Force SSL for Entire Cart

grayloon · July 16, 2009, 12:00am

Is it possible to make CS-Cart use HTTPS for the entire shopping experience front to back?

miracles · July 16, 2009, 12:00am

you want like https://www.domain.com ?

darius · July 16, 2009, 12:00am

This should be done via server admin panel.

SSL should be enabled for 80 port and 443

grayloon · July 16, 2009, 12:00am

I want my entire store to use [url]https://secure.domain.com/[/url]

darius · July 16, 2009, 12:00am

[quote name=‘grayloon’]I want my entire store to use [url]https://secure.domain.com/[/url][/QUOTE]

Not sure about your hosting.

I am on dedicated server. When I enable SSL for my stores virtual host a copy is made of it. Now I have to 80 and 443, 443 is normally ssl port for parts enabled in cart. If I enable ssl for port 80 also all domain will be secured whatever cs-cart likes it or not.

grayloon · July 16, 2009, 12:00am

What about doing something with mod_rewrite?

grayloon · July 17, 2009, 12:00am

If you would like to use your whole store under https please try to replace the following part of code in the “fn.control.php” file located in the “core” directory of your CS-Cart installation:if (AREA == 'A' && (Registry::get('settings.General.secure_admin') == 'Y') && !defined('HTTPS') && ($_SERVER['REQUEST_METHOD'] != 'POST') && !defined('AJAX_REQUEST') && empty($_REQUEST['keep_location'])) { fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url')); } elseif (AREA == 'C' && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) { $secure_controllers = fn_get_secure_controllers(); // if we are not on https but controller is secure, redirect to https if (isset($secure_controllers[CONTROLLER]) && $secure_controllers[CONTROLLER] == 'active' && !defined('HTTPS')) { fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url')); } // if we are on https and the controller is insecure, redirect to http if (!isset($secure_controllers[CONTROLLER]) && defined('HTTPS')) { fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url')); } }with this one:if (AREA == 'A' && (Registry::get('settings.General.secure_admin') == 'Y') && !defined('HTTPS') && ($_SERVER['REQUEST_METHOD'] != 'POST') && !defined('AJAX_REQUEST') && empty($_REQUEST['keep_location'])) { // fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url')); } elseif (AREA == 'C' && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) { $secure_controllers = fn_get_secure_controllers(); // if we are not on https but controller is secure, redirect to https if (isset($secure_controllers[CONTROLLER]) && $secure_controllers[CONTROLLER] == 'active' && !defined('HTTPS')) { // fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url')); } // if we are on https and the controller is insecure, redirect to http if (!isset($secure_controllers[CONTROLLER]) && defined('HTTPS')) { // fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url')); } }Save the file and insert the following part of code into the “.htaccess” file located in the same directory:RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]under this line:RewriteEngine on