How to disable HTTP requests and force into HTTPS on all pages...

How to disable HTTP requests and force into HTTPS on all pages of the store?



I have enabled all three options in admin panel for https, but I want my visitor to browse in https mode all the time.



.htaccess option just loops to homepage:



RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

[quote name=‘borescopeit’]How to disable HTTP requests and force into HTTPS on all pages of the store?



I have enabled all three options in admin panel for https, but I want my visitor to browse in https mode all the time.



.htaccess option just loops to homepage:



RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}[/QUOTE]



In this case you need to replace the following part of code:



$config['http_location'] = 'http://' . $config['http_host'] . $config['http_path'];
$config['https_location'] = 'https://' . $config['https_host'] . $config['https_path'];
$config['current_location'] = (defined('HTTPS')) ? $config['https_location'] : $config['http_location'];

?>




with this one:



$config['http_location'] = 'https://' . $config['http_host'] . $config['http_path'];
$config['https_location'] = 'https://' . $config['https_host'] . $config['https_path'];
$config['current_location'] = (defined('HTTPS')) ? $config['https_location'] : $config['http_location'];

?>




in the “config.php” file, located in the root directory of your CS-Cart installation and replace the follwoing part of code:



if (AREA == 'A' && (Registry::get('settings.General.secure_admin') == 'Y') && !defined('HTTPS') && ($_SERVER['REQUEST_METHOD'] != 'POST') && !defined('AJAX_REQUEST') && empty($_REQUEST['keep_location']) && !defined('CONSOLE')) {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
} elseif (AREA == 'C' && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) {
$secure_controllers = fn_get_secure_controllers();
// if we are not on https but controller is secure, redirect to https
if (isset($secure_controllers[CONTROLLER]) && $secure_controllers[CONTROLLER] == 'active' && !defined('HTTPS')) {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
}

// if we are on https and the controller is insecure, redirect to http
if (!isset($secure_controllers[CONTROLLER]) && defined('HTTPS')) {
fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url'));
}
}




with this one:



if (AREA == 'A' && (Registry::get('settings.General.secure_admin') == 'Y') && !defined('HTTPS') && ($_SERVER['REQUEST_METHOD'] != 'POST') && !defined('AJAX_REQUEST') && empty($_REQUEST['keep_location']) && !defined('CONSOLE')) {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
} elseif (AREA == 'C' && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) {
$secure_controllers = fn_get_secure_controllers();
// if we are not on https but controller is secure, redirect to https
if (isset($secure_controllers[CONTROLLER]) && $secure_controllers[CONTROLLER] == 'active' && !defined('HTTPS')) {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
}

// if we are on https and the controller is insecure, redirect to http
if (!isset($secure_controllers[CONTROLLER]) && defined('HTTPS')) {
//fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url'));
}
}




in the “fn.control.php” file , located in the “core” directory.

Thanks a lot, but it does not work!