Post by BlueKore » Sat Mar 05, 2016 3:29 am

Hello,

I'm having the following problem:
I'm using the latest version of OpenCart (2.2) with SSL on my server. I've configured it to use SSL (Settings->Server) and changed the HTTPS configurations in the main config.php and admin/config files, and the website turned into a mess. The HTTPS mode works, but a lot of content is still served as HTTP. Some requests are being made with HTTP, and the form actions are pointing to HTTP URI's.
I want to use only HTTPS in my website.

So, my question is: Did i forget something, or is it a bug?
Thank you.
Last edited by BlueKore on Sat Mar 05, 2016 6:44 pm, edited 1 time in total.

Newbie

Posts

Joined
Sat Mar 05, 2016 3:24 am

Post by florinsith » Sat Mar 05, 2016 2:53 pm

By default in opencart only the checkout, account, affiliate and admin pages are secured, the main website url is still on http because the http server in config uses http://. If you want https accross the entire website you need to change the http_server to use https:// as well.

Image
My Extensions - SuperTheme - Opencart templates - Opencart modules


User avatar
Expert Member

Posts

Joined
Fri May 14, 2010 2:36 am


Post by BlueKore » Sat Mar 05, 2016 6:41 pm

florinsith wrote:By default in opencart only the checkout, account, affiliate and admin pages are secured, the main website url is still on http because the http server in config uses http://. If you want https accross the entire website you need to change the http_server to use https:// as well.
That is the 'copy-paste' question that everyone makes.
I've already done that. I've tried almost everything about OpenCart. When you request the website in HTTPS, there are some content that is server through HTTP.

Newbie

Posts

Joined
Sat Mar 05, 2016 3:24 am

Post by OSWorX » Sat Mar 05, 2016 11:45 pm

BlueKore wrote:
florinsith wrote:By default in opencart only the checkout, account, affiliate and admin pages are secured, the main website url is still on http because the http server in config uses http://. If you want https accross the entire website you need to change the http_server to use https:// as well.
That is the 'copy-paste' question that everyone makes.
I've already done that. I've tried almost everything about OpenCart. When you request the website in HTTPS, there are some content that is server through HTTP.
But it is true and correct.

What you can do (and should) is adding a few lines to your .htaccess and
1. rerouting http://www.sites to non-www
2. rerouting http-calls (port 80) to https (443 -ssl)

With both I have several customers serving all sites per https - no matter how you will call them.

Image


User avatar
Expert Member
Online

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by EvolveWebHosting » Sun Mar 06, 2016 9:56 am

What content is being requested over HTTP? Images and/or external css/js files? You can troubleshoot by going to whynopadlock.com and checking any URL that you want to. There are many reasons that an HTTP request could be made.

Image
https://www.evolvewebhost.com
Unhappy with your current host? We can migrate your account today (usually for no fee)! Visit our website and signup and we'll take care of the rest!
24/7/365 support
Image


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by Randem » Sun Mar 06, 2016 4:14 pm

Hi BlueKore,

It is a least a developer code oversight or misunderstanding on how it should work in the real world. At the most, a lack of proper testing...

It was changed to be incorrect - http://forum.opencart.com/viewtopic.php ... 22#p606922

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by s83k5v4 » Sun Mar 06, 2016 9:22 pm

Same problem here.
  • * Enabled SSL in the settings
    * Changed the HTTPS_SERVER property in /config.php
    * Changed the HTTPS_SERVER and HTTPS_CATALOG properties in /admin/config.php
Then I open the admin login page with the https address.
When I try to login I get a browser warning that the form data will be sent in clear text.

I have also tried to enable the included .htaccess (by removing .txt from the filename).
Same problem.

This was a clean install.
This worked fine with the exact same domains with the 1.5.6.4 version.

Newbie

Posts

Joined
Sun Mar 06, 2016 9:12 pm

Post by daniGo » Mon Mar 07, 2016 5:25 am

Look in upload/system/config/catalog.php and upload/system/config/admin.php.

