Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

SSL after finishing checkout. Rate Topic   - - - - -

 
  • Glosjammer
  • Senior Member
  • Members
  • Join Date: 02-Jan 06
  • 152 posts

Posted 14 February 2006 - 11:57 AM #1

THE SSL is still invoked (https) after the user has finished checkout. I have hard coded items in some products HTML description and this causes security issues to be displayed.

The Fix:-

Should be to return the user to an unencrypted session after the transaction is complete / after displaying the invoice.

Martin

 
  • TVC
  • Member
  • Members
  • Join Date: 16-Jan 06
  • 54 posts

Posted 14 February 2006 - 02:13 PM #2

Assuming you are referring to IE's warning about "there are secure and non-secure items on this page, would you like to load the non-secure items?"

You have a few options:

A) If the hardcoded stuff is on the same server, Use relative paths, so instead of http://www.mysite.com/logo.jpg, use /logo.jpg
B) change the hard coded stuff to the secure protocol: instead of http://www.mysite.com/logo.jpg make it https://www.mysite.com/logo.jpg
C) if you are using a shared ssl, change http://mysite.com/logo.jpg to https://my.shared.se.../~user/logo.jpg

I had this problem when I had banner images on my site. I just copied the banner images to my local site and ran them from there.

This may not be the solution if you aren't talking about the same error message.

 
  • Glosjammer
  • Senior Member
  • Members
  • Join Date: 02-Jan 06
  • 152 posts

Posted 14 February 2006 - 02:45 PM #3

Yes IE messages, or any browser messages come to that.

All the above solutions are not really viable as it breaches copyright having them on my server.

Using an HTTPS connection will not always allow connection to the remote object.

 
  • TVC
  • Member
  • Members
  • Join Date: 16-Jan 06
  • 54 posts

Posted 14 February 2006 - 03:13 PM #4

Yes IE messages, or any browser messages come to that.

All the above solutions are not really viable as it breaches copyright having them on my server.

Using an HTTPS connection will not always allow connection to the remote object.


? If you are hotlinking another sites content, I'd say that breaches copyright more than anything... what is the object in question?

 
  • Glosjammer
  • Senior Member
  • Members
  • Join Date: 02-Jan 06
  • 152 posts

Posted 14 February 2006 - 03:15 PM #5

The copyright specifically states all images and animation must be hotlinked to and not downloaded and hosted.

 
  • TVC
  • Member
  • Members
  • Join Date: 16-Jan 06
  • 54 posts

Posted 14 February 2006 - 03:38 PM #6

The copyright specifically states all images and animation must be hotlinked to and not downloaded and hosted.

Then they should definitely offer a https version for you. Maybe email them. I know google offers an https for their stuff too for just that reason

 
  • Glosjammer
  • Senior Member
  • Members
  • Join Date: 02-Jan 06
  • 152 posts

Posted 14 February 2006 - 03:44 PM #7

Hmmmm well ok then well do that instead of fixing a small bug. thats 3 companies I have to contact now... ah well ok then. Thanks.

 
  • TVC
  • Member
  • Members
  • Join Date: 16-Jan 06
  • 54 posts

Posted 14 February 2006 - 03:46 PM #8

Hmmmm well ok then well do that instead of fixing a small bug. thats 3 companies I have to contact now... ah well ok then. Thanks.


Well I will check my Zen-cart to see if they leave it in SSl mode after checkout. Are you referring to the "Thank you for shopping" page is in SSL? or all clicks afterwards are still SSL?

 
  • Glosjammer
  • Senior Member
  • Members
  • Join Date: 02-Jan 06
  • 152 posts

Posted 14 February 2006 - 03:47 PM #9

Yup.

 
  • TVC
  • Member
  • Members
  • Join Date: 16-Jan 06
  • 54 posts

Posted 14 February 2006 - 03:51 PM #10

? Which one? there were 2 options..

1) Thank you page is in SSL
2) All pages after Thank you page stay in SSL

option 2 is definitely a bug.. option 1 may or may not be on my other cart.. i will test it.

 
  • Glosjammer
  • Senior Member
  • Members
  • Join Date: 02-Jan 06
  • 152 posts

Posted 14 February 2006 - 03:57 PM #11

2. All pages stay in SSL.

 
  • zeke
  • Megamind
  • Administrators
  • Join Date: 01-Nov 05
  • 472 posts

Posted 15 February 2006 - 07:36 AM #12

THE SSL is still invoked (https) after the user has finished checkout. I have hard coded items in some products HTML description and this causes security issues to be displayed.


