Community Forums

Force HTTPS on certain pages

Support for mods, payments, shipping, totals, modules, and languages in OpenCart v1.x

Force HTTPS on certain pages

Postby ThatBlokeRob » Mon Nov 23, 2009 1:01 pm

Hey everyone,

I've had a couple of customers getting to the 'order/confirm' page with http not https.
This is causing problems with ajax calls when https is declared in the config.php.

Any ideas how I can force the page to use https on certain pages?
ht.access is possible, but how to define certain urls...

Robin
ThatBlokeRob
 
Posts: 19
Joined: Mon Oct 12, 2009 5:07 am

Re: Force HTTPS on certain pages

Postby Daniel » Mon Nov 23, 2009 1:29 pm

which payment gateway?

sagepay?
OpenCart®
Project Owner & Developer.
OpenCart commercial support now available!
User avatar
Daniel
Administrator
 
Posts: 5310
Joined: Fri Nov 03, 2006 5:57 am

Re: Force HTTPS on certain pages

Postby Qphoria » Mon Nov 23, 2009 1:35 pm

Did you enable SSL? The checkout pages will automatically switch to https mode if https is configured correctly. It has nothing to do with the payment modules themselves. The main checkout pages handle it already.
ImageImage
Donate!|OpenCart Basics|GeoZones
Help me get more development cloud storage - Click Here to get DropBox
User avatar
Qphoria
Administrator
 
Posts: 19127
Joined: Mon Jul 21, 2008 2:02 pm
Donate to Qphoria

Re: Force HTTPS on certain pages

Postby iloveopencart » Fri Dec 11, 2009 12:11 pm

I stumbled on this article today since I was looking for the same solution. My concern was that even though all the links within the code specify https, there's always that person who gets to the url using http. So to prevent that and force https, it's a simple .htaccess edit. Here's the article: http://joseph.randomnetworks.com/archives/2004/07/22/redirect-to-ssl-using-apaches-htaccess/.
User avatar
iloveopencart
Global Moderator
 
Posts: 150
Joined: Thu Mar 05, 2009 10:15 am
Location: Phoenix, AZ

Re: Force HTTPS on certain pages

Postby ThatBlokeRob » Tue Dec 15, 2009 6:41 pm

Hey Everyone,

Yep - using SagePay direct, I haven't had any users do it recently...
Just a worry because things start to break when they do! :(

@iloveopencart - I've seen that idea before, however how do I force it for only certain pages? Maybe I should read every comment :)

Robin
ThatBlokeRob
 
Posts: 19
Joined: Mon Oct 12, 2009 5:07 am

Re: Force HTTPS on certain pages

Postby Raspo » Mon Mar 29, 2010 9:00 am

Did anyone find a solution for this?

I want to redirect the pages under index.php?route=checkout/ to the "https version" but I don't know how to do that in the .htaccess file.
Raspo
 
Posts: 3
Joined: Mon Mar 29, 2010 8:55 am

Re: Force HTTPS on certain pages

Postby rph » Mon Mar 29, 2010 10:20 am

If you set up your store to use SSL in Admin it'll be done automatically.
-Ryan
VQMod Manager: FREE extension to manage VQMods in Admin!
Admin Enhancement Suite: Powerful Admin features and enhancements
Dependent Options: Option values displayed based on customer input
Catalog Mode: Disable "Add to Cart" and display your store in view-only
OpenCart Community Edition | Unofficial OpenCart Wiki | Commercial Support and Development
User avatar
rph
 
Posts: 3784
Joined: Thu Jan 07, 2010 4:05 pm
Location: Lincoln, Nebraska

Re: Force HTTPS on certain pages

Postby Raspo » Mon Mar 29, 2010 5:31 pm

rph wrote:If you set up your store to use SSL in Admin it'll be done automatically.
I know that, but I wanted to FORCE the SSL on certain pages like the title of the topic suggests.

