localhost - should not be empty for productive servers
  define('HTTP_SERVER', 'https://www.mywebsite.com');
  // Secure webserver: eg, https://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www.mywebsite.com'); // eg, https://localhost

This is probably a bit of overkill and I would test this on a test site first to ensure there are no unexpected side effects and/or server performance issues.

Regards,

Alan

[CES]

It's nice to know I'm not the only one with a to do list!!

Cracked the alignment problem I had with IE7, just upgraded to the latest version of the template :-)

Although I'm no coder/programmer, let me know if you need help testing anything Alan, all your work is appreciated.

Craig

[SarahL]

help!! this doesn't work on 1.3.6 - for some reason I still get TEST transaction text page even when its live! Obviously missed the 1.3x but not 1.3.6 part!! new shop - so cannot roll back :)

any ideas on why or how to resolve it!!

[CES]

Think your answer is earlier on in this thread:

http://www.zen-cart.com/forum/showpo...6&postcount=63

Hopefully just a simple fix.

:-)

Craig

[SarahL]

Think your answer is earlier on in this thread:

http://www.zen-cart.com/forum/showpo...6&postcount=63

Hopefully just a simple fix.

:-)

Craig

you angel :):) I thought that I had got as much from this thread that I needed - obviously missed that part!!!

Thank you I will try to remember this in future - oh buy the way

I have older version on exact same server using worldpay module - and I don't get this issue - so I think its for some reason zen cart code? rather than configuration?

thanks
Sarah