X-Cart: shopping cart software
Page 2 of 2 < 1 2
Show 40 posts from this thread on one page

X-Cart forums (https://forum.x-cart.com/index.php)
-   Dev Questions (https://forum.x-cart.com/forumdisplay.php?f=20)
-   -   Force HTTPS administration (https://forum.x-cart.com/showthread.php?t=2219)

leon 12-09-2003 08:56 AM
I havent thought of using HTTPS yet, but I can see the importance now, so how can I make this done or configured on a VPS?

shan 12-09-2003 10:00 AM
If your talking about using a system where your users are sent to a different company who deals with the payment part of the sale then they should take care of the secure side themselves

leon 12-09-2003 05:06 PM
I think that's what I will have to do for the moment, but in the meanwhile do you know how to set it up (SSL) on a VPS ?

kangus 12-12-2003 03:32 AM
the position of the include seems to make a difference
 
With 3.5.1 I tried the https include before the require's and it fails

But this seems to work.

# $Id: orders.php,v 1.17 2003/08/11 10:44:46 svowl Exp $
#
require "./auth.php";
require $xcart_dir."/include/security.php";

if ($config["General"]["secure_store"]=="Y"){
@include "../customer/https.php";
}

Then add this to the database
INSERT INTO `xcart_config` VALUES ('secure_store', 'Enable Secure Store', 'Y', 'General', 5, 'checkbox', 'Y');

And modify https.php with:

if ($config["General"]["secure_store"]=="Y"){
$https_scripts = array("register.php","cart.php?mode=checkout","ord ers.php","order.php");
}
else{
$https_scripts = array();
}

I move the UNTOUCHED original files into my "patch" backup directory and add them to my "Patch-setup" script - before I patch I copy all changed files from the site with directory paths and replace them with these backups - If I need to, if the file name in not in the file.lst with the patch then the script by-passes the file.

garryhs 01-29-2004 02:52 AM
Entire Store in HTTPS (Customers & Admin) ???
 
Hi all,

In this thread I was reading how to change the entire store to HTTPS.

Can somebody shed some light on this.

I think it is great, and have just made the changes to 3.4.11 and it works perfect so far.

Why is this not common practice ??? Is this a performance thing ??? Will my Web Host provider complain ???

Please tell me why it should not be HTTPS....

Garry

kangus 01-29-2004 07:19 AM
HTTPS
 
You should only enable HTTPS on personal information and ADMIN functions that expose personal information. Encrypting everything sucks CPU so if you what your customers to have a snappy response only use HTTPS on personal information and ADMIN functions.


All times are GMT -8. The time now is 09:12 PM.
Page 2 of 2 < 1 2
Show 40 posts from this thread on one page

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.