By default, OpenCart let you type in an URL like this:
Code: Select all
http://www.sitename.com/index.php?route=checkout/payment

Note the non-ssl url
I want to redirect that URL to the "https version".

Anyway, I find a solution myself. I added this string in the .htaccess file:
Code: Select all
#no non-ssl access
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Now, when I type in URL like:
Code: Select all
http://www.sitename.com/index.php?route=checkout/payment
or
Code: Select all
http://www.sitename.com/index.php?route=account/create


it redirects me to
Code: Select all
https://www.sitename.com/index.php?route=checkout/payment
or
Code: Select all
https://www.sitename.com/index.php?route=account/create


Hope this helps someone, cause i've lost days in it
Raspo
 
Posts: 3
Joined: Mon Mar 29, 2010 8:55 am

Re: Force HTTPS on certain pages

Postby rph » Mon Mar 29, 2010 6:11 pm

I guess I don't see this as an issue. Even if a user manually changed the URL for some odd reason OpenCart forces them back to https when submitting information.
-Ryan
VQMod Manager: FREE extension to manage VQMods in Admin!
Admin Enhancement Suite: Powerful Admin features and enhancements
Dependent Options: Option values displayed based on customer input
Catalog Mode: Disable "Add to Cart" and display your store in view-only
OpenCart Community Edition | Unofficial OpenCart Wiki | Commercial Support and Development
User avatar
rph
 
Posts: 3784
Joined: Thu Jan 07, 2010 4:05 pm
Location: Lincoln, Nebraska

Re: Force HTTPS on certain pages

Postby Raspo » Tue Mar 30, 2010 5:00 am

I know, but the CC company of my client find this as an issue -.-
Raspo
 
Posts: 3
Joined: Mon Mar 29, 2010 8:55 am

Re: Force HTTPS on certain pages

Postby wyocrook » Tue Jul 26, 2011 4:57 pm

Thank you thank you thank you thank you!

I posted your data in htaccess. But then I had one additional problem. For some reason my config had this:
// HTTPS
define('HTTPS_SERVER', 'http://www.qhgraphics.com/');
define('HTTPS_IMAGE', 'http://www.qhgraphics.com/image/');

I just added the 's':
// HTTPS
define('HTTPS_SERVER', 'https://www.qhgraphics.com/');
define('HTTPS_IMAGE', 'https://www.qhgraphics.com/image/');

After that I am good to go! Thanks again for the help!
wyocrook
 
Posts: 6
Joined: Thu Jun 16, 2011 5:54 am

Re: Force HTTPS on certain pages

Postby BobHL » Tue Nov 15, 2011 7:56 am

Raspo,
I tried this change of .htaaccess on v1.5.1.3, it made shopping cart not working - when clicked "Add to Cart", nothing happened.

Raspo wrote:
rph wrote:If you set up your store to use SSL in Admin it'll be done automatically.
I know that, but I wanted to FORCE the SSL on certain pages like the title of the topic suggests.

By default, OpenCart let you type in an URL like this:
Code: Select all
http://www.sitename.com/index.php?route=checkout/payment

Note the non-ssl url
I want to redirect that URL to the "https version".

Anyway, I find a solution myself. I added this string in the .htaccess file:
Code: Select all
#no non-ssl access
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Now, when I type in URL like:
Code: Select all
http://www.sitename.com/index.php?route=checkout/payment
or
Code: Select all
http://www.sitename.com/index.php?route=account/create


it redirects me to
Code: Select all
https://www.sitename.com/index.php?route=checkout/payment
or
Code: Select all
https://www.sitename.com/index.php?route=account/create


Hope this helps someone, cause i've lost days in it
BobHL
 
Posts: 7
Joined: Thu Nov 10, 2011 7:55 am

Re: Force HTTPS on certain pages

Postby peakto » Sun Jan 08, 2012 5:45 pm

Hi Everyone!

I need a little help!

I'd like my whole OpenCart shop to be SSL protected, but here is a little problem.

I using OpenCart 1.4.9.6. and SEO enabled.

