Post by erica775 » Wed Dec 04, 2019 1:22 am

So I had to get help fixing a problem where a customer would stumble across a HTTPS version of one of my pages which render without CSS - once there, they could never get back to the correct-looking http version (http://awardzone.com). He fixed my configuration so that the pages look the same secure on non-secure but now I can't effectively log into the Admin. Or, more accurately, when I do, theres no CSS and nothing works. (Screenshot attached.) . I'm on 2.3.0.2 and using the Journal2 theme. Any ideas? Thanks so much!

Attachments

Screen Shot 2019-12-03 at 9.16.00 AM.png

Screen Shot 2019-12-03 at 9.16.00 AM.png (167.25 KiB) Viewed 200 times


New member
Online

Posts

Joined
Thu Sep 11, 2014 9:40 pm

Post by IP_CAM » Wed Dec 04, 2019 1:38 am

In your Admin config.php file, it's still linked to http://, but
.htaccess immediately forces it to use https://, so, styles don't show,
and you cannot log in, I assume, looking at it from the Page Source View.
Ernie

Code: Select all

<base href="http://awardzone.com/admin/" />
 <a href="http://awardzone.com/admin/index.php?route=common/dashboard

I don't use Forum Mail, to reach me, contact: jti@jacob.ch
-
Server Q & A Basic Information on Code + Settings
http://www.everyauction.info/serverinfo.html
-
Demoversion OpenCart LIGHT v.1.5.6.5
http://www.jti.li/shop/
-
1'300+ FREE OC Extensions - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
-
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by erica775 » Wed Dec 04, 2019 2:10 am

Thanks! This is what's in the Admin config file - would you please tell me what I should change?

<?php
// HTTP
define('HTTP_SERVER', 'http://awardzone.com/admin/');
define('HTTP_CATALOG', 'http://awardzone.com/');

// HTTPS
define('HTTPS_SERVER', 'http://awardzone.com/admin/');
define('HTTPS_CATALOG', 'http://awardzone.com/');

// DIR
define('DIR_APPLICATION', '/home/awardzo1/public_html/admin/');
define('DIR_SYSTEM', '/home/awardzo1/public_html/system/');
define('DIR_IMAGE', '/home/awardzo1/public_html/image/');
define('DIR_LANGUAGE', '/home/awardzo1/public_html/admin/language/');
define('DIR_TEMPLATE', '/home/awardzo1/public_html/admin/view/template/');
define('DIR_CONFIG', '/home/awardzo1/public_html/system/config/');
define('DIR_CACHE', '/home/awardzo1/public_html/system/storage/cache/');
define('DIR_DOWNLOAD', '/home/awardzo1/public_html/system/storage/download/');
define('DIR_LOGS', '/home/awardzo1/public_html/system/storage/logs/');
define('DIR_MODIFICATION', '/home/awardzo1/public_html/system/storage/modification/');
define('DIR_UPLOAD', '/home/awardzo1/public_html/system/storage/upload/');
define('DIR_CATALOG', '/home/awardzo1/public_html/catalog/');

// DB
define('DB_DRIVER', 'mysqli');
define('DB_HOSTNAME', 'localhost');
define('DB_USERNAME', 'awardzo1_website');
define('DB_PASSWORD', 'xxxxxxxx9');
define('DB_DATABASE', 'awardzo1_-----------');
define('DB_PORT', '3306');
define('DB_PREFIX', 'oc_');
Last edited by erica775 on Wed Dec 04, 2019 2:37 am, edited 2 times in total.

New member
Online

Posts

Joined
Thu Sep 11, 2014 9:40 pm

Post by cyclops12 » Wed Dec 04, 2019 2:19 am

please edit your post above and remove sensitive info like password and db credentials
These should NEVER be posted on an open forum

Expert Member
Online

Posts

Joined
Sun Sep 27, 2015 1:10 am

Post by erica775 » Wed Dec 04, 2019 2:46 am

Thanks - I'm such a rookie.

New member
Online

Posts

Joined
Thu Sep 11, 2014 9:40 pm

Post by cyclops12 » Wed Dec 04, 2019 3:09 am

Hey no worries just trying to keep you safe :)
Are you using any redirect in htaccess as ernie suggested above?

