LETS WORK ON SHARED SSL SOLUTION

[givingback]

Hi To all,
I have joined this forum as my username suggest to try and give something back for all the help that I have recieved from forums like this in the past.

I would like to ask your assistance in an problem with "Prestashop" opensource Shopping cart which everyone speaks extremely highly of:- With one exception

It will not work with shared SSL's
The back office admin has a radio button to choose Enable SSL this invokes the init.php to select "https://" then the "$server_host" variable adds the "path to page" in a test installation setup on a unused domain I have when clicking the view basket gives
https://www.rougecustomers.com/order.php?step=1 ---Which is ok for Private SSL

I can alter the $local_host_ssl to display "https://web44.secure.secure.co.uk/
On a shared SSL at heart Internet whos shared SSL is ((ServerID + secure.secure.co.uk)+ $local_host )however this gives the problem display of:-
https://web44.secure.secure.co.uk/www.r ... php?step=1

Which has a "www" where it is not required

I feel that If I could Identify the "$local_host" definition to remove the "www" from the created URL This would be a step in the right direction.

However I cannot find that part of code in the Script.

Can Anyone here help by adding to this

[givingback]

In addition to my previous post anyone who can identify the file that actually defines
the $local_host would be a great help as I just cannot seem to find it

There is obviousley a part of the script that creates the url's below when SSL is not Enabled

Wher the links Cart Check out are displayed
These sections of code are taken from the index page with ssl "OFF" in the first example

and "ON in the second example

     


Cart
Check out

And If Server params "$protocol_ssl is changed to = 'https://web133.secure.secure.co.uk/'

                        

Cart
Check out

As you can see from the above examples in the first instance the www. is correctly positioned

But in the second example the "www." preceeding the domain name is not required

How can we change this Please

What part of the code writes these Urls

If edited in the browser removal of the "www." actually calls the ssl but the server reports that the file order.php cannot be found on the server.
(I suspect because the script has added the www again on the fly.)

I am so looking forward to any replies to this

[MrBaseball34]

In addition to my previous post anyone who can identify the file that actually defines
the $local_host would be a great help as I just cannot seem to find it

It is in init.php:
(1.3.2)

$protocol = 'http://';
$protocol_ssl = 'https://';
$protocol_link = (Configuration::get('PS_SSL_ENABLED')) ? $protocol_ssl : $protocol;

(1.4)

$protocol_link = (Configuration::get('PS_SSL_ENABLED')) ? 'https://' : 'http://';

[givingback]

Hi Mr Baseball34

Thanks for your response I acknowledge your High 4 Star rating
And Hope you can help in this solution Please read below.
Please feel free to PM me about this subject as I really would like to solve this.

Any Explanations given are intended as help for those who like I once was are just beginning to get their
head around this techie stuff So please If you are a "Techie" I know you "Knew that"

To be Specific:

We have established that in the init.php The section of code you show is definately of relevance.

$protocol = 'http://';
$protocol_ssl = 'https://';
$protocol_link = (Configuration::get('PS_SSL_ENABLED')) ? $protocol_ssl : $protocol; 

We Have "Two" Types of SSL Private and Shared

I am Focusing on the Shared SSL Problem

Let me Clearly Identify what I believe to be the "BIG STUMBLING BLOCK"

Shared SSL's Work by directing required secure pages through a "Nominated" (Usually by Your Hosting Company)
Secure Server.

In my case this is Love2host.com Who Is A Reseller Using Heart Internet services who provides the secure ssl server in the form

ServerID.secure.secure.co.uk

The site I have created for trying to resolve this problem is www.rougecustomers.com
The Site Only has prestashop loaded into the root ( I have no intention of selling anything from the site )
So don't visit it looking to see whats for sale.