Set

Code: Select all

$_['site_ssl']         = false;
to

Code: Select all

$_['site_ssl']         = true;
Last edited by straightlight on Mon Aug 08, 2016 2:40 am, edited 1 time in total.
Reason: Added code tags.

http://www.gombac.si


Active Member

Posts

Joined
Wed Mar 20, 2013 4:49 pm
Location - Slovenia

Post by Randem » Mon Mar 07, 2016 5:55 am

danigo,

Thanks, this indeed works for SSL and the Admin panel. this just reinforces my thoughts that they do not test these things or rely on those that do...

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by florinsith » Tue Mar 08, 2016 2:11 am

florinsith wrote:By default in opencart only the checkout, account, affiliate and admin pages are secured, the main website url is still on http because the http server in config uses http://. If you want https accross the entire website you need to change the http_server to use https:// as well.
From what I see in url->link , what I wrote above isnt relevant anymore in 2.2

Image
My Extensions - SuperTheme - Opencart templates - Opencart modules


User avatar
Expert Member

Posts

Joined
Fri May 14, 2010 2:36 am


Post by byens » Thu Mar 17, 2016 5:03 pm

Great its working again.. someone should make change in github ;)
daniGo wrote:Look in upload/system/config/catalog.php and upload/system/config/admin.php.

Set

$_['site_ssl'] = false;

to
$_['site_ssl'] = true;

Selling Kristik - Jasa Foto Aura - Jual Lingerie - supplier baju anak - jasa seo


Active Member

Posts

Joined
Sat Dec 11, 2010 12:29 pm
Location - Surabaya

Post by Dan_HiHosting » Wed Mar 30, 2016 10:21 pm

Still can't get it to work properly on a clean 2.2.0 installation here.

If you want the entire site as https, do you need to redirect http to https in the .htaccess file?

I don't see why that should be necessary.

But it seems most pages, even with SSL enabled, and the HTTPS urls specified, are returned as HTTP

This causes the icons not to load properly, and an unknown error.

It's incredibly difficult finding proper guidance on how to properly serve an entire OpenCart 2.2.0 installation through HTTPS.

Thanks

User avatar
Newbie

Posts

Joined
Sun Aug 02, 2015 12:57 am
Location - UK

Post by florinsith » Wed Mar 30, 2016 11:49 pm

Edit system/library/url.php and change:

Code: Select all

if ($this->ssl && $secure) {
			$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		} else {
			$url = 'http://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		}
to:

Code: Select all

$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
or maybe:

Code: Select all

if ($this->ssl && $secure) {
			$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		} else {
			$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		}
if you think you might change your mind and want a quick revert.
The htaccess redirect should stay for its initial purpose, to redirect to https in case http is explicitly accessed.

Image
My Extensions - SuperTheme - Opencart templates - Opencart modules


User avatar
Expert Member

Posts

Joined
Fri May 14, 2010 2:36 am


Post by Randem » Thu Mar 31, 2016 4:16 am

Hi Dan_HiHosting,

You are going to have issues in v2.2.0.0

OpenCart 2.2.0.0 Testing - Issues to Expect...

What to use to get you to SSL

Changes made to correct issues in OpenCart for v2.2.0.x

You have to make all SSL changes...

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by Dan_HiHosting » Thu Apr 21, 2016 4:17 am

Sorry, so do we need to manually make the SSL changes in the code, and what are they?

Or do we need to run that vQmod XML file?

Why on earth do they release such buggy versions? This is the latest/default release on Softaculous. And it's not fit for purpose.

Thanks

User avatar
Newbie

Posts

Joined
Sun Aug 02, 2015 12:57 am
Location - UK

Post by Randem » Thu Apr 21, 2016 4:52 am

Yes, as noted you would need to use VQMOD to use the XML to make the changes. However I would stay on v2.1.0.x until they get v2.2.0.x sorted out. You will notice that the same changes from v2.1.0.x still need to be made for v2.2.0.0.

