Post by ThatBlokeRob » Tue Nov 24, 2009 2:01 am

Hey everyone,

I've had a couple of customers getting to the 'order/confirm' page with http not https.
This is causing problems with ajax calls when https is declared in the config.php.

Any ideas how I can force the page to use https on certain pages?
ht.access is possible, but how to define certain urls...

Robin

Newbie

Posts

Joined
Mon Oct 12, 2009 6:07 pm

Post by Daniel » Tue Nov 24, 2009 2:29 am

which payment gateway?

sagepay?

OpenCart®
Project Owner & Developer.
OpenCart commercial support now available!


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by Qphoria » Tue Nov 24, 2009 2:35 am

Did you enable SSL? The checkout pages will automatically switch to https mode if https is configured correctly. It has nothing to do with the payment modules themselves. The main checkout pages handle it already.

OpenCart 2.0.x Mod Update Info

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by iloveopencart » Sat Dec 12, 2009 1:11 am

I stumbled on this article today since I was looking for the same solution. My concern was that even though all the links within the code specify https, there's always that person who gets to the url using http. So to prevent that and force https, it's a simple .htaccess edit. Here's the article: http://joseph.randomnetworks.com/archiv ... -htaccess/.

User avatar
Global Moderator

Posts

Joined
Thu Mar 05, 2009 11:15 pm
Location - Phoenix, AZ

Post by ThatBlokeRob » Wed Dec 16, 2009 7:41 am

Hey Everyone,

Yep - using SagePay direct, I haven't had any users do it recently...
Just a worry because things start to break when they do! :(

@iloveopencart - I've seen that idea before, however how do I force it for only certain pages? Maybe I should read every comment :)

Robin

Newbie

Posts

Joined
Mon Oct 12, 2009 6:07 pm

Post by Raspo » Mon Mar 29, 2010 10:00 pm

Did anyone find a solution for this?

I want to redirect the pages under index.php?route=checkout/ to the "https version" but I don't know how to do that in the .htaccess file.

Newbie

Posts

Joined
Mon Mar 29, 2010 9:55 pm

Post by rph » Mon Mar 29, 2010 11:20 pm

If you set up your store to use SSL in Admin it'll be done automatically.

-Ryan


rph
Newbie

Posts

Joined
Fri Jan 08, 2010 5:05 am
Location - Lincoln, Nebraska

Post by Raspo » Tue Mar 30, 2010 6:31 am

rph wrote:If you set up your store to use SSL in Admin it'll be done automatically.
I know that, but I wanted to FORCE the SSL on certain pages like the title of the topic suggests.

By default, OpenCart let you type in an URL like this:

Code: Select all

http://www.sitename.com/index.php?route=checkout/payment
Note the non-ssl url
I want to redirect that URL to the "https version".

Anyway, I find a solution myself. I added this string in the .htaccess file:

Code: Select all

#no non-ssl access
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Now, when I type in URL like:

Code: Select all

http://www.sitename.com/index.php?route=checkout/payment
or

Code: Select all

http://www.sitename.com/index.php?route=account/create
it redirects me to

Code: Select all

https://www.sitename.com/index.php?route=checkout/payment
or

Code: Select all

https://www.sitename.com/index.php?route=account/create
Hope this helps someone, cause i've lost days in it

Newbie

Posts

Joined
Mon Mar 29, 2010 9:55 pm

Post by rph » Tue Mar 30, 2010 7:11 am

I guess I don't see this as an issue. Even if a user manually changed the URL for some odd reason OpenCart forces them back to https when submitting information.

-Ryan


rph
Newbie

Posts

Joined
Fri Jan 08, 2010 5:05 am
Location - Lincoln, Nebraska

Post by Raspo » Tue Mar 30, 2010 6:00 pm

I know, but the CC company of my client find this as an issue -.-

Newbie

Posts

Joined
Mon Mar 29, 2010 9:55 pm

Post by wyocrook » Wed Jul 27, 2011 5:57 am

Thank you thank you thank you thank you!

I posted your data in htaccess. But then I had one additional problem. For some reason my config had this:
// HTTPS
define('HTTPS_SERVER', 'http://www.qhgraphics.com/');
define('HTTPS_IMAGE', 'http://www.qhgraphics.com/image/');

I just added the 's':
// HTTPS
define('HTTPS_SERVER', 'https://www.qhgraphics.com/');
define('HTTPS_IMAGE', 'https://www.qhgraphics.com/image/');

After that I am good to go! Thanks again for the help!

