X-Cart: shopping cart software
Page 1 of 2 1 2 >
Show 40 posts from this thread on one page

X-Cart forums (https://forum.x-cart.com/index.php)
-   Dev Questions (https://forum.x-cart.com/forumdisplay.php?f=20)
-   -   Force HTTPS administration (https://forum.x-cart.com/showthread.php?t=2219)

lixy 04-08-2003 07:48 PM
Force HTTPS administration
 
How can I force all admin sessions to be conducted via HTTPS? I want any admin attempting to access the admin area using HTTP to be redirected to the HTTPS login area.

B00MER 04-08-2003 09:08 PM
I do this to my admin/orders.php and provider/oders.php as sensitive info is stored with the customers cc so I add the following include at the top of the orders.php:

Code:
@include "../customer/https.php";

And make adjustments in customer/https.php:

Code:
$https_scripts = array("orders.php","cart.php");

You'll need to add the include on every area in the admin you want secure so if it is hit with http it will switch over, you'll also need to add the filename of the admin php script your wanting to secure, note ive got orders.php in my $https_scripts array.

hth. ;)

lixy 04-09-2003 10:38 AM
Boomer, that worked perfect! Thanks alot for the help.

brian 04-11-2003 12:20 PM
I wanted the entire admin section to be https, so I added the following to admin/auth.php:

Code:
# Force the admin section to be secure
if($HTTPS != "on"){
        $xcart_host = ($HTTPS == "on" ? $xcart_https_host : $xcart_http_host);
        $pos = strpos($xcart_host, "/");                                                                                                                 
        $dir = $pos !== false ? substr($xcart_host, $pos) : "";
        $current_script = substr($REQUEST_URI, strlen($dir) + strlen($xcart_web_dir));
        $additional_query = ($QUERY_STRING?"&":"?").(strstr($QUERY_STRING,"XCARTSESSID")?"":"XCARTSESSID=$XCARTSESSID");
        header("Location: $https_location".$current_script.$additional_query);
}


Now if you visit the admin section at http you are redirected to https. So far so good.

Brian

lixy 04-14-2003 07:05 AM
Brian,

That is exactly what I was looking for - thanks alot. Forced SSL Admin working 100%

jolandia 05-22-2003 12:30 PM
Thanks a lot, I tried this as well and it seems to work fine! I haven't tested it extensively, but I assume that in theory there should be no way now to access the admin functions without https? Obviously this is very important with regard to credit card details, as we all appreciate. :o

e1front 06-25-2003 09:39 PM
works 100% but now i can't generate sql files
 
When i click on the "generate db"

the dialog box asks me if i want to save or open,
i tryed both

then a new dialog box opens with the following message

Quote:
getting file information
db_backup.php

then after a minute I get this message,

Quote:
Internet Explorer cannot download db_backup.php from www.yoursite.com
Internet Expolrer wasn't able to open this internet site.
The requested site is either unavailable or cannot be found. Please try again later.


Quote:
if($HTTPS != "on"){
$xcart_host = ($HTTPS == "on" ? $xcart_https_host : $xcart_http_host);
$pos = strpos($xcart_host, "/");
$dir = $pos !== false ? substr($xcart_host, $pos) : "";
$current_script = substr($REQUEST_URI, strlen($dir) + strlen($xcart_web_dir));
$additional_query = ($QUERY_STRING?"&":"?").(strstr($QUERY_STRING,"XCA RTSESSID")?"":"XCARTSESSID=$XCARTSESSID");
header("Location: $https_location".$current_script.$additional_query );
}
# end of code
when i ereased this piece of code, The "generate SQL file worked fine ....

So how can i work out this conflict???
please help

Chris B 11-04-2003 10:39 AM
Forced administration ssl
 
Make sure your database has a connection via localhost.

I've seen this problem when x-cart is making a database connection via a URL or IP address.

(Therefore, the data is being transferred through an insecure connection.)

nfc5382 11-26-2003 07:32 AM
i just modified the following for complete https access:

customer/https.php:

Code:
# everything https
function is_https_link($link, $https_scripts) {
        return true;
}


and for admin login - admin/auth.php:

add this to the top:
Code:
@include "../customer/https.php";


i just added the support for admin login but I have been using the whole site as https b/c many customers complained about portions of the site not secure. Personally I think they are parinoid, but if it will make them happy i'll accomodate for them!

kangus 12-07-2003 03:36 PM
3.5.1 does not work with HTTPS
 
Fatal error: Cannot redeclare is_https_link() (previously declared in /home/nquest/public_html/store/customer/https.php:54) in /home/nquest/public_html/store/customer/https.php on line 54


All times are GMT -8. The time now is 07:28 AM.
Page 1 of 2 1 2 >
Show 40 posts from this thread on one page

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.