You should NEVER make code changes directly to OpenCart files (hardcode).
Buggy releases are a result of buggy testing...

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by calderwood » Thu Apr 21, 2016 7:47 am

On a clean install of OC2.2 I noticed that the checkout was not changing to SSL while testing and is giving errors with PayPal Pro on Sandbox. Also PayPayPro iFrame does not work - I believe that again PP is not seeing the SSL either.

I set all configs to https:// for secure and non-secure, If you go to https://store then add product to cart, them go to cart, it reverts to non-ssl http://store Same in admin will not remain in SSL.

If 2.2 should not be listed as a stable version.

I wonder if the sun is shining outside?


New member

Posts

Joined
Tue Jan 03, 2012 7:59 am
Location - Shrewsbury, NJ

Post by Dan_HiHosting » Thu Apr 21, 2016 8:53 pm

Thanks Randem.

So you advise to install vQmod:
http://www.opencart.com/index.php?route ... n_id=19501

Then vQmod manager:
http://www.opencart.com/index.php?route ... n_id=19188

And then upload the v2.2.0.x Changes.zip file provided here:
http://www.randemsystems.com/support/op ... t-only%29/

I uploaded the vQmod files, and then did the same for vQmod manager and installed it, but vQmod doesn't seem to be installed.

Under Extensions > Modules > VQMod Manager > Edit
I get:
Required file "vqmod.php" is missing! Please install the latest OpenCart-compatible version of VQMod from https://github.com/vqmod/vqmod/releases and try again.

Previously when installing vQmod I've just used the official github.

What does this extension do?
http://www.opencart.com/index.php?route ... n_id=19501

Do I also need to upload a vqmod.php file?

Sorry, I don't find the instructions clear.

I can't believe any of this is necessary with a "stable" release.
We normally recommend OpenCart, but I don't see how we can with it in this state.
One can expect this from some hobbyist forum software or the like, but not the most recommended shopping cart software after Magento.

Any help much appreciated.

User avatar
Newbie

Posts

Joined
Sun Aug 02, 2015 12:57 am
Location - UK

Post by Randem » Fri Apr 22, 2016 3:48 am

With VQMOD or VQMOD you have to run the install procedure for each. There is an install folder with VQMOD and you should run the index.php file from that folder to install.

NEVER take serious; anyone who gives negative impact statements with no ABSOLUTE proof!
OpenCart Helpful Information * Upgrade 1.5 to 2.1 * Upgrade 2.1 to 2.2
"Why do people NEVER have enough time to do it right but ALWAYS enough time to do it over?"
DO NOT EVER GIVE SOMEONE YOU DON"T KNOW ADMIN ACCESS TO ANYTHING!
I am NOT affiliated with OpenCart


User avatar
Active Member

Posts

Joined
Sat Sep 27, 2014 9:17 am

Post by takahashi1973 » Thu May 26, 2016 5:35 pm

Hi
I tried with:

Code: Select all

if ($this->ssl && $secure) {
         $url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
      } else {
         $url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
      }
I force in htaccess all to HTTPS
In admin --> setting: use SSL: true
In both config.php files all urls are set to HTTPS.
Admin works fine.
Frontend almost except when you decent into a category it goes completely wrong.
Problem: stylesheet path. All other path seems to be okay but the stylesheet for for instance:
https://www.mydomain.com/desktops/mac
shows in source code: <link href="catalog/view/theme/default/stylesheet/stylesheet.css" rel="stylesheet">

BUT it seems to be loaded from: desktops/catalog/view/theme/default/stylesheet/stylesheet.css
......
anyone an idea/solution to this strange problem?

these days stores should just load fine in 100% HTTPS.

Active Member

Posts

Joined
Thu Oct 13, 2011 11:41 pm
Who is online

Users browsing this forum: No registered users and 10 guests