SSL not securing all items in OpenCart via https

Quote

Post by daledude » Sat Dec 04, 2010 1:51 am

Hi all,

I've read a few other posts on this issue here, and have done all of the things suggested, but still some of the items (mostly images) in the cart checkout and in the admin are not being pulled from https:// ... And so, the browser indicates that some items on the page are unsecured. In Chrome, this puts red X on the padlock, and strikes through the https:// in red - VERY negative from customer standpoint.

The URL is: redacted (temporary, for development - and using default template still)

1) I have SSL cert installed correctly (the host did it)
2) In System > Settings > Server, I have "Use SSL" checked YES (triple-quadruple-checked this before posting)
3) Here is the config.php:

Code: Select all

<?php
// DIR
define('DIR_APPLICATION', '/........../redacted/catalog/');
define('DIR_SYSTEM', '/........../redacted/system/');
define('DIR_DATABASE', '/........../redacted/system/database/');
define('DIR_LANGUAGE', '/........../redacted/catalog/language/');
define('DIR_TEMPLATE', '/........../redacted/catalog/view/theme/');
define('DIR_CONFIG', '/........../redacted/system/config/');
define('DIR_IMAGE', '/........../redacted/image/');
define('DIR_CACHE', '/........../redacted/system/cache/');
define('DIR_DOWNLOAD', '/........../redacted/download/');
define('DIR_LOGS', '/........../redacted/system/logs/');

// DB
define('DB_DRIVER', 'mysql');
define('DB_HOSTNAME', 'xxx.xxx.xx.xx');
define('DB_USERNAME', 'xxxxxxxxxxxx');
define('DB_PASSWORD', 'xxxxxxxx');
define('DB_DATABASE', 'xxxxxxxx');
define('DB_PREFIX', '');
?>
Here is the admin/config.php:

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'http://www.redacted.net/redacted/admin/');
define('HTTP_CATALOG', 'http://www.redacted.net/redacted/');
define('HTTP_IMAGE', 'http://www.redacted.net/redacted/image/');

// HTTPS
define('HTTPS_SERVER', 'https://www.redacted.net/redacted/admin/');
define('HTTPS_IMAGE', 'https://www.redacted.net/redacted/image/');

// DIR
define('DIR_APPLICATION', '/........../redacted/admin/');
define('DIR_SYSTEM', '/........../redacted/system/');
define('DIR_DATABASE', '/........../redacted/system/database/');
define('DIR_LANGUAGE', '/........../redacted/admin/language/');
define('DIR_TEMPLATE', '/........../redacted/admin/view/template/');
define('DIR_CONFIG', '/........../redacted/system/config/');
define('DIR_IMAGE', '/........../redacted/image/');
define('DIR_CACHE', '/........../redacted/system/cache/');
define('DIR_DOWNLOAD', '/........../redacted/download/');
define('DIR_LOGS', '/........../redacted/system/logs/');
define('DIR_CATALOG', '/........../redacted/catalog/');

// DB
define('DB_DRIVER', 'mysql');
define('DB_HOSTNAME', 'xxx.xxx.xx.xx');
define('DB_USERNAME', 'xxxxxxxxxxxx');
define('DB_PASSWORD', 'xxxxxxxx');
define('DB_DATABASE', 'xxxxxxxx');
define('DB_PREFIX', '');

?>
4) I also have http://www.redacted.net/redacted/ set as the Store URL, not putting s there as some others did mistakenly

Using OpenCart v.1.4.9.1, clean install, no editing of the template files. All I did was add the logo, upload two products, and do some backend stuff like getting rid of the demo junk.

Is there anything that I'm missing? ??? I'm sure this is a simple problem, but I must just be missing something small.

Thanks.
Last edited by daledude on Fri May 20, 2011 11:40 pm, edited 1 time in total.
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Sat Dec 04, 2010 5:00 am

I've done a little more experimenting...

