I wanted the
entire admin section to be https, so I added the following to admin/auth.php:
Code:
# Force the admin section to be secure
if($HTTPS != "on"){
$xcart_host = ($HTTPS == "on" ? $xcart_https_host : $xcart_http_host);
$pos = strpos($xcart_host, "/");
$dir = $pos !== false ? substr($xcart_host, $pos) : "";
$current_script = substr($REQUEST_URI, strlen($dir) + strlen($xcart_web_dir));
$additional_query = ($QUERY_STRING?"&":"?").(strstr($QUERY_STRING,"XCARTSESSID")?"":"XCARTSESSID=$XCARTSESSID");
header("Location: $https_location".$current_script.$additional_query);
}
Now if you visit the admin section at http you are redirected to https. So far so good.
Brian