Re: https for whole checkout process from login/reg screen ?
 

Thanks for the positive feedback, I'm glad that you find the checkout to be useful and am happy to hear about your returns on investment.

If there's anything you'd like to see additional to the checkout process, such as the recommends tab I will be finishing (hopefully sometime in the near future) I would be glad to hear them.


I'm sorry to say that I don't know what the problem is off hand. In my store at mixtapemp3 I have my https directory symlinked to my http directory, and I can access the cart interchangably with http and https.

I notice in your store you can't even load the https when you put this into the browser. https://www.newcrowd.com/customer/cart.php

It looks like it redirects it to the http automatically, which leads me to believe this has something to do with the way your handling https. If your using mod rewrite for example, you may want to look at your rule set.

Hope that helps.

Not sure what was going on, I got my ISP to reload the cert and all seems to be O.K. again - trouble is they never tell you exactly what they did to fix it.

Anyway thanks for your help - great mod!

John

I just did mine for 4.0.8 and the only way I could keep from gettings errors was not to mod the login or the register.
I hope it keeps working.
Would also like a continue shopping button at the bottem of all the checkout pages.........

With 4.0.8 you won't have to modify the register.php.

If you PM me your ftp details I will mod your login.php for you. Or if you post up the contents of your login.php I will provide you a new login.php you can upload.

My Login.php Maybe this way it will help others...........

#
# $Id: login.php,v 1.86.2.5 2004/09/20 10:08:12 max Exp $
#

@include "../top.inc.php";

if (!defined('XCART_START')) die("ERROR: Can not initiate application! Please check configuration.");

require $xcart_dir."/config.php";

x_session_register("login");
x_session_register("login_type");
x_session_register("logged");
x_session_register("previous_login_date");

x_session_register("login_attempt");
x_session_register("cart");
x_session_register("intershipper_recalc");
x_session_register("extended_userinfo");

x_session_register("merchant_password");

$merchant_password = "";

$login_error = false;

switch ($redirect) {
case "admin":
$redirect_to = DIR_ADMIN;
break;
case "provider":
$redirect_to = DIR_PROVIDER;
break;
case "partner":
$redirect_to = DIR_PARTNER;
break;
case "customer":
default:
$redirect_to = DIR_CUSTOMER;
}

$redirect_to = $current_location.$redirect_to;

if ($REQUEST_METHOD == "POST") {
$intershipper_recalc = "Y";
if ($mode == "login") {

$username = $HTTP_POST_VARS["username"];
$password = $HTTP_POST_VARS["password"];


$user_data = func_query_first("SELECT * FROM $sql_tbl[customers] WHERE login='$username' AND usertype='$usertype' AND status='Y'");

$allow_login = true;

if ($usertype == 'A' || ($usertype == "P" && $active_modules["Simple_Mode"])) {
$iplist = array_unique(split('[ ,]+', $admin_allowed_ip));
$iplist = array_flip($iplist);
unset($iplist[""]);
$iplist = array_flip($iplist);
if (count($iplist) > 0)
$allow_login = in_array($REMOTE_ADDR, $iplist);
}

if (!empty($user_data) && $password == text_decrypt($user_data["password"]) && !empty($password) && $allow_login) {
#
# Success login
#
x_session_register("login_change");
if ($user_data["change_password"] == "Y") {
$login_change["login"] = $user_data["login"];
$login_change["login_type"] = $usertype;
func_header_location($redirect_to."/change_password.php");
}
x_session_unregister("login_change");

$login = $user_data["login"]; //$username;
$login_type = $usertype;
$logged = "";
if ($usertype == "C") {
x_session_register("login_redirect");
$login_redirect = 1;
}

#
# 1) generate $last_login by current timestamp and update database
# 2) insert entry into login history
#
$tm = time();

$previous_login_date = func_query_first_cell("SELECT last_login FROM $sql_tbl[customers] WHERE login='$login'");
if ($previous_login_date == 0)
$previous_login_date = $tm;

db_query("UPDATE $sql_tbl[customers] SET last_login='$tm' WHERE login='$login'");
db_query("REPLACE INTO $sql_tbl[login_history] (login, date_time, usertype, action, status, ip) VALUES ('$username','$tm','$usertype','login','success',' $REMOTE_ADDR')");

#
# Merchant password
#
if (($usertype == 'A' || ($usertype == "P" && $active_modules["Simple_Mode"])) && $mpassword) {
if ($config['mpassword'] == md5($mpassword)) {
$merchant_password = $mpassword;
}
else {
$merchant_password = "";
$wrong_merchant_password = true;
}
}
unset($mpassword);

#
# Set cookie with username if Greet visitor module enabled
#

if (!empty($active_modules["Greet_Visitor"]))
include $xcart_dir."/modules/Greet_Visitor/set_cookie.php";


#
# If shopping cart is not empty then user is redirected to cart.php
# Default password alert
#
if ($login_type == "A" || $login_type == "P") {
$to_url = (!empty($active_modules["Simple_Mode"]) || $login_type == "A" ? $xcart_catalogs["admin"] : $xcart_catalogs["provider"])."/home.php";
$current_area = $login_type;
include $xcart_dir."/include/get_language.php";
}

$default_accounts = func_check_default_passwords($login);

if (!empty($default_accounts)) {
$current_area = $login_type;
$txt_message = strip_tags(func_get_langvar_by_name("txt_your_pass word_warning_js"));
$txt_continue = strip_tags(func_get_langvar_by_name("lbl_continue" ));
$javascript_message =<<<JS
<SCRIPT language='JavaScript'>
alert('$txt_message');
self.location='$to_url';
</SCRIPT>
$txt_message



