Jump to content

[SOLVED]SSL problem on order-confirmation page after PayPal redirect


Recommended Posts

Hi all,

 

When a customer completes a purchase using Paypal (v2.8.5) they are redirected to the order-confirmation page of my shop. However a warning pops up on safari saying the form sent is not secure. The url is http not https. I have SSL installed and working fine but for some reason it doesn't work on this page.

 

Am I right to assume order-confirmation.php should be https and if so, why is it not redirecting to the secure version?

 

Any help would be greatly appreciated as this security warning doesn't really instil confidence in the site.

 

Cheers

Link to comment
Share on other sites

i don't believe the order confirmation page requires https, my shop works the same way even using the check payment method.

the browser or server is not delivering any secure information at this point.

 

to change this, I believe you only need to add the following code to the OrderConfirmationController.php

    public $ssl = true;

 

so it should look like this at the top of the file

class OrderConfirmationControllerCore extends FrontController
{
   public $php_self = 'order-confirmation.php';

   public $id_cart;
   public $id_module;
   public $id_order;
   public $secure_key;
   public $ssl = true;

Link to comment
Share on other sites

Hi bellini13 - I tried your solution but the security message still pops up and the order-confirmation page is still http not https.

 

Any idea why it's not working?

 

Thanks for your help.

 

This change does make the order-confirmation page https - I have two sites on my server and I was editing the wrong one! However, still get the security message when redirected from paypal.

Edited by pel024 (see edit history)
Link to comment
Share on other sites

OK I think I'm getting closer to fixing this but just need a little more help!

 

When I'm redirected from paypal to order-confirmation the page takes quite a while to load and then when it finally does some of the images are missing. These images are in the themes/img folder. The images load fine on other pages with SSL installed. The problem seems to be with the incorrect url being called.

 

For example, on a page without SSL the url of an image is:

 

 

http://www.dermalsense.com/themes/prestashop2/css/../img/block_header_exclusive_cart.png

and the same image on a page with SSL installed and displaying correctly:

 

https://www.dermalsense.com/themes/prestashop2/css/../img/block_header_exclusive_cart.png

But on the order-confirmation page:

https:///themes/prestashop2/css/../img/block_header_exclusive_cart.png

So the problem seems to be that the root domain is missing from the image url. Any idea why this is happening and how to fix? This is driving me crazy!!

Link to comment
Share on other sites

i would suggest looking at the template file for the cart that displays that image. it would seem that under this scenario that the base url is not getting set properly. perhaps looking at the template, or the controller you might get an understanding of why.

Link to comment
Share on other sites

Hi, This is happening because when you sending set parameters to PayPal along with return url as http://SITENAME/order-confirmation.php?... instead of https://SITENAME/order-confirmation.php?... So you have to check if SSL enabled on your site, if so you have to pass return URL as https://SITENAME/order-confirmation.php?... otherwise pass as regular URL, http://SITENAME/order-confirmation.php?... Go to ROOT >> modules >> paypal >> standard >> redirect.php Go to line #80, replace the following line 'url' => PayPal::getShopDomain(true, true).__PS_BASE_URI__ by 'url' => PayPal::getShopDomainSsl(true, true).__PS_BASE_URI__ That solve your issue.

 

@Egrv: thanks for posting this solution, however I have a question. I use paypal and my site is secured with an SSL certificate. I have not made this modification and my site works properly. i'm curious why you would have to make this change?

 

The redirect sends the user to the base url of the shop, which typically is not secured.

Link to comment
Share on other sites

It works!! I'm now redirected to my site (order-confirmation.php) without any security messages. Thanks Egrv and Bellini13 this has been driving me mad for days.

 

I'm still a bit confused though. @Bellini13, do you mean you are redirected back to your homepage without any security messages? If so, why am I redirected back to order-confirmation.php and with security messages? Is there a setting for this?Surely the order-confirmation page is the correct redirection but obviously you don't want the security messages, even if no security data is being sent.

 

Anyway, it's solved!

 

Cheers

Link to comment
Share on other sites

I am confused as well. No paypal redirects users to the order confirmation page. Perhaps the redirect URL is used by paypal if the user cancels the payment no the paypal site?

 

The change I suggested earlier (controller update) should have fixed your problem. I'm not sure how the redirect URL change would have.

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...