I have found a way to set up the HTTPS usage properly. Now here's the complete step by step solution. Sorry if its a repost, but i didnt found it anywhere.
Note that both of step 1 to 3 is neccessary to set up the SSL usage properly.
Step 1.
Theres two of the config.php files. One in the root folder, another in the /admin folder.
Open up both then set up the HTTPS_SERVER constant variable. (dont forget the httpS)
define('HTTPS_SERVER', 'https://www.my.server/');
define('HTTPS_IMAGE', ''https://www.my.server/image/');
in admin/config.php:
define('HTTPS_SERVER', 'https://www.my.server/admin');
define('HTTPS_IMAGE', ''https://www.my.server/image/');
Replace the www.my.server/ to your actual server url.
update: Dont forget to set the HTTPS_IMAGE, because it produces the url for the images. The admin and cart's config.php must point to the same url, because they sharing this folder.
Step 2.
open up index.php in the / root folder.
find the comment: // Base URL
the following is checks that the request is came thru https or not. Thats right.
if (@$_SERVER['HTTPS'] != 'on')
Ok. I've created a config setting here, that holds the https status.
Code: Select all
// Base URL
if (@$_SERVER['HTTPS'] != 'on') {
$config->set('OPENCART_HTTPBASE',HTTP_SERVER);
$template->set('base', HTTP_SERVER);
} else {
$config->set('OPENCART_HTTPBASE',HTTPS_SERVER);
$template->set('base', HTTPS_SERVER);
}
Step 3
open up library/environment/url.php
function href($controller, $action = NULL, $query = array()) {
this function sets the http:// url. This is buggy, that because it forgot to check that the actual page is came thru ssl or not, so it generates non ssl urls, while you are on an ssl page. The result is, that you'll go to non ssl pages if you click on any of the generated urls, imediately. (Yayy...)
So here's the fix:
Code: Select all
function href($controller, $action = NULL, $query = array()) {
if ($this->config->get('OPENCART_HTTPBASE') == HTTPS_SERVER) {
return $this->ssl($controller,$action,$query);
} else {
return $this->create(HTTP_SERVER, $controller, $action, $query);
}
}
Logout button Fix
Well.. Im still thinking on better ways. But heres a fix, that will helps you to manage the non-ssl usage on the logout form.
in /catalog/extension/module/header.php:
$view->set('logout', $url->href('account_logout'));
If you modified the href function of url.php (above) theres you get a https:// url for the account_logout button. That is because you are actually logged in while it generates the button, so it will place the https:// url for it. At this point, you can 'FORCE' the non-ssl url generating by placing an ugly variable setting. Like this:
Code: Select all
//forszoljuk a non ssl link elkeszitest
$temp = $config->get('OPENCART_HTTPBASE'); // backup the status
$config->set('OPENCART_HTTPBASE',HTTP_SERVER); // forcing the non ssl usage here
$view->set('logout', $url->href('account_logout'));
// visszaallitjuk az allapotot
$config->set('OPENCART_HTTPBASE',$temp); // restore here
If you have better solutions any of the above sniplets, please place/discuss here.
Thanks.
