Page 1 of 2

SSL Mode Not Working Correctly

Posted: Sat Mar 05, 2016 3:29 am
by BlueKore
Hello,

I'm having the following problem:
I'm using the latest version of OpenCart (2.2) with SSL on my server. I've configured it to use SSL (Settings->Server) and changed the HTTPS configurations in the main config.php and admin/config files, and the website turned into a mess. The HTTPS mode works, but a lot of content is still served as HTTP. Some requests are being made with HTTP, and the form actions are pointing to HTTP URI's.
I want to use only HTTPS in my website.

So, my question is: Did i forget something, or is it a bug?
Thank you.

Re: SSL Mode Not Working Correctly

Posted: Sat Mar 05, 2016 2:53 pm
by florinsith
By default in opencart only the checkout, account, affiliate and admin pages are secured, the main website url is still on http because the http server in config uses http://. If you want https accross the entire website you need to change the http_server to use https:// as well.

Re: SSL Mode Not Working Correctly

Posted: Sat Mar 05, 2016 6:41 pm
by BlueKore
florinsith wrote:By default in opencart only the checkout, account, affiliate and admin pages are secured, the main website url is still on http because the http server in config uses http://. If you want https accross the entire website you need to change the http_server to use https:// as well.
That is the 'copy-paste' question that everyone makes.
I've already done that. I've tried almost everything about OpenCart. When you request the website in HTTPS, there are some content that is server through HTTP.

Re: SSL Mode Not Working Correctly

Posted: Sat Mar 05, 2016 11:45 pm
by OSWorX
BlueKore wrote:
florinsith wrote:By default in opencart only the checkout, account, affiliate and admin pages are secured, the main website url is still on http because the http server in config uses http://. If you want https accross the entire website you need to change the http_server to use https:// as well.
That is the 'copy-paste' question that everyone makes.
I've already done that. I've tried almost everything about OpenCart. When you request the website in HTTPS, there are some content that is server through HTTP.
But it is true and correct.

What you can do (and should) is adding a few lines to your .htaccess and
1. rerouting http://www.sites to non-www
2. rerouting http-calls (port 80) to https (443 -ssl)

With both I have several customers serving all sites per https - no matter how you will call them.

Re: SSL Mode Not Working Correctly

Posted: Sun Mar 06, 2016 9:56 am
by EvolveWebHosting
What content is being requested over HTTP? Images and/or external css/js files? You can troubleshoot by going to whynopadlock.com and checking any URL that you want to. There are many reasons that an HTTP request could be made.

Re: SSL Mode Not Working Correctly

Posted: Sun Mar 06, 2016 4:14 pm
by Randem
Hi BlueKore,

It is a least a developer code oversight or misunderstanding on how it should work in the real world. At the most, a lack of proper testing...

It was changed to be incorrect - http://forum.opencart.com/viewtopic.php ... 22#p606922

Re: SSL Mode Not Working Correctly

Posted: Sun Mar 06, 2016 9:22 pm
by s83k5v4
Same problem here.
  • * Enabled SSL in the settings
    * Changed the HTTPS_SERVER property in /config.php
    * Changed the HTTPS_SERVER and HTTPS_CATALOG properties in /admin/config.php
Then I open the admin login page with the https address.
When I try to login I get a browser warning that the form data will be sent in clear text.

I have also tried to enable the included .htaccess (by removing .txt from the filename).
Same problem.

This was a clean install.
This worked fine with the exact same domains with the 1.5.6.4 version.

Re: SSL Mode Not Working Correctly

Posted: Mon Mar 07, 2016 5:25 am
by daniGo
Look in upload/system/config/catalog.php and upload/system/config/admin.php.

Set

Code: Select all

$_['site_ssl']         = false;
to

Code: Select all

$_['site_ssl']         = true;

Re: SSL Mode Not Working Correctly

Posted: Mon Mar 07, 2016 5:55 am
by Randem
danigo,

Thanks, this indeed works for SSL and the Admin panel. this just reinforces my thoughts that they do not test these things or rely on those that do...

Re: SSL Mode Not Working Correctly

Posted: Tue Mar 08, 2016 2:11 am
by florinsith
florinsith wrote:By default in opencart only the checkout, account, affiliate and admin pages are secured, the main website url is still on http because the http server in config uses http://. If you want https accross the entire website you need to change the http_server to use https:// as well.
From what I see in url->link , what I wrote above isnt relevant anymore in 2.2

Re: SSL Mode Not Working Correctly

Posted: Thu Mar 17, 2016 5:03 pm
by byens
Great its working again.. someone should make change in github ;)
daniGo wrote:Look in upload/system/config/catalog.php and upload/system/config/admin.php.

Set

$_['site_ssl'] = false;

to
$_['site_ssl'] = true;

Re: SSL Mode Not Working Correctly

Posted: Wed Mar 30, 2016 10:21 pm
by Dan_HiHosting
Still can't get it to work properly on a clean 2.2.0 installation here.

If you want the entire site as https, do you need to redirect http to https in the .htaccess file?