If I leave the https:// entries in the admin config.php file, but turn off SSL in System > Settings > Server, it:

a) disables adding https:// at checkout/login areas (as would be expected)
b) keeps https:// in the backend admin area (so I'm guessing the Use SSL radio button in System > Settings > Server has no effect on admin's use of SSL, only config.php controls it)
c) fixes SSL in the admin area, so that the lock shows properly and there's no strike through https, both are GREEN in Chrome, EXCEPT under the

System > Settings page
Catalog > Products page
Catalog > Downloads page

... where it breaks again. All other backend pages show the lock/https proper.

Very strange!
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by Moggin » Sat Dec 04, 2010 5:37 am

I can't see the problems in the shop, because you have disabled SSL there now. It would be good to see what happens when it's re-enabled.

Nothing obvious comes to mind though. I had a few problems with my SSL cert, and used this site a few times
http://www.networking4all.com/en/suppor ... ite+check/

- the results were inconclusive, but eventually it turned out my SSL cert was NOT installed correctly.

Your site seems OK if checked here, but there is a yellow warning about 'low encryption cipher suites' - may or may not be relevant.
Moggin
Active Member
Posts
1084
Joined
Wed May 05, 2010 4:56 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Tue Dec 07, 2010 12:23 am

Hi Moggin,

I've re-enabled the SSL in Settings now.

I went to that site and saw the notice about low encryption cipher suites... Hrm. Guess I'll contact the host to see what's up with that.
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Tue Dec 07, 2010 1:47 am

Also I'm completely wrong about disabling SSL in the Settings 'fixes' the admin area... it works the same regardless either way, except on those pages I listed. I was just always mainly going to the Settings page so I assumed it was fixing something.

So to re-cap, I've got SSL re-enabled so it shows up in the cart checkout, but it's saying that the checkout, and those few sections in the admin area, are unsecure. But the pages in the admin I didn't list have the lock and are secure.
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by Moggin » Tue Dec 07, 2010 3:14 am

This is just strange. I've viewed your page again, and none of the media elements on the page are coming over SSL.

If you view source, the base href is
http://www.confortaire.net/koa1 - and it should be https:

As you've switched on SSL in the admin panel, this is all that's required to activate SSL in normal circumstances.

Anyone else seen this before, or got any ideas?
Moggin
Active Member
Posts
1084
Joined
Wed May 05, 2010 4:56 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Tue Dec 07, 2010 5:21 am

Okay, I started over just to see if maybe I messed something up.

I took the OpenCart zip, unzipped it, slipped in the 1.4.9.2 files so that all that is updated/fixed (didn't see that patch before!). Then I uploaded that, set permissions, created my database, and made sure all things were good (magic_quotes off, etc.), all's gold. I logged into the admin area, and did nothing else - didn't touch the config.php or anything - did nothing but just flip on SSL for the cart checkout.

Went to the cart checkout, same problem. I'm clueless of what the problem could be.

Here's the new install: http://www.redacted.net/redacted/

Edit: Also just updated the admin/config.php HTTPS_SERVER and HTTPS_IMAGE to https:// .... no change

Edit again: if i change the store URL to https://www.redacted.net/redacted/ it works... everything works right. WHY?!?... except the site is really slow this way, ha.

I can only assume this has something to do with the base href not getting changed... because if I type in https://www.redacted.net/redacted/ as the store URL and then visit the store, the lock shows proper, the SSL is signed correctly and everything is secure - and the base href has https://, but if I leave the store URL as http://www.redacted.net/redacted/, none of that happens and it's unsecure.
Last edited by daledude on Fri May 20, 2011 11:43 pm, edited 1 time in total.
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Tue Dec 07, 2010 6:52 am

I just browsed through the source code on the admin pages where the lock breaks/insecure, and the only media that isn't coming from https:// are the images used for the thumbnail of the product, named like no_image00x00.jpg... in System > Settings > Image, Catalog > Products, etc. Anywhere that square with the camera inside it, breaks the SSL. Any help? I've GOT to get this site done by the end of the week! argghh...

