[Solved] SSL

[djricky080]

Hello all!!

I've a prestashop shop, and i want enable SSL option. My hosting allow SSL, but not only putting https.
I need put https://www.ssl-url.net/mydomain.com/.......
someone knows how to do?

Summing:

I need change: https://mydomain.com
by: https://www.ssl-url.net/mydomain.com/

Thanks a lot!!!

[prip]

First of all, this type of ssl usage is more risky and is a negative point for your customers. And do NOT pay anything to this service because it has no cost for your provider. Then your questions answer is;

Go to "classes/Link.php" Line 17, you will see:

define('_PS_USE_SSL_', (isset($useSSL) AND $useSSL AND Configuration::get('PS_SSL_ENABLED')) ? 'https://'.$_SERVER['SERVER_NAME'] : '');

change it to:

define('_PS_USE_SSL_', (isset($useSSL) AND $useSSL AND Configuration::get('PS_SSL_ENABLED')) ? 'https://www.ssl-url.net/'.$_SERVER['SERVER_NAME'] : '');

(and also this is not the right forum for this question)

[djricky080]

I'm trying to do this and not solve my problem...sorry

[prip]

so, what happens when you make the change? Also did you check "enable ssl" from admin panel?

[djricky080]

yes, enable ssl is checked, but when i buy, prestashop continues putting https://mydomain.com.... i think that the solution this in another file.Thank you very much

[prip]

Found it, it is in "init.php" at line 96

[djricky080]

SOLVED!!!! Thank you very much prip!!!!!!

[mr_robot]

Hi,
I have the same problem. i want to use a ssl-proxy.
I also found the mentioned solution in "init.php".
But the result is a total mess with the base-url and including the stylesheet, images, etc. So i did not dig deeper in this solution.

But for you it´s working! ?
So my question is: What exactly did you change in the init.php?

Maybe my problem is, that the shop is running in a folder on my server (www.domain.com/prestashop) not in the root directory (for testing reasons)

Thank you very much for your help!

[prip]

Did you write;

"‘https://www.ssl-url.net/’.$_SERVER[‘SERVER_NAME’]"

or

"‘https://www.ssl-url.net/prestashop/’.$_SERVER[‘SERVER_NAME’]" ?

[mr_robot]

sorry for my late answer.

Here is what it is (what i think is correct):
'base_dir_ssl' => (Configuration::get('PS_SSL_ENABLED') ? 'https://ssl-url.net/' : 'http://').htmlspecialchars($_SERVER['HTTP_HOST'], ENT_COMPAT, 'UTF-8').__PS_BASE_URI__,

I tried many other different ways of doing this, but the way it is creating the Base URL is different from the way it is creating Links and different from the way it is including Stylesheets and JS. I don´t get all three correct at the same time.

I also recognized that the shop is loosing its session, when it changes to the ssl-url. I get an empty cart. That´s the bigger problem i think.

I´m afraid, I have to buy my own certificate :-(

Thanks again!

[hydra]

Hi,

Funny that a lot of these treads are marked SOLVED while they are not.

[insideout]

I am also still having trouble getting shared ssl to work. I have tried all sorts of paths in init.php and classes/Link.php. While I have caused several interesting degrees of failure, I have yet to get full success.

[jtyana]

I am also getting varying degrees of success and failure but no 100% solution despite this thread being marked solved.

I tried many other different ways of doing this, but the way it is creating the Base URL is different from the way it is creating Links and different from the way it is including Stylesheets and JS. I don´t get all three correct at the same time.

I also recognized that the shop is loosing its session, when it changes to the ssl-url. I get an empty cart.

I also got this empty cart problem and links, stylesheets, my logo pointing to my Shared SSL host's URL.
Changing links.php and init.php is only part of the solution

I conclude that Prestashop cannot handle Shared SSL without investing alot of time into hunting down all the places that need changing.

Fortunately, I don't really need SSL as my payment gateway handles the security for me

[hydra]

Hi,

In Holland we have consumergroups who advice not to buy with shops that don't provide SSL during the account creation process, and entering payment and shipping info. So i don't need it.. but the customer (thinks he) want it.

[Merchant]

hydra,

I agree, if Prestashop want to have dutch users they have to solve this problem. By the way, why implement ssl activation in the shop while it is not working?

[Ehinarr]

Some newsness in this thread?

[LucieJane]

I gave up on shared ssl and bought a certificate.

It was a single parameter to set in OsCommerce for shared ssl. And now with my certificate I'm still getting lots of error messages...

