Is it possible to make CS-Cart use HTTPS for the entire shopping experience front to back?
This should be done via server admin panel.
SSL should be enabled for 80 port and 443
[quote name=‘grayloon’]I want my entire store to use [url]https://secure.domain.com/[/url][/QUOTE]
Not sure about your hosting.
I am on dedicated server. When I enable SSL for my stores virtual host a copy is made of it. Now I have to 80 and 443, 443 is normally ssl port for parts enabled in cart. If I enable ssl for port 80 also all domain will be secured whatever cs-cart likes it or not.
What about doing something with mod_rewrite?
If you would like to use your whole store under https please try to replace the following part of code in the “fn.control.php” file located in the “core” directory of your CS-Cart installation:if (AREA == 'A' && (Registry::get('settings.General.secure_admin') == 'Y') && !defined('HTTPS') && ($_SERVER['REQUEST_METHOD'] != 'POST') && !defined('AJAX_REQUEST') && empty($_REQUEST['keep_location'])) {
with this one:
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
} elseif (AREA == 'C' && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) {
$secure_controllers = fn_get_secure_controllers();
// if we are not on https but controller is secure, redirect to https
if (isset($secure_controllers[CONTROLLER]) && $secure_controllers[CONTROLLER] == 'active' && !defined('HTTPS')) {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
}
// if we are on https and the controller is insecure, redirect to http
if (!isset($secure_controllers[CONTROLLER]) && defined('HTTPS')) {
fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url'));
}
}if (AREA == 'A' && (Registry::get('settings.General.secure_admin') == 'Y') && !defined('HTTPS') && ($_SERVER['REQUEST_METHOD'] != 'POST') && !defined('AJAX_REQUEST') && empty($_REQUEST['keep_location'])) {
Save the file and insert the following part of code into the “.htaccess” file located in the same directory:
// fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
} elseif (AREA == 'C' && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) {
$secure_controllers = fn_get_secure_controllers();
// if we are not on https but controller is secure, redirect to https
if (isset($secure_controllers[CONTROLLER]) && $secure_controllers[CONTROLLER] == 'active' && !defined('HTTPS')) {
// fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
}
// if we are on https and the controller is insecure, redirect to http
if (!isset($secure_controllers[CONTROLLER]) && defined('HTTPS')) {
// fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url'));
}
}RewriteCond %{HTTPS} off
under this line:
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]RewriteEngine on