Also, the Image Manager doesn't even work... gotta figure that out...
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by Qphoria » Wed Dec 08, 2010 12:09 am

You are confusing me here.

You start out ok but I think maybe you aren't sure how https should work or something else is just off.

First let me explain that https should only apply to content-sensitive pages. There is no https on the product pages or home page or information pages since there is nothing to protect. https will automatically trigger on the account pages, checkout pages, etc. Anywhere sensitive information like address, credit card number, etc is being entered.

That said, does that solve your problem?

Additionally, I recommend you remove the "https" from the store url field. If you have http:// there and have use ssl enabled, it automatically adds the "s" to the end of that for the catalog side.

For the admin side, you have to edit the admin/config.php and in the HTTPS area add the "s" yourself. Then admin should be secured as well.

Image

User avatar
Qphoria
Administrator
Posts
20056
Joined
Tue Jul 22, 2008 3:02 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Wed Dec 08, 2010 12:25 am

Hey Qphoria,

Right, I understand that. I've actually got all of that correct.

1) I have Store URL set as http://www.redacted.net/redacted/ (not https://), and Use SSL activated in Settings
... which activates SSL for the checkout. The URL changes to https:// at checkout, but the browser reports that some items (the images) are insecure. If, at checkout, I click the padlock and look under Media, every image is being loaded from http:// at checkout.

2) I have the following in admin/config.php:

Code: Select all

// HTTPS
define('HTTPS_SERVER', 'https://www.redacted.net/redacted/admin/');
define('HTTPS_IMAGE', 'https://www.redacted.net/redacted/image/');
3) In the admin backend, all of the pages are properly secured with SSL, except Catalog > Products, System > Settings... The only thing I can find in common here is that these pages feature the image of the camera, which again, is being pulled from http:// not https://

I can't figure out why this is happening.
Last edited by daledude on Fri May 20, 2011 11:44 pm, edited 1 time in total.
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by Moggin » Wed Dec 08, 2010 1:28 am

daledude wrote:...The URL changes to https:// at checkout, but the browser reports that some items (the images) are insecure. If, at checkout, I click the padlock and look under Media, every image is being loaded from http:// at checkout.
-I visited your site again, and can confirm I see the same thing on the checkout pages: https: in the address bar, but all media loading from http, and base href on secure pages is still http:

Also tried loading the home page http://www.confortaire.net under https: and everything looked fine! - blue bar in firefox, all media secured. I could visit any page, even one that doesn't exist, and it shows https: , blue bar, all secure.

It stops working when I get to the development pages, koa1 or koa0. I hope this will help someone smarter than me to pinpoint the problem, since it seems to start within this subfolder.
Moggin
Active Member
Posts
1084
Joined
Wed May 05, 2010 4:56 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Wed Dec 08, 2010 1:59 am

Thanks for the confirmation, Moggin. I know I'm not crazy, lol.

If this info helps any, I got the SSL from GoDaddy, the site is hosted on Network Solutions (ugh), the SSL is installed properly (as far as I know - NetSol has no area where I can check, just take their word for it *sigh*). I just don't know... no other problems, got Qphoria's FedEx module I bought working simply, just this one critical issue driving me nuts.

