X-Cart: shopping cart software
Page 2 of 2 < 1 2
Show 40 posts from this thread on one page

X-Cart forums (https://forum.x-cart.com/index.php)
-   Changing design (https://forum.x-cart.com/forumdisplay.php?f=51)
-   -   Is there a way to use an external header.php file for the admin section? (https://forum.x-cart.com/showthread.php?t=38780)

geckoday 04-03-2008 06:44 AM
Re: Is there a way to use an external header.php file for the admin section?
 
Quote:
Originally Posted by balinor
While I understand what you are trying to do, this can/will result in one of those nasty 'The site isn't secure' warnings when in https mode if the images or any other info is being called from an outside source. Just FYI :)
An outside source has nothing to do with the secure warnings. A lot of us include google JS code for analytics on our secure pages without a problem. In this case it has even less to do with secure warnings as its a server side include, not a client side include which are the includes that generate security warnings.

The header PHP code would need to generate appropriate href's for http & https to avoid secure warning messages but that's really a moot point. The error message indicates that PHP is configured to not allow includes via URL's - i.e. it only allows local includes. Most hosts do this as a security measure to limit hacker exploits from grabbing malicious code from external servers.

balinor 04-03-2008 06:48 AM
Re: Is there a way to use an external header.php file for the admin section?
 
I disagree. Call an image from http://anotherdomain.com and you WILL get a warning.

exsecror 04-03-2008 07:19 AM
Re: Is there a way to use an external header.php file for the admin section?
 
Quote:
Originally Posted by geckoday
An outside source has nothing to do with the secure warnings. A lot of us include google JS code for analytics on our secure pages without a problem. In this case it has even less to do with secure warnings as its a server side include, not a client side include which are the includes that generate security warnings.

The header PHP code would need to generate appropriate href's for http & https to avoid secure warning messages but that's really a moot point. The error message indicates that PHP is configured to not allow includes via URL's - i.e. it only allows local includes. Most hosts do this as a security measure to limit hacker exploits from grabbing malicious code from external servers.

That's because the Google Analytics code automatically switches to SSL when you're in SSL mode hence why you don't get the warning. I agree with balinor it causes problems and a lot of customers who are not well informed about security will be automatically turned off should they get a warning about "Insecure Content" on the page and a broken lock.

geckoday 04-03-2008 07:21 AM
Re: Is there a way to use an external header.php file for the admin section?
 
Quote:
Originally Posted by balinor
I disagree. Call an image from http://anotherdomain.com and you WILL get a warning.
External <> security errors.
Calling an external file wrong causes security errors.
You should call an external file using http when in not in secure mode and using https when in secure mode - thats easy to do and as I mentioned is done for google analytics.
Code:
<script src="{if $smarty.server.HTTPS eq "on"}https://ssl{else}http://www{/if}.google-analytics.com/urchin.js" type="text/javascript">
But that's NOT what AgentBristow was trying to do. He was trying to include php code server side which is a whole different kettle of fish.

kube 04-03-2008 08:30 AM
Re: Is there a way to use an external header.php file for the admin section?
 
Quote:
Originally Posted by geckoday
He was trying to include php code server side which is a whole different kettle of fish.

True. Until the header code itself contains insecure external urls which may or may not be the case.


All times are GMT -8. The time now is 03:01 PM.
Page 2 of 2 < 1 2
Show 40 posts from this thread on one page

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.