After enabling SSL in preferences and editing "$protocol_ssl" to the Following

$protocol = 'http://';
$protocol_ssl = 'https://web44.secure-secure.co.uk/';
$protocol_link = (Configuration::get('PS_SSL_ENABLED')) ? $protocol_ssl : $protocol; 

After Editing The Above Hovering over The "Check out" button produces the link below

https://web44.secure-secure.co.uk/www.rougecustomers.com/order.php?step=1

This confirms That prestashop has SSL Enabled

The Problem is the URL has a "www." inserted by "The prestashop Script"

From init.php we know that

$protocol_link = (Configuration::get('PS_SSL_ENABLED')) ? $protocol_ssl : $protocol; 

is the part of the code that checks for SSL being enabled and then enters the appropriate protocol

Either "$protocol_ssl"(in this case) (https://web44.secure-secure.co.uk/)

Or "$protocol" (if ssl was not enabled) simply "http://"

What we need to find is the part of script that then add's the Base URL After That

IE:

www.rougecustomers.com/order.php?step=1

If we can get the "www." to not be inserted then all the url's created will be correct

For example if you manualy alter the url and remove the www. in the browser

The Script will move along to the next part but show and page not found on server error

Because all url's created by the script contains the "www." in the url

So The Only thing it seems optomisticaly we need to do to get prestashop to work with Shared ssl's is
get the script to remove the "www."

[MrBaseball34]

Download a free grep tool and you can search the source code for that information on your own.

[givingback]

Cheers I was not having much luck with command line searches in Filezilla

Downloaded Wingrep on your advice heres link http://www.wingrep.com/
Info for others:
Windows Grep is a tool for searching files for text strings that you specify.

[MrBaseball34]

Excellent choice. I even help Huw when he was programming that utility in Delphi back in the lat 90's.

[givingback]

SHARED SSL PROBLEM "UPDATE"

You will have seen from the previous posts what we are trying to achieve here
Just to keep you updated

I am Now searching through prestashop code to find the different variables that Call "$base_dir_ssl"

This should take me to all paths and vars that cause the __PS_BASE_URI__ to use $base_dir_ssl

This could take a while as there could be numerous calls and variable changes throughout the code to work our way back
to the original instance.

So Please be patient.

Incidently ...If prestashop developers are reading this and are planning to solve this please do me a favour and let me know

as I would so like to try something easier.

[givingback]

PROGRESS

A previous post suggested that cookies may have been a problem But I cannot find this to be the core problem

Currently checking the "classes>tools.php code for possibilities

[givingback]

PROGRESS REPORT

After fudging around in the page source code I managed to get the page to go to the secure server
after a bit of editing in the header.tpl I feel similar editing will allow most pages to load ok

Heres a link to the shared ssl page for anyone to have a look

This page was arrived at by clicking on the Check out button which asks for (SECURE URL}/order?test=1

https://web44.secure-secure.co.uk/rougecustomers.com/authentication.php?back=order.php?step=1

I am keeping a log and will post it when it is worth using

THE NEXT STEP
is to have the CSS called to the page to make it presentable

An overview so far. I have found the coding in prestashop to be clearly written and very tidy which is making it a bit easier than some other tasks (So thank you prestashop)

By using a template engine and HOOKS I just have a lot of checking to do

If you can help please make a suggestion

Lets crack this thing...

[givingback]

Still Working on this

Update; On holiday till end of march

[shoulders]

interesting work.

i once tried to use a shared SSL by trying to rewrite it with htaccess. I did not have much success, i think it was probably intentional you could not rewrite/fake a SSL address.

[givingback]

All replys are welcome, but some are more welcome than others. I am looking to move this forward in a positive way
htacces does not rewrite source code in prestashop I have given a clear log of what I am doing above
and the objective is to identify all the changes required that will allow shared ssl's.
If you are going to post a reply make sure you have read all the posts above so that your post may be the one that
Gets us closer to our goal.

[shoulders]

I will keep an eye on this thread and post if i get any technical ideas etc..

cheers

[meccabooks]

I am having issues with my website.. I have dedicated SSL and when I click on any of the links for example cart, PayPal, Gcheckout links etc. I get the following path
http://https//mydomain.com/modules/paypal/payment/submit.php

instead of https://mydomain.com/modules/paypal/payment/submit.php

any help must me much appreciated... this has delayed my web store to be open for more than 2 weeks now.

[Virtual Assistant]

I am also looking for this answer. My hosting service tells me to replace my .htaccess file with these instructions:

 

To access any of your files through a SSL connection, use the following URL:

https://websitenamecom.netfirms.com/<anyfile>

... where <anyfile> is the name of any file in your web directory.

Files in subdirectories will work too. Just use

https://websitename.netfirms.com/<directory>/<anyfile>

... where <directory> is the name of any subdirectory.