Newbie

Posts

Joined
Thu Jun 16, 2011 6:54 pm

Post by BobHL » Tue Nov 15, 2011 8:56 pm

Raspo,
I tried this change of .htaaccess on v1.5.1.3, it made shopping cart not working - when clicked "Add to Cart", nothing happened.
Raspo wrote:
rph wrote:If you set up your store to use SSL in Admin it'll be done automatically.
I know that, but I wanted to FORCE the SSL on certain pages like the title of the topic suggests.

By default, OpenCart let you type in an URL like this:

Code: Select all

http://www.sitename.com/index.php?route=checkout/payment
Note the non-ssl url
I want to redirect that URL to the "https version".

Anyway, I find a solution myself. I added this string in the .htaccess file:

Code: Select all

#no non-ssl access
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Now, when I type in URL like:

Code: Select all

http://www.sitename.com/index.php?route=checkout/payment
or

Code: Select all

http://www.sitename.com/index.php?route=account/create
it redirects me to

Code: Select all

https://www.sitename.com/index.php?route=checkout/payment
or

Code: Select all

https://www.sitename.com/index.php?route=account/create
Hope this helps someone, cause i've lost days in it

Newbie

Posts

Joined
Thu Nov 10, 2011 8:55 pm

Post by peakto » Mon Jan 09, 2012 6:45 am

Hi Everyone!

I need a little help!

I'd like my whole OpenCart shop to be SSL protected, but here is a little problem.

I using OpenCart 1.4.9.6. and SEO enabled.

I put this code the the .htaccess file:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
It works fine, after this, I got all pages https secured, BUT... it messing to the SEO URL-s :-(

Like:

SEO URL before the forced SSL:
http://www.mywebshop.com/goodstuff.html

and after forcing the SSL by the code:
https://www.mywebshop.com/index.php?_route_=goodstuff.html

Is anybody knows, how to fix this problem?

Thank You very much!

Newbie

Posts

Joined
Mon Jan 09, 2012 6:37 am

Post by jollyrobin » Tue Mar 06, 2012 5:56 pm

BobHL wrote:Raspo,
I tried this change of .htaaccess on v1.5.1.3, it made shopping cart not working - when clicked "Add to Cart", nothing happened.
Did you manage to sort this out? I'm interested in this too

Newbie

Posts

Joined
Wed Nov 16, 2011 12:29 am

Post by rsmck » Thu Mar 08, 2012 5:53 pm

If this breaks the 'add to cart' function on your shopping cart change the .htaccess as follows;

Code: Select all

# Require SSL for sensitive areas
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart/update [NC]
RewriteRule (.*) https://www.yourstore.com%{REQUEST_URI} [R]

Newbie

Posts

Joined
Sun Mar 20, 2011 9:01 am

Post by jollyrobin » Thu Mar 08, 2012 8:00 pm

rsmck wrote:If this breaks the 'add to cart' function on your shopping cart change the .htaccess as follows;

Code: Select all

# Require SSL for sensitive areas
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart/update [NC]
RewriteRule (.*) https://www.yourstore.com%{REQUEST_URI} [R]
This doesn't force the redirect though, so users can manually type http (which was a problem for my pci)

This seems to work though, and I added the admin login which wasn't https before.

Code: Select all

#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off

Newbie

Posts

Joined
Wed Nov 16, 2011 12:29 am

Post by jon.mosier@mac.com » Sun Oct 06, 2013 7:56 am

A REALLY EASY WAY TO FORCE CERTAIN PAGES TO USE HTTPS!

Just add this to the top of any php page (after the opening <?php tag).

Code: Select all

if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) { // if request is not secure, redirect to secure url
    $url = 'https://' . $_SERVER['HTTP_HOST']
                      . $_SERVER['REQUEST_URI'];

    header('Location: ' . $url);
    exit;
}
Last edited by jon.mosier@mac.com on Thu Jan 30, 2014 2:38 am, edited 1 time in total.


Posts

Joined
Fri Oct 04, 2013 9:27 pm

Post by struddyssports » Wed Mar 12, 2014 2:29 pm

When trying to force SSL for account and checkout pages, with some Add to Cart and Update Cart no longer work.

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
This code seems to have fixed it.


Posts

Joined
Tue Feb 04, 2014 1:27 pm
Who is online

Users browsing this forum: No registered users and 17 guests