Lucie Jane

[Sharker]

for fix this thing:

Go to line 95 on init.php:

$protocol = (isset($useSSL) AND $useSSL AND Configuration::get('PS_SSL_ENABLED')) ? 'https://' : 'http://';

and change with this:

$protocol = (isset($useSSL) AND $useSSL AND Configuration::get('PS_SSL_ENABLED')) ? 'https://' : 'https://';

And working fine

[Ion_Cannon]

for fix this thing:

Go to line 95 on init.php:

$protocol = (isset($useSSL) AND $useSSL AND Configuration::get('PS_SSL_ENABLED')) ? 'https://' : 'http://';

and change with this:

$protocol = (isset($useSSL) AND $useSSL AND Configuration::get('PS_SSL_ENABLED')) ? 'https://' : 'https://';

And working fine

Man..i've had a time with my SSL implementation lately. The above fix will work fine if you don't mind your site being all https:// , problem with that is Google will not rank your page properly.

Here's what the ssl fix for my site is so far, might help some that are having mixed content issues. seems to have fixed most of mine. You pretty much have to trick the site all the time.. Sucky way of doing it but oh well. Any links that you want to revert back to http once going to https, you need to declare in the init.php like below or else you will trigger mix content errors.

$protocol = (isset($useSSL) AND $useSSL AND Configuration::get('PS_SSL_ENABLED')) ? 'https://' : 'http://';

if(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $protocol == 'http://' && 
strpos($_SERVER["REQUEST_URI"],'category.php') == true) {
   $newurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
}
elseif(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $protocol == 'http://' 
&& strpos($_SERVER["REQUEST_URI"],'cms.php') == true) {
   $newurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
} 
elseif(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $protocol == 'http://' 
&& strpos($_SERVER["REQUEST_URI"],'new-products.php') == true) {
   $newurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
} 
elseif(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $protocol == 'http://' 
&& strpos($_SERVER["REQUEST_URI"],'index.php') == true) {
   $newurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
} 
elseif($protocol == 'https://' && isset($_SERVER["HTTPS"]) == false) {
   $newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
} 

[stealthmktg]

That is a life saver Ion Cannon, thank you for sharing that.

I feel PS' protocol implementation leaves a lot to be desired. Mixed content security messages are never good for shoppers, whether they know what they're looking at (or why the message appeared) or not...

Thanks again

[stealthmktg]

Thought I would add that I ended up adding the following conditions to the code above to further clean up the "mixed content" security dialogs.

elseif(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $protocol == 'http://' 
&& strpos($_SERVER["REQUEST_URI"],'search.php') == true) {
   $newurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
} 
elseif(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $protocol == 'http://' 
&& strpos($_SERVER["REQUEST_URI"],'product.php') == true) {
   $newurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
} 
elseif(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $protocol == 'http://' 
&& strpos($_SERVER["REQUEST_URI"],'sitemap.php') == true) {
   $newurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
} 
elseif(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $protocol == 'http://' 
&& strpos($_SERVER["REQUEST_URI"],'best-sales.php') == true) {
   $newurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
}  
elseif(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $protocol == 'http://' 
&& strpos($_SERVER["REQUEST_URI"],'new-products.php') == true) {
   $newurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
} 
elseif(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $protocol == 'http://' 
&& strpos($_SERVER["REQUEST_URI"],'prices-drop.php') == true) {
   $newurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   header("Location: $newurl");
   exit();
} 

[Shaun]

Can you advise what init.php file it is? I'm looking at the one in the root folder but no sure if it is that one? Also, where exactly in the init.php file can the above code be inserted? Thanks....

[kobichhobi]

I have the same question as Shaun. I tried to make the change in the init.php file in the root folder, and it's a mess. I don't know exactly what to replace with this code. Exactly where do I make the change? Please specify for me.

This is my first e-commerce site and I want to use the shared ssl. Please help.

www.unitedwatches.net

Thanks.

[rocky]

You need to replace line 153 of init.php:

$protocol = (isset($useSSL) AND $useSSL AND Configuration::get('PS_SSL_ENABLED')) ? 'https://' : 'http://';

with the above two code snippets.

[kobichhobi]

Thank you, Rocky. I appreciate you taking your valuable time to help us.

I think I've just got it right, buy I can't implement it as yet because I don't a dedicated SSL Certificate.

I am looking forward to use a SSL that will allow me to use it as https://domain.com and not https://user.server.com
My site is hosted at StartLogic.com and their price for SSL service seem a bit expensive for me.

Do/does you/anyone know if it's possible for me to buy a cheaper certificate from a third party and use it with this site? If so where can I buy a good one? Any disadvantages or even advantages of using a third party SSL certificate?

I'd appreciate if anyone can help me find these answers.

Thanks.
www.unitedwatches.net

[PremierHosts]

You can buy cheaper SSL from Namescheap only $9.99 a year or free with a domain name purchase.

Hope this helps

Jay

[starxox]

Thanks Ion cannon for this solution. This in conjunction with this page http://www.prestashop.com/forums/viewthread/35274/security/solvedssl_problems/ helped me fix it. As it says you can load your secure page in IE to see which links are a problems (often it is modules) and then go to the back office to modules and then positions and just put in the pages that you don't want it to show (eg order php)

yay for solutions and kind people helping!