Edit: Well, this and the Image Manager not working properly... just seem to be having images-related issues

Also I'd be happy to setup a temp FTP acct if anyone would like... thanks
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Wed Dec 08, 2010 4:08 am

I've decided to just change the Store URL to https://redacted.net/redacted/, as this just plain works and I'm running out of time. The site will only have like 3-4 products anyways, in this particular subfolder (/redacted/, which I will change to just /redacted/ at launch). But the main http://redacted.net/ site WILL have tons of products in the future; this /redacted/ is a mini-site they sell directly to this particular company... so if anyone can help me figure this out with the http://redacted.net/redacted/ for testing I'd appreciate it... but I've gotta move on. :-\

Ugh nevermind changing to https:// adds three slashes in IE... god.
Last edited by daledude on Fri May 20, 2011 11:45 pm, edited 1 time in total.
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by Moggin » Wed Dec 08, 2010 5:50 am

Googling 'Network solutions' and SSL found a few problems similar to yours

Also Xsecrets referred to them pretty scathingly here
http://forum.opencart.com/viewtopic.php ... t=0#p95552
(- actually I see it's your thread, started last year..)

Maybe this is the root of the whole thing though ???
Last edited by Moggin on Wed Dec 08, 2010 5:59 am, edited 1 time in total.
Moggin
Active Member
Posts
1084
Joined
Wed May 05, 2010 4:56 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Wed Dec 08, 2010 5:58 am

Haha! Oh my god that 2nd post was made by me almost one year ago. I completely forgot I've tried to use OpenCart before.
Last edited by daledude on Fri May 20, 2011 11:47 pm, edited 1 time in total.
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by Moggin » Wed Dec 08, 2010 8:08 am

daledude wrote:..Yeah, I hate NetSol, but my boss loves them and keeps getting clients to sign up for accounts with them. I've had nothing but problems trying to get my work done on sites hosted by them the past year and a half I've been working here.
Aw no! :crazy:

- BTW this was on the Network Solutions forum - maybe it has something to do with it
Our proxy SSL doesn't allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds.
http://forums.networksolutions.com/gene ... t6418.html

Their suggestions are 'make all the links to sensitive pages https:' - or use a javascript detect script. Or a VPS.
:clown:
Moggin
Active Member
Posts
1084
Joined
Wed May 05, 2010 4:56 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Wed Dec 08, 2010 10:58 pm

Yep, that looks to be the exact same problem. And the hilarious thing is, I had just installed ZenCart and was going to move on to trying to get THAT to work. Guess this is going to be a universal problem. THANKS, Network Non-Solutions! :'(

Guess I'll try their little JavaScript hack... Strangely, NetSol used to offer ZenCart in their admin Open Source applications thing, where they'd auto-install it for you, but I noticed they removed it. They also had osCommerce, but it's gone now. The only thing they have in there now is Magento, and Magento crawls on their servers... or any shared hosting server, really.

Anyway I hope this JS trick works or else we're screwed. O0
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by Moggin » Thu Dec 09, 2010 4:06 am

I hope the JS script works - good luck! Running secure ecommerce on a server like this looks a little 'hit and miss', but you never know ;)
Moggin
Active Member
Posts
1084
Joined
Wed May 05, 2010 4:56 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by daledude » Wed Dec 15, 2010 10:36 am

Sooo yeah the JS trick didn't work... all that JS does is make the URL of the page https://. It doesn't change the base href to https, which is entirely what the problem is.

Is there a way to use JavaScript to rewrite the base href on a page from http:// to https://, if it detects that the URL of the page is https:// too?? Or is there a way for me to hard-code the base hrefs for the sensitive areas only to be https?

God I hate Network Solutions... I have to get this going THIS WEEK though, period!

Still working on it at http://redacted.net/redacted/...
daledude
New member
Posts
66
Joined
Thu Dec 17, 2009 1:30 am
Top

Re: SSL not securing all items in OpenCart via https

Quote

Post by davidre » Sun Nov 27, 2011 9:31 pm

did you ever solve this. I have the same issue, and I believe I need to write some custom code on the header file to https the checkout page.

My logo and base URL are HTTP...
My SSL is installed correctly.

This is really getting me down... NEED HELP!

Thanks
Dave
davidre
Newbie
Posts
6
Joined
Wed Nov 23, 2011 8:24 pm
Top
Post Reply
Return to “General Support”
Who is online

Users browsing this forum: No registered users and 99 guests