I don't see why that should be necessary.

But it seems most pages, even with SSL enabled, and the HTTPS urls specified, are returned as HTTP

This causes the icons not to load properly, and an unknown error.

It's incredibly difficult finding proper guidance on how to properly serve an entire OpenCart 2.2.0 installation through HTTPS.

Thanks

Re: SSL Mode Not Working Correctly

Posted: Wed Mar 30, 2016 11:49 pm
by florinsith
Edit system/library/url.php and change:

Code: Select all

if ($this->ssl && $secure) {
			$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		} else {
			$url = 'http://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		}
to:

Code: Select all

$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
or maybe:

Code: Select all

if ($this->ssl && $secure) {
			$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		} else {
			$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		}
if you think you might change your mind and want a quick revert.
The htaccess redirect should stay for its initial purpose, to redirect to https in case http is explicitly accessed.

Re: SSL Mode Not Working Correctly

Posted: Thu Mar 31, 2016 4:16 am
by Randem
Hi Dan_HiHosting,

You are going to have issues in v2.2.0.0

OpenCart 2.2.0.0 Testing - Issues to Expect...

What to use to get you to SSL

Changes made to correct issues in OpenCart for v2.2.0.x

You have to make all SSL changes...

Re: SSL Mode Not Working Correctly

Posted: Thu Apr 21, 2016 4:17 am
by Dan_HiHosting
Sorry, so do we need to manually make the SSL changes in the code, and what are they?

Or do we need to run that vQmod XML file?

Why on earth do they release such buggy versions? This is the latest/default release on Softaculous. And it's not fit for purpose.

Thanks

Re: SSL Mode Not Working Correctly

Posted: Thu Apr 21, 2016 4:52 am
by Randem
Yes, as noted you would need to use VQMOD to use the XML to make the changes. However I would stay on v2.1.0.x until they get v2.2.0.x sorted out. You will notice that the same changes from v2.1.0.x still need to be made for v2.2.0.0.

You should NEVER make code changes directly to OpenCart files (hardcode).
Buggy releases are a result of buggy testing...

SSL Not Working Correctly 2.2 - PayPal dies

Posted: Thu Apr 21, 2016 7:47 am
by calderwood
On a clean install of OC2.2 I noticed that the checkout was not changing to SSL while testing and is giving errors with PayPal Pro on Sandbox. Also PayPayPro iFrame does not work - I believe that again PP is not seeing the SSL either.

I set all configs to https:// for secure and non-secure, If you go to https://store then add product to cart, them go to cart, it reverts to non-ssl http://store Same in admin will not remain in SSL.

If 2.2 should not be listed as a stable version.

Re: SSL Mode Not Working Correctly

Posted: Thu Apr 21, 2016 8:53 pm
by Dan_HiHosting
Thanks Randem.

So you advise to install vQmod:
http://www.opencart.com/index.php?route ... n_id=19501

Then vQmod manager:
http://www.opencart.com/index.php?route ... n_id=19188

And then upload the v2.2.0.x Changes.zip file provided here:
http://www.randemsystems.com/support/op ... t-only%29/

I uploaded the vQmod files, and then did the same for vQmod manager and installed it, but vQmod doesn't seem to be installed.

Under Extensions > Modules > VQMod Manager > Edit
I get:
Required file "vqmod.php" is missing! Please install the latest OpenCart-compatible version of VQMod from https://github.com/vqmod/vqmod/releases and try again.

Previously when installing vQmod I've just used the official github.

What does this extension do?
http://www.opencart.com/index.php?route ... n_id=19501

Do I also need to upload a vqmod.php file?

Sorry, I don't find the instructions clear.

I can't believe any of this is necessary with a "stable" release.
We normally recommend OpenCart, but I don't see how we can with it in this state.
One can expect this from some hobbyist forum software or the like, but not the most recommended shopping cart software after Magento.

Any help much appreciated.

Re: SSL Mode Not Working Correctly

Posted: Fri Apr 22, 2016 3:48 am
by Randem
With VQMOD or VQMOD you have to run the install procedure for each. There is an install folder with VQMOD and you should run the index.php file from that folder to install.

Re: SSL Mode Not Working Correctly

Posted: Thu May 26, 2016 5:35 pm
by takahashi1973
Hi
I tried with:

Code: Select all

if ($this->ssl && $secure) {
         $url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
      } else {
         $url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
      }
I force in htaccess all to HTTPS
In admin --> setting: use SSL: true
In both config.php files all urls are set to HTTPS.
Admin works fine.
Frontend almost except when you decent into a category it goes completely wrong.
Problem: stylesheet path. All other path seems to be okay but the stylesheet for for instance:
https://www.mydomain.com/desktops/mac
shows in source code: <link href="catalog/view/theme/default/stylesheet/stylesheet.css" rel="stylesheet">

BUT it seems to be loaded from: desktops/catalog/view/theme/default/stylesheet/stylesheet.css
......
anyone an idea/solution to this strange problem?

these days stores should just load fine in 100% HTTPS.