Re: NEW xcart template - xtreme Gear
 

hi, will, i got another problem that the register.php is not under https even i chosed the https option in general setting, the log in page is ok, only register.php, i contact xcart they said it's because my customer skin of some insecure items cause it, can you help, thanks

albert

Re: NEW xcart template - xtreme Gear
 

xTreme has issues with insecure images.
use <img src="{$AltImagesDir}/custom/
(or other secure directory)
for your images.

you can't use the xtreme images directory path as-is

Re: NEW xcart template - xtreme Gear
 

Hi Albert,

Our template does not affect php files - so I can't see exactly how this is a template problem.
Have you setup your https URL in your config file - and do you have your SSL cert installed correctly?
Send your issue through to our support system so we can investigate further.

regards
W.

Re: NEW xcart template - xtreme Gear
 

Will, look at Ticket: #TDL-432-88091
That will explain how xTreme is serving insecure images on https pages.
I solved this by not using the xTreme file paths and using {$ImagesDir} or {$AltImagesDir} to serve images that may be used while in https.

J

Re: NEW xcart template - xtreme Gear
 

hi, will, i just submitted a ticket #WUW-974-22531, thanks for the help.

albert

Re: NEW xcart template - xtreme Gear
 

config file was set up correctly and i ask my server guy to double check the ssl which is set up correctly, so i believe it's the insecure images, thanks

albert

Re: NEW xcart template - xtreme Gear
 

xTreme owners:

If you bought your copy of xTreme after February 2013, you may want to be certain the Feb 2013 security patches are/were applied...

I discovered some discrepancies between xTreme and my old 4.5.4 template -- So I asked TXS support why the difference, and they told me my files were defective (and had bad html)... but I kept digging.

http://forum.x-cart.com/showthread.php?p=361459
http://forum.x-cart.com/showthread.php?t=66153

SO I now have to patch xTreme. Hope it doesn't break related templates.
Great. Backing up now.

Will, please look at ticket: #WDJ-813-41306
(and try not to cringe when you read the part about "commenting" the code - I held my tongue!)

Will, PLEASE for the benefit of the next xTreme customer, add this to your docs:

"Thank you for purchasing our Xtreme Gear template for xcart version 4.5.x -- please note, you will need to ensure the security patches from 2013-02-12 need to be applied┘ you can download the patch from your xcart file area."

4.5.5 default xcart distribution has this patch (4.5.4 and earlier need it) - but xTreme 4.5.x does not...

ALWAYS backup first!

Re: NEW xcart template - xtreme Gear
 

After all that...

One file needs to be patched in xTreme Gear:

/skin/xtreme_gear/customer/main/register.tpl

Re: NEW xcart template - xtreme Gear
 

hi, i modified the file of register:

<form action="{$register_script_name}?{$php_url.query_st ring|escape}"


but the register.php still no lockpad, any idea why, thanks

albert

Re: NEW xcart template - xtreme Gear
 

Albert,
Use firebug.
Identify the insecure images.
Most likely, they are xtreme placed images in /images/directory.
Don't use these images.
Instead, hard code the images to a path, such as:

<img src="{$AltImagesDir}/custom/

This is not a tutorial in how to hard code an image --
The point of this is to explain that xTreme's images if placed using the interface, will not be secure at https.
So simply hard code image paths to a skin images dir, such as $ImagesDir or $AltImagesDir

Got it?