Post by prxbl » Sun May 27, 2018 1:35 am

I have SSL enabled in opencart settings and I can't access the admin interface because it constantly redirect back to the same login page.
I noticed this message in Chrome console

Code: Select all

Mixed Content: The page at 'https://www.domain.com/admin/index.php?route=common/login' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://www.domain.com/admin/index.php?route=common/login'. This endpoint should be made available over a secure connection.
I have defined the complete address in the two config files like so

Code: Select all

// HTTP
define('HTTP_SERVER', 'https://www.domain.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.domain.com/');
and admin config like so

Code: Select all

// HTTP
define('HTTP_SERVER', 'https://www.domain.com/admin/');
define('HTTP_CATALOG', 'https://www.domain.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.domain.com/admin/');
define('HTTPS_CATALOG', 'https://www.domain.com/');
I have also defined a redirect in htaccess to force all requests to be https://www.domain.com

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*) https://www.domain.com%{REQUEST_URI} [R=301,L,NE]
RewriteBase /
This used to work fine on OC 2.0.3 but recently I have upgraded to OC 2.2 and now I'm facing the login problem. If I remove the htaccess redirect I can access the admin area but I loose the redirect functionality and non https or non www requests don't get redirected.

Any ideas how to solve this? I don't have any real logic but I'm thinking some setting must be wrong after the upgrade, otherwise why would it make requests to a non secure http address like Chrome is reporting if current config points to https.

On the login page the form action points to http and I can't seem to understand why:

Code: Select all

<form action="http://www.domain.com/admin/index.php?route=common/login" method="post" enctype="multipart/form-data">

Thanks!

Newbie

Posts

Joined
Tue Sep 08, 2015 2:03 pm

Post by IP_CAM » Sun May 27, 2018 7:14 am

Well, whatever the reason for this might be, in the
admin/controller/common/header.php file,
this routine:

Code: Select all

	if ($this->request->server['HTTPS']) {
		$data['base'] = HTTPS_SERVER;
	} else {
		$data['base'] = HTTP_SERVER;
	}
could eventually be quickfix-changed into:

Code: Select all

	if ($this->request->server['HTTPS']) {
		$data['base'] = HTTPS_SERVER;
	} else {
		$data['base'] = HTTPS_SERVER;
		}
then, the HTTPS would be 'called', regardless of other settings,
I assume at least. ::)
---
BUT you could also try, to have this:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*) https://www.domain.com%{REQUEST_URI} [R=301,L,NE]
RewriteBase /
to be like this:

Code: Select all

RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*) https://www.domain.com%{REQUEST_URI} [R=301,L,NE]
or like this:

Code: Select all

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*) https://www.domain.com%{REQUEST_URI} [R=301,L,NE]
RewriteEngine On
RewriteBase /
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by prxbl » Sun May 27, 2018 3:33 pm

I took another route and fixed it by changing this line :

Code: Select all

$_['site_ssl']             = false;
to

Code: Select all

$_['site_ssl']             = true;
In these 3 files

Code: Select all

system/config/default.php
system/config/catalog.php
system/config/admin.php

Newbie

Posts

Joined
Tue Sep 08, 2015 2:03 pm
Who is online

Users browsing this forum: No registered users and 56 guests