[ruaridhc]

Hi all, I've tried using the code suggested by Ion_Cannon and revised by stealthmktg, but the checkout page (order.php) on my site goes to http. It's not unitl you click on an https link such as 'log in', then, order.php link is changed to https. How might I go about fixing this?

Also (sorry), my link for 'my-account.php' is different in my header and in my footer. In my header, it's always https, but in my footer, it's always http. I've tried to find the code, but run into a wall when reaching $HOOK_TOP and $HOOK_BOTTOM. Is this fetching code from another file? I've looked but can't find an obvious place for these files to exist. I'm lost!

The code in my footer, looks like this:

{l s='View Your Account Details' mod='blockvariouslinks'}
{l s='Your Basket' mod='blockvariouslinks'}

I see {$contentdir}... I assume this is where it's decided if whether http or https is used

Thanks in advance for any help

[noesac]

Hi guys, I'm having a real nightmare with this. I just installed SSL and I'm getting this message now in IE.

I tried the instructions above, as well as trying this:

http://www.prestashop.com/forums/viewthread/35274/security/solvedssl_problems/

But this second solution has caused the warning message to come up all over the site now.

I have switched on SSL in the Back Office...what more can I do to isolate the issue?

When I view the source there are so many links still with http (without the S)...but I've tried disabling all these modules and changing their paths to {base_dir_ssl} but no luck!!

[Lory]

Hello,
i am having the same problem that have been discussed in this thread but with the new version of Prestashop v3.0.
As I understood the fix suggested in here is for V1.1.
Can someone help me with the new version?
Thank you very much,
Lory

[noesac]

Hi Lori do you have more details?

[Lory]

Hi Noesac,
thank you for replying. These are the errors I am getting in IE7 and Chrom after I enable SSL from the back office. Please check attached files.
This is my website: www.foneparadise.com.

I am using version 3.0.

Could you suggest me any solutions?

Thank you,
Lory

[noesac]

Hi Noesac,
thank you for replying. These are the errors I am getting in IE7 and Chrom after I enable SSL from the back office. Please check attached files.
This is my website: www.foneparadise.com.

I am using version 3.0.

Could you suggest me any solutions?

Thank you,
Lory

Do you have Statcounter installed? I found that was causing my problems

[Lory]

Hi,
no I don't have that installed. I contacted my hosting company and they said i have to set-up some rewriting rules from http to https on the check-out. have you done something like this?

thanks,
Lory

[noesac]

Hi Lory, I came across three main issues:

1) Statcounter code, I had to register for the SSL code
2) PayPal logo bug (only in 1.3.1)
3) Some of my own images and links weren't secured with {base_dir_ssl}

[Lory]

thank you for your message.
do all the links on the check-out page need to start with https. In this case if someone clicks on home it will be send to a secure home page. But there is no need for the home page to be secure?

[shawtreatment]

After searching for a solution to a variety of issues concerning SSL certs, PayPal Pro and Standard as well as concerns about whether we're havign a server side problem with GoDaddy, AND our site's checkout process, it has all been solved with the suggestions above. I changed Line 153 of the int.php page as suggested and BINGO! All seems to be working.

PayPal integration with SSL isn't as clear cut as one might think. I'm an amateur when it comes to this stuff, but I'm glad I found the answer thanks to everyone in this thread who contributed. I'm sure others are having the similar issues.

I'll keep testing. Thanks!!

[Lory]

After searching for a solution to a variety of issues concerning SSL certs, PayPal Pro and Standard as well as concerns about whether we're havign a server side problem with GoDaddy, AND our site's checkout process, it has all been solved with the suggestions above. I changed Line 153 of the int.php page as suggested and BINGO! All seems to be working.

PayPal integration with SSL isn't as clear cut as one might think. I'm an amateur when it comes to this stuff, but I'm glad I found the answer thanks to everyone in this thread who contributed. I'm sure others are having the similar issues.

I'll keep testing. Thanks!!

Hi shawtreatment,
which version of prestashop are you using?

Thank you,
Lory

[PrestaNoob]

After searching for a solution to a variety of issues concerning SSL certs, PayPal Pro and Standard as well as concerns about whether we're havign a server side problem with GoDaddy, AND our site's checkout process, it has all been solved with the suggestions above. I changed Line 153 of the int.php page as suggested and BINGO! All seems to be working.

PayPal integration with SSL isn't as clear cut as one might think. I'm an amateur when it comes to this stuff, but I'm glad I found the answer thanks to everyone in this thread who contributed. I'm sure others are having the similar issues.

I'll keep testing. Thanks!!

could you share what change you`re working on line 153 of your init.php ? i got error with ssl (mixed content).

thx