http:// and https:// Problem

[richkoi]

We are having security problems with our online store. Our checkout page is returning port 80, even though https:// is being used:

https://www.bambooheadquarters.com/s...rt/payment.php (There is a chunk of code in this page that shows the port: )

I set up a test page to see if this was a problem with the secure server, but the test returned port 443.

https://www.bambooheadquarters.com/ip.php

Why is our payment.php page not showing port 443? This is a problem as it displays our page as being not secure.

Thanks,

Rich

[steve0]

Which web server are you using? and which Control Panel are you using?

If the web server is apache..
check the config file (httpd.conf)

Some CP's use a different directory (httpsdoc vs httpddocs) for 443, so you may want to check that as well..

[Islands]

richkoi ...we are getting a "not trusted" return when going to the URL. Suggest you contact Starfield about the installation. Also, the page contains both secure and non-secure items. This is usually because of links to images which are not https://

Mel

[spiderbait]

I think all of the identified problems may possibly be caused by the following piece of code:

Code:

	  	
	  	<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
		</script>
		<script type="text/javascript">
		_uacct = "UA-255468-1";
		urchinTracker();
		</script>

It is calling a non-https URL which causes the security warning and it includes a comment tag with reference to Port:80. I doubt the comment tag is the problem, but is it possibly indicating that the script will attempt to use Port:80?

[spiderbait]

For what it's worth, I thought I'd mention that many pages in your shopping cart are exhibiting a very bizarre jumpiness behavior when mousing over links.

I'm using IE6 and the page is jumping back and forth sideways (it seems to be related to the left side bamboo border) when I run my mouse over links or "buy now" buttons.

[bwn]

He found why the pop up is coming show secure and unsecure items, up but not why the lock isn't showing, I am in explorer and see an error display on the lower left click on it and there are several errors showing plus the expected line it is looking for the code. It looks like there is missing code for the https to show correctly

[cyanide]

This is a common problem and usually involves images.
However, in your case, it looks like spiderbait has the right idea. Google Analytics is the culprit.

Replace
http://www.google-analytics.com/urchin.js
With
https://ssl.google-analytics.com/urchin.js

And you should be good to go

[richkoi]

I have tried getting rid of the Google Analytics code all together and that does not fix the problem. As you can see, the secure server seems to be working:

https://www.bambooheadquarters.com/ip.php

It just does not work for that page for whatever reason. Does anybody know why the server port would change on that particular page?

I wrote a script in PHP to try to remove the analytics code from secure pages by detecting the port before displaying the code, so I do not think the analytics code is the problem.

[cyanide]

Why don't you remove the analytics code altogether, then let us have a look.

[richkoi]

Ok, Google Analytics is off.

[richkoi]

I changed some absolute links to relative links. I am just not sure what the correct format would be. That fixed the broken lock problem, however, port is still showing 80.

Maybe I am messing up the relative links? What's the best way to make links relative across multiple directory levels?

A) ../image/image.jpg
B) /image/image.jpg
C) image/image.jpg
D) ../../../../../image/image.jpg

[cyanide]

ok, removing the analytics code fixed the "this page contains insecure items" error in IE.

However that error will reappear on this page
https://www.bambooheadquarters.com/bamboo.php
because of the iframe.

No need to mess with the images, because they are not causing the problem

[drummin]

Quote:

Maybe I am messing up the relative links? What's the best way to make links relative across multiple directory levels?

I'm no expert, but this is what I've found...
As far as images/css/js files etc. make copies for your https folder. When setting up SSL certificate did you specify shared properties? If you didn't all parts of your pages should be in your https folder on your server.

I found no way to successfully "back out" of a https folder and enter a http folder. When making links back to non-secure areas, use full URL's... http://www.mysite.com/page.php

Just a thought...
Best to ya.
Drummin

[colr]

Are you sure it's not a browser problem?

If you put a https:// URL in your browser, the browser should select port 443 before it even contacts the server.

What platform are you using on both the client and server end?

colr__

[richkoi]

I am using a server side script to get the port, so I do not think it is a browser issue.

[richkoi]

I figured it out. I was using:

<? include("http://www.bambooheadquarters.com/footer.php"); ?>

...in my template. Notice how the http:// would not change even if you were on a secure page because the PHP script is server side!

D'OH!

I wrote a script to detect if the site was secure or not and it would change the http:// to https:// automatically. For you PHP buffs, I used the "$serverport = $_SERVER['SERVER_PORT'];" variable to write an if statement.

Lesson learned. Thanks for all your help everyone. Hope someone learns from my mistakes.

Rich