Expert Member
Online

Posts

Joined
Sun Sep 27, 2015 1:10 am

Post by IP_CAM » Wed Dec 04, 2019 4:03 am

It has to look like this:

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'https://awardzone.com/admin/');
define('HTTP_CATALOG', 'https://awardzone.com/');

// HTTPS
define('HTTPS_SERVER', 'https://awardzone.com/admin/');
define('HTTPS_CATALOG', 'https://awardzone.com/');
The same is valid for the ROOT config.php file also !

I don't use Forum Mail, to reach me, contact: jti@jacob.ch
-
Server Q & A Basic Information on Code + Settings
http://www.everyauction.info/serverinfo.html
-
Demoversion OpenCart LIGHT v.1.5.6.5
http://www.jti.li/shop/
-
1'300+ FREE OC Extensions - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
-
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by erica775 » Wed Dec 04, 2019 4:18 am

Ok thanks so much - I will try . . . And really, thanks for helping!

The htaccess looks like this but it might as well be in Greek for this girl:
Options +FollowSymlinks
Options -Indexes
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)\.txt))">
Require all denied
</FilesMatch>

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteRule ^system/download/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml

# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
</IfModule>

<FilesMatch "\.(ttf|otf|eot|woff)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>

<IfModule mod_headers.c>
Header set X-UA-Compatible "IE=Edge,chrome=1"
# mod_headers can't match by content-type, but we don't want to send this header on *everything*...
<FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >
Header unset X-UA-Compatible
</FilesMatch>
</IfModule>

<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
# mod_headers, y u no match by Content-Type?!
<FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>
</IfModule>

# ----------------------------------------------------------------------
# Proper MIME type for all files
# ----------------------------------------------------------------------

# JavaScript
# Normalize to standard type (it's sniffed in IE anyways)
# tools.ietf.org/html/rfc4329#section-7.2
AddType application/javascript js jsonp
AddType application/json json

# Audio
AddType audio/ogg oga ogg
AddType audio/mp4 m4a f4a f4b

# Video
AddType video/ogg ogv
AddType video/mp4 mp4 m4v f4v f4p
AddType video/webm webm
AddType video/x-flv flv

# SVG
# Required for svg webfonts on iPad
# twitter.com/FontSquirrel/status/14855840545
AddType image/svg+xml svg svgz
AddEncoding gzip svgz

# Webfonts
AddType application/vnd.ms-fontobject eot
AddType application/x-font-ttf ttf ttc
AddType font/opentype otf
AddType application/x-font-woff woff

# Assorted types
AddType image/x-icon ico
AddType image/webp webp
AddType text/cache-manifest appcache manifest
AddType text/x-component htc
AddType application/xml rss atom xml rdf
AddType application/x-chrome-extension crx
AddType application/x-opera-extension oex
AddType application/x-xpinstall xpi
AddType application/octet-stream safariextz
AddType application/x-web-app-manifest+json webapp
AddType text/x-vcard vcf
AddType application/x-shockwave-flash swf
AddType text/vtt vtt
AddType text/html .html
AddHandler server-parsed .html

# ----------------------------------------------------------------------
# Expires headers (for better cache control)
# ----------------------------------------------------------------------

# These are pretty far-future expires headers.
# They assume you control versioning with filename-based cache busting
# Additionally, consider that outdated proxies may miscache
# www.stevesouders.com/blog/2008/08/23/re ... erystring/

# If you don't use filenames to version, lower the CSS and JS to something like
# "access plus 1 week".

<IfModule mod_expires.c>
ExpiresActive on

# Perhaps better to whitelist expires rules? Perhaps.
ExpiresDefault "access plus 1 month"

# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
ExpiresByType text/cache-manifest "access plus 0 seconds"

