The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Oscommerce HTTPS

Discussion in 'cPanel Developers' started by cbwass, Apr 5, 2005.

Thread Status:
Not open for further replies.
  1. cbwass

    cbwass Well-Known Member

    Joined:
    Mar 29, 2002
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    After installing 'modsecurity' OScommerce sites have all the images pointing to 'https' and of course don't show, uninstalling 'modsecurity' makes no diference. Does any one know what has happend and how to fix it?
     
  2. cbwass

    cbwass Well-Known Member

    Joined:
    Mar 29, 2002
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    Just in case it happens to anyone else here's the gen.

    If you uninstall 'Modsecurity' you need to restart Apache to get things back working.

    If you don't want to remove 'Modsecurity' do the following:

    You can fix OScommerce by editing the file 'includes/configure.php' you will see 'define('HTTPS_COOKIE_DOMAIN', 'https://yourdomain.com' remove the 's' from https and it will work again.
     
    #2 cbwass, Apr 5, 2005
    Last edited: Apr 5, 2005
  3. bking

    bking Well-Known Member

    Joined:
    Mar 1, 2004
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney
    I have this same problem. But why is mod_security causing this issue?
     
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    It could be the rules set for Mod Security in httpd.conf.
     
  5. RAIS2

    RAIS2 Well-Known Member

    Joined:
    Jul 16, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Just to note this...

    Removing the `s` from the `https` for secure sites will cause a certificate warning to the end user, this will not look good to the end user. You should not mix `http` into a secure site. ALL images and other includes should be called from the `https` url.
     
  6. DavidR

    DavidR Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    Try this:

    change this:
    'define('HTTPS_COOKIE_DOMAIN', 'https://yourdomain.com'

    to

    'define('HTTPS_COOKIE_DOMAIN', 'https://.yourdomain.com'

    for both HTTPS and HTTP_COOKIE_DOMAIN defines, ie. make the domain .yourdomain.com instead of yourdomain.com.

    David
     
  7. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
    What will this do?


     
  8. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    OScommerce and modsecurity work fine. You did enable SSL in your config file...correct?


    define('ENABLE_SSL', true); // secure webserver for checkout procedure?
     
  9. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
  10. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    Just change this line in the config to false, and to leave the SSL server blank to remove the SSL from being called.

    define('ENABLE_SSL', false); // secure webserver for checkout procedure?

    define('HTTPS_SERVER', '')
     
  11. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
    Well tried that - it worked on Firefox but not IE.
    So I do what we usually do when this happens - reset cpanel SSL cert and restart apache.
    Fixes it for a while - then it comes back after 2months or so.

    Another fix should be to use same entry for https as for http - because then IE can find the files as well..
     
  12. merlinpa1969

    merlinpa1969 Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    PA
    cPanel Access Level:
    Root Administrator
    try using Zen-Cart instead.
     
  13. Axe

    Axe Member

    Joined:
    Oct 3, 2002
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    I just noticed this one on one client's osCommerce installation yesterday. I went in and simply modded application_top so that it forced it to not use the SSL hostname (which is set to '' because there is no SSL hostname due to the fact all transactions are done off-site via PayPal).

    I received an E-Mail from ANOTHER client using osCommerce today (again, no SSL cert, no SSL url as their checkout is done via PayPal).

    It seems that it's the base= line in the HTML header output.

    It's outputting as base="" (as there is no SSL url defined in the config file), so it's assuming it's in SSL mode when it's not).

    IE seems to take base="" as top priority, and thus attempts to load http:///image.jpg

    FireFox ignores base="" and loads the images current to the relative path of the page (http://www.domain.com/image.jpg).

    As 90% of the internet still uses Internet Explorer, this is a pretty big deal.

    Oh yeah, all their config files are defined as follows..

    define('ENABLE_SSL', false); // secure webserver for checkout procedure?
    define('HTTPS_SERVER', '')

    And this is with MS1 and MS2 installations.
     
    #13 Axe, Sep 20, 2005
    Last edited: Sep 20, 2005
  14. Axe

    Axe Member

    Joined:
    Oct 3, 2002
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Quick discovery...

    echo 'getenv('HTTPS')';

    returns "on" even when URL is called via http://www.domain.com/

    This is what's tripping up osCommerce.
     
  15. Axe

    Axe Member

    Joined:
    Oct 3, 2002
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    And for no reason whatsoever, I just rehash apache right now, and everything seems to be showing fine again.

    I guess whatever caused this to happen in the first place rehashed apache, a fix game through that didn't restart apache, and kept the bug loaded.
     
  16. Axe

    Axe Member

    Joined:
    Oct 3, 2002
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Guess I was wrong. Apache restarted itself later in the day and broke everything again.

    Manually stopping & restarting apache fixed it.

    Any ideas here?
     
  17. Bobby_Easland

    Bobby_Easland Registered

    Joined:
    Jun 10, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    There are a few settings that need to configured correctly for osCommerce to function as intended.

    First, the cookie domain settings should not have the HTTP or HTTPS. Here is an example:
    CORRECT
    PHP:
    define('HTTP_COOKIE_DOMAIN''.domain.com');
    NOT CORRECT
    PHP:
    define('HTTP_COOKIE_DOMAIN''http://domain.com');
    or
    define('HTTP_COOKIE_DOMAIN''http://www.domain.com');
    The dot in front of the domain name sets the cookie scope. Thus, the cookie would be valid for www.domain.com, forum.domain.com, store.domain.com, etc.

    Next, the cookie path should be set as restrictive as the store owner needs. Here is an example:

    CORRECT - Assuming catalog is top level
    PHP:
    define('HTTP_COOKIE_PATH''/');
    The cookie path sets the directories UNDER the cookie domain that are allowed access to the cookie information. Thus, the least restrictive is a forward slash (every directory is allowed to read cookie data).

    With respect to the $request_type variable: this code =>
    PHP:
    // set the type of request (secure or not)
      
    $request_type = (getenv('HTTPS') == 'on') ? 'SSL' 'NONSSL';
    ...should be:

    PHP:
    // set the type of request (secure or not)
      
    $request_type = ($_SERVER['SERVER_PORT'] == '80') ? 'NONSSL' 'SSL';
    Bobby
     
  18. Axe

    Axe Member

    Joined:
    Oct 3, 2002
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    osCommerce is correctly setup, I've been using it for several years now.

    NOTHING has changed in the store configs.

    This is an Apache issue, NOT an osCommerce issue.
     
  19. DavidR

    DavidR Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    Sometimes things change and settings that may have been incorrect yet were tolerated are no longer so. The osC config above is correct and anything else will result in erratic operation. I would start there.

    PS: Bobby is an excellent resource for osC information!
     
  20. Axe

    Axe Member

    Joined:
    Oct 3, 2002
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    He may be, as I said, I've been using it for several years myself.

    What I'm talking about in this instance is NOT an osCommerce issue (otherwise, it wouldn't happen to over a dozen osCommerce installations overnight that have been running perfectly happily for 2-4 years.

    As I determined that this is NOT an osCommerce issue, I created a separate thread for this problem.

    http://forums.cpanel.net/showthread.php?t=44208
     
Thread Status:
Not open for further replies.

Share This Page