$txt_continue
JS;
}
elseif ($usertype == "A" || !empty($active_modules["Simple_Mode"])) {
$default_accounts = func_check_default_passwords();
if (!empty($default_accounts)) {
$txt_message = strip_tags(func_get_langvar_by_name("txt_default_p asswords_warning_js", array("accounts"=>implode(", ", $default_accounts))));
$txt_continue = strip_tags(func_get_langvar_by_name("lbl_continue" ));
$javascript_message =<<<JS
<SCRIPT language='JavaScript'>
alert('$txt_message');
self.location='$to_url';
</SCRIPT>
$txt_message



$txt_continue
JS;
}
}

if ($login_type == "C" && $user_data["cart"] && func_is_cart_empty($cart))
$cart = unserialize($user_data["cart"]);

if ($login_type == "C" || $login_type == "B") {
if (!func_is_cart_empty($cart)) {
if(strpos($HTTP_REFERER, "mode=auth") === false) {
func_header_location($redirect_to."/cart.php");
} else {
func_header_location($redirect_to."/cart.php?mode=checkout");
}
} elseif (!empty($HTTP_REFERER)) {
if((strncasecmp($HTTP_REFERER,$http_location,strle n($http_location))==0 || strncasecmp($HTTP_REFERER,$https_location,strlen($ https_location))==0) &&
strpos($HTTP_REFERER,"error_message.php")===false &&
strpos($HTTP_REFERER,'secure_login.php')===false &&
strpos($HTTP_REFERER,".php")!==false) {
func_header_location($redirect_to.strrchr($HTTP_RE FERER, "/"));
}
}
func_header_location($redirect_to."/home.php");
}

if ($wrong_merchant_password) {
func_header_location ("error_message.php?wrong_merchant_password");
}
if (($usertype == 'A' || ($usertype == 'P' && $active_modules["Simple_Mode"])) && $merchant_password) {
$current_area = $usertype;
func_data_recrypt();
}

if (($config["General"]["default_pwd"] == "Y") and !empty($javascript_message) and $admin_safe_mode == false) {
x_session_save();
echo $javascript_message;
exit;
}
else {
func_header_location($redirect_to."/home.php");
}
}
else {
#
# Login incorrect
#
$login_status = "failure";

if (!$allow_login)
$login_status = "restricted";

if (!func_query_first("SELECT login FROM $sql_tbl[login_history] WHERE login='$username' AND date_time='".time()."'"))
db_query("REPLACE INTO $sql_tbl[login_history] (login, date_time, usertype, action, status, ip) VALUES ('$username','".time()."','$usertype','login','$lo gin_status', '$REMOTE_ADDR')");

if ($redirect == "admin" || (@$active_modules["Simple_Mode"] == "Y" && $redirect == "provider") && $config['Email_Note']['eml_login_error'] == 'Y') {
#
# Send security alert to website admin
#
@func_send_mail($config["Company"]["site_administrator"], "mail/login_error_subj.tpl", "mail/login_error.tpl", $config["Company"]["site_administrator"], true);

}

#
# After 3 failures redirects to Recover password page
#
$login_attempt++;
if ($login_attempt >= 3) {
$login_attempt = "";
func_header_location($redirect_to."/help.php?section=Password_Recovery");
}
else
func_header_location($redirect_to."/error_message.php?login_incorrect");
}
}
}


if ($mode == "logout") {
#
# Insert entry into login_history
#
db_query("REPLACE INTO $sql_tbl[login_history] (login, date_time, usertype, action, status, ip) VALUES ('$login','".time()."','$login_type','logout','suc cess','$REMOTE_ADDR')");

$old_login_type = $login_type;
$login = "";
$login_type = "";
$cart = "";
$extended_userinfo = "";
$access_status = "";
$merchant_password = "";
x_session_unregister("hide_security_warning");
}

if ($old_login_type == 'C') {
if (!empty($HTTP_REFERER) && (strncasecmp($HTTP_REFERER, $http_location, strlen($http_location)) == 0 || strncasecmp($HTTP_REFERER, $https_location, strlen($https_location)) == 0)) {
if (strpos($HTTP_REFERER, "mode=order_message") === false &&
strpos($HTTP_REFERER, "returns.php") === false &&
strpos($HTTP_REFERER, "orders.php") === false &&
strpos($HTTP_REFERER, "giftreg_manage.php") === false &&
strpos($HTTP_REFERER, "order.php") === false &&
strpos($HTTP_REFERER, "register.php?mode=delete") === false &&
strpos($HTTP_REFERER, "register.php?mode=update") === false) {
func_header_location($redirect_to.strrchr($HTTP_RE FERER, "/"));
}
}
}

func_header_location($redirect_to."/home.php");

?>

Please post inside of code tags.

Just highlight your text and click the Code formatting button.

Makes it much easier to read.

For 4.0.8 login.php

FIND:

Replace with:

Continue Shopping Button
 

Hi Jon, great service you're providing here - X-Cart should put you on the payroll.

Jmell asked about putting a 'Continue Shopping' button on the bottom of each checkout page on your cart mod. I would like that as well; I know a buyer can click on the top tabs, but it's not very intuitive.

Also, I love the design of your emails - could you let us know where the style sheets are to modify the fonts? As standard the HTML emails are all over the place. Where did you place the code for your email footers?

Sorry to be so demanding! :lol:

Thanks in advance.

That did it.
It's a must have Mod thanks.
http://onlinemacs.com/

To put a continue shopping button, you can place this code on your skin1/customer/home_checkout.tpl where you want it to appear.


What I did for my emails was edit:

/skin1/mail/html/mail_header.tpl

and

/skin1/mail/html/signature.tpl

That puts information above and below the actual emails.[/code]