The solution is the following:
1. Open file ./core/fn_cart.php
2. Find function "fn_order_placement_routines"
3. Replace
fn_meta_redirect("$index_script?$target_name=orders&$mode_name=invoice&order_id=$order_id");
with:
global $http_location;
fn_meta_redirect("$http_location/$index_script?$target_name=orders&$mode_name=invoice&order_id=$order_id");


 
  • Glosjammer
  • Senior Member
  • Members
  • Join Date: 02-Jan 06
  • 152 posts

Posted 15 February 2006 - 07:56 AM #13

Nice one Cheers Zeke.

 
  • zardos
  • Senior Member
  • Members
  • Join Date: 08-Feb 06
  • 1062 posts

Posted 15 February 2006 - 09:19 AM #14

I am having trouble with images on the SSL side when going through checkout, i have .htaccess files in the images dir with (allow from all) but there also seems to be java script errors.

Any help please

Above problem solved by support, slight mistake in config.php with the (~) :oops:

 
  • Glosjammer
  • Senior Member
  • Members
  • Join Date: 02-Jan 06
  • 152 posts

Posted 15 February 2006 - 10:19 AM #15

i am having trouble with images on the SSL side when going through checkout, i have .htaccess files in the images dir with (allow from all) but there also seems to be java script errors.

Any help please


I would log a support request:-

http://helpdesk.cs-cart.com

 
  • zardos
  • Senior Member
  • Members
  • Join Date: 08-Feb 06
  • 1062 posts

Posted 15 February 2006 - 02:25 PM #16

Hi Lucifer

Thanks

I think i will have to, tried all i can still not working.

All fixed by support.

 
  • Glosjammer
  • Senior Member
  • Members
  • Join Date: 02-Jan 06
  • 152 posts

Posted 17 February 2006 - 04:09 PM #17

THE SSL is still invoked (https) after the user has finished checkout. I have hard coded items in some products HTML description and this causes security issues to be displayed.


The solution is the following:
1. Open file ./core/fn_cart.php
2. Find function "fn_order_placement_routines"
3. Replace
fn_meta_redirect("$index_script?$target_name=orders&$mode_name=invoice&order_id=$order_id");
with:
global $http_location;
fn_meta_redirect("$http_location/$index_script?$target_name=orders&$mode_name=invoice&order_id=$order_id");



HI,

This results in : Error
Unfortunately we cannot locate this page for you.


URL: index.php?target=exceptions&access_denied&csid=b6197e12989c14fa81ef47f36a0d4a7c

 
  • zardos
  • Senior Member
  • Members
  • Join Date: 08-Feb 06
  • 1062 posts

Posted 18 February 2006 - 03:54 AM #18

Hi Lucifer

zeke's solution is working for me fine.

// Empty cart
         sess_register('cart');
         $cart = array('user_data' => $cart['user_data'], 'profile_id' =>     @$cart['profile_id'], 'user_id' => @$cart['user_id']);

         global $http_location;
fn_meta_redirect("$http_location/$index_script?$target_name=orders&$mode_name=invoice&order_id=$order_id");
}

//
// Get all discounts list
//

Into https:// for checkout, when finished back to http://, no probs

 
  • zeke
  • Megamind
  • Administrators
  • Join Date: 01-Nov 05
  • 472 posts

Posted 20 February 2006 - 12:50 PM #19

"Page not found" error appeared if you try to checkout as anonymous customer.

The corrected code:

	global $http_location, $CSCART_SESSION_NAME;
	fn_meta_redirect("$http_location/$index_script?$target_name=orders&$mode_name=invoice&order_id=$order_id&".$CSCART_SESSION_NAME.'='.$GLOBALS[$CSCART_SESSION_NAME]); 


 
  • Glosjammer
  • Senior Member
  • Members
  • Join Date: 02-Jan 06
  • 152 posts

Posted 20 February 2006 - 12:53 PM #20

Thanks Zeke....

Just so everyone knows, I loggged this as a helpdesk call (http://helpdesk.cs-cart.com) and was fixed within the hour.... no thats service!