 

There is much more in the .htaccess file, can this advice be correct? I don't quite understand. Maybe I am way off track, I am new at this.

Thanks

[Dh42]

I do not guess I understand why people even use shared ssl certificates. It is more of a headache to mess with it. I don't see why people just do not buy a certificate and an ip address, you are only talking 30 bucks a year for the low range.

[Dh42]

Oh, and don't re-write all of your urls to ssl, it will kill your page load time and eat a lot of bandwidth.

[tdr170]

I have a shared SSL and have no problems as of this posting.

 

The problems I did encounter with the shared SSL was that when going from secure pages to unsecure pages the browser would see this as two different domains so if you put something in cart and logged in the cart would be empty.

There were also issues with logging in and out, if you logged out and clicked on log in you were already logged in.

This also turned out to be an issue with the two different domains, you see if you have a shared SSL like mine your shop might be at prestashop.com/shop but your secure pages would be at prestashopc.ipage.com/shop two different domains.

How do you fix this simple put the entire shop under SSL by placing the SSL version of your shop in both address listing under SEO & URLs.

 

In my case here's what worked.

 

Shop Domain Name - nuggetsranchracewayc.ipage.com/shop

Shop Domain Name for SSL - nuggetsranchracewayc.ipage.com/shop

 

I am still working on shop but have not had any issues so far, Hope this helps someone.

[glennlawre]

tdr170, could you help a fellow biker out and tell me how you get the styling to apply with this config?

 

I have enabled SSL and set as per your instructions, however my styling does not get applied. See my post regarding this here - http://www.prestashop.com/forums/topic/206748-can-prestashop-work-with-a-shared-ssl/

 

I have set my store and SSL to secure-ssl-servers.us/test25-net

 

Any help would be great...

[tdr170]

Try clearing your caches both your browser and Prestashop in 1.4.9 this can be found in ..tools/smarty/ use your FTP and clear both the cache and compile folders (leave any index.php files).

 

From the back office set force compile on and cache off, enable SSL as I described then go to tools, generator and generate a new .htaccess file and see if that helps.

 

If not try this go to Preferences, SEO & URL and turn off friendly URL's and save then back on and save, then generate another .htaccess file and see if that helps.

 

Post your results.

[glennlawre]

No luck I'm afraid.

 

I already had force compile and disable cache set. I had tried to clear the compile folder, except for the index file, and I don't have anything in cache folder.

 

I have also just tried to clear my browser cache.

 

Also, currently I am not using Friendly URLs on this test site, so no need to change this. I did regenerate the .htaccess, but I think this is just for using SEF URLs if I am not mistaken, so probably not going to do anything to help.

 

I have my shop domain & SSL set to secure-ssl-servers.us/test25-net, but still no joy!

 

The problem seems to be that the baseDir is getting set to "secure-ssl-servers.us" whereas on the non-secure pages the baseDir is "test25.net" and all the paths to the required file are relevant. With the baseDir set to "secure-ssl-servers.us" is does not know where the required files are, i.e. stylesheets, images etc...

 

Any ideas why this might be?

 

Cheers...

[tdr170]

I think I see the issue:

 

In your Domain and in the SSL you only put the root of your shop, you do not add the sub directory of your shop as the SSL cover the root and all sub folders.

You set where your shop is installed in PS directory.

 

kinda like this:

 

/test25-net/

yourdomian.secure.com

yourdomain.secure.com

[glennlawre]

That did it alright, thanks for this!

 

One other thing, have you figured out a way to only have the shared ssl only apply to the required pages? Using ssl on the whole site slows it down dramatically. Plus, the domain for the entire site is now https://secure-ssl-servers.us/test25-net/"whatever", not www.test25.net/"whatever"

 

This could maybe be off-putting for some people that visit the site.

 

Can the site work with shared ssl?

 

Thanks again for your help...

[tdr170]

I'm not sure that is possible because of the different addresses, Prestashop will see this as two different domains and you will have issues with log in, shopping carts and others I'm sure.

The best bet is to do as I did break down and buy an SSL its not that expensive.

Edited November 28, 2012 by tdr170 (see edit history)

[glennlawre]

Yeah, probably will just have to bite the bullet and purchase a cert!

 

Thanks for your help on this though...