I put this code the the .htaccess file:
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


It works fine, after this, I got all pages https secured, BUT... it messing to the SEO URL-s :-(

Like:

SEO URL before the forced SSL:
http://www.mywebshop.com/goodstuff.html

and after forcing the SSL by the code:
https://www.mywebshop.com/ index.php?_route_=goodstuff.html

Is anybody knows, how to fix this problem?

Thank You very much!
peakto
 
Posts: 3
Joined: Sun Jan 08, 2012 5:37 pm

Re: Force HTTPS on certain pages

Postby jollyrobin » Tue Mar 06, 2012 4:56 am

BobHL wrote:Raspo,
I tried this change of .htaaccess on v1.5.1.3, it made shopping cart not working - when clicked "Add to Cart", nothing happened.


Did you manage to sort this out? I'm interested in this too
jollyrobin
 
Posts: 67
Joined: Tue Nov 15, 2011 11:29 am

Re: Force HTTPS on certain pages

Postby rsmck » Thu Mar 08, 2012 4:53 am

If this breaks the 'add to cart' function on your shopping cart change the .htaccess as follows;

Code: Select all
# Require SSL for sensitive areas
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart/update [NC]
RewriteRule (.*) https://www.yourstore.com%{REQUEST_URI} [R]
rsmck
 
Posts: 12
Joined: Sat Mar 19, 2011 8:01 pm

Re: Force HTTPS on certain pages

Postby jollyrobin » Thu Mar 08, 2012 7:00 am

rsmck wrote:If this breaks the 'add to cart' function on your shopping cart change the .htaccess as follows;

Code: Select all
# Require SSL for sensitive areas
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart/update [NC]
RewriteRule (.*) https://www.yourstore.com%{REQUEST_URI} [R]


This doesn't force the redirect though, so users can manually type http (which was a problem for my pci)

This seems to work though, and I added the admin login which wasn't https before.

Code: Select all
#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off
jollyrobin
 
Posts: 67
Joined: Tue Nov 15, 2011 11:29 am

Re: Force HTTPS on certain pages

Postby jon.mosier@mac.com » Sat Oct 05, 2013 6:56 pm

A REALLY EASY WAY TO FORCE CERTAIN PAGES TO USE HTTPS!

Just add this to the top of any php page (after the opening <?php tag).

Code: Select all
if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) { // if request is not secure, redirect to secure url
    $url = 'https://' . $_SERVER['HTTP_HOST']
                      . $_SERVER['REQUEST_URI'];

    header('Location: ' . $url);
    exit;
}
Last edited by jon.mosier@mac.com on Wed Jan 29, 2014 1:38 pm, edited 1 time in total.
jon.mosier@mac.com
 
Posts: 1
Joined: Fri Oct 04, 2013 8:27 am

Re: Force HTTPS on certain pages

Postby struddyssports » Wed Mar 12, 2014 1:29 am

When trying to force SSL for account and checkout pages, with some Add to Cart and Update Cart no longer work.

Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account [NC]
RewriteCond %{QUERY_STRING} !checkout/cart [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


This code seems to have fixed it.
struddyssports
 
Posts: 3
Joined: Tue Feb 04, 2014 12:27 am

Re: Force HTTPS on certain pages

Postby rph » Thu Mar 13, 2014 10:27 am

OpenCart Community Edition will also enforce SSL pages in checkout/login/etc.
-Ryan
VQMod Manager: FREE extension to manage VQMods in Admin!
Admin Enhancement Suite: Powerful Admin features and enhancements
Dependent Options: Option values displayed based on customer input
Catalog Mode: Disable "Add to Cart" and display your store in view-only
OpenCart Community Edition | Unofficial OpenCart Wiki | Commercial Support and Development
User avatar
rph
 
Posts: 3784
Joined: Thu Jan 07, 2010 4:05 pm
Location: Lincoln, Nebraska


Return to Extension Support

Who is online

Users browsing this forum: No registered users and 8 guests

Hosted by Arvixe Web Hosting