# Your document html
ExpiresByType text/html "access plus 0 seconds"

# Data
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"

# Feed
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/atom+xml "access plus 1 hour"

# Favicon (cannot be renamed)
ExpiresByType image/x-icon "access plus 1 week"

# Media: images, video, audio
ExpiresByType image/gif "access plus 1 year”
ExpiresByType image/png "access plus 1 year”
ExpiresByType image/jpeg "access plus 1 year”
ExpiresByType video/ogg "access plus 1 year”
ExpiresByType audio/ogg "access plus 1 year”
ExpiresByType video/mp4 "access plus 1 year”
ExpiresByType video/webm "access plus 1 year”

# HTC files (css3pie)
ExpiresByType text/x-component "access plus 1 month"

# Webfonts
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType font/opentype "access plus 1 year”
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

# CSS and JavaScript
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"

</IfModule>

# ----------------------------------------------------------------------
# ETag removal
# ----------------------------------------------------------------------

# FileETag None is not enough for every server.
<IfModule mod_headers.c>
Header unset ETag
</IfModule>

# Since we're sending far-future expires, we don't need ETags for
# static content.
# developer.yahoo.com/performance/rules.html#etags
FileETag None

# Keep-Alive allows the server to send multiple requests through one
# TCP-connection. Be aware of possible disadvantages of this setting. Turn on
# if you serve a lot of static content.

<IfModule mod_headers.c>
Header set Connection Keep-Alive
</IfModule>

# Cookie free domain for static components
<IfModule mod_headers.c>
<FilesMatch "\\.(js|css|jpg|png|jpeg|gif)$">
RequestHeader unset Cookie
Header unset Set-Cookie
</FilesMatch>
</IfModule>

<IfModule mod_rewrite.c>
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteRule "(^|/)\." - [F]
</IfModule>

# Block access to backup and source files. These files may be left by some
# text/html editors and pose a great security danger, when anyone can access
# them.
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|tpl|dist)|~)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>

<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>

New member
Online

Posts

Joined
Thu Sep 11, 2014 9:40 pm

Post by erica775 » Thu Dec 05, 2019 9:01 am

So, when I changed BOTH config lines in BOTH config files - the web site went completely down - would only deliver a white screen that said 'This page isn't working" (see attached). So I put the original files back and then just made the changes to only the admin/config.php, not the root and it now is working perfectly . . . so at this point (for anyone else this happens to in the future) my root config.php looks like:
<?php
// HTTP
define('HTTP_SERVER', 'http://awardzone.com/');

// HTTPS
define('HTTPS_SERVER', 'https://awardzone.com/');


and my admin/config.php contains:
<?php
// HTTP
define('HTTP_SERVER', 'http://awardzone.com/admin/');
define('HTTP_CATALOG', 'http://awardzone.com/');

// HTTPS
define('HTTPS_SERVER', 'http://awardzone.com/admin/');
define('HTTPS_CATALOG', 'http://awardzone.com/');


So thanks SO much you guys! ~Erica

Attachments

Capture1.PNG

Capture1.PNG (17.93 KiB) Viewed 63 times


New member
Online

Posts

Joined
Thu Sep 11, 2014 9:40 pm

Post by IP_CAM » Thu Dec 05, 2019 9:50 am

WRONG ! ::)

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'http://awardzone.com/');
// HTTPS
define('HTTPS_SERVER', 'https://awardzone.com/');

I don't use Forum Mail, to reach me, contact: jti@jacob.ch
-
Server Q & A Basic Information on Code + Settings
http://www.everyauction.info/serverinfo.html
-
Demoversion OpenCart LIGHT v.1.5.6.5
http://www.jti.li/shop/
-
1'300+ FREE OC Extensions - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
-
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by erica775 » Fri Dec 06, 2019 1:28 am

Oh my gosh of course, you're right - it's:
<?php
// HTTP
define('HTTP_SERVER', 'https://awardzone.com/admin/');
define('HTTP_CATALOG', 'https://awardzone.com/');

// HTTPS
define('HTTPS_SERVER', 'https://awardzone.com/admin/');
define('HTTPS_CATALOG', 'https://awardzone.com/');


Thanks again!

New member
Online

Posts

Joined
Thu Sep 11, 2014 9:40 pm
Who is online

Users browsing this forum: No registered users and 31 guests