X-Cart forums

[fusionartstamps]

I'm storing the credit card numbers of customers and can access them via the x-cart admin page. Is there a way to make the admin section have https?

-Amy

[shan]

All you need to do is access your admin by the https value and it should work the same but be secure.

This should be done as standard realy

[fusionartstamps]

Gracias Senor!!!

Amy

[tlieberman]

Add to the top of admin/auth.php:

Defines $REQUEST_URI (since IIS doesn't provide it). I'm not sure if apache provides $_SERVER['HTTPS'], but you can do some string manipulation to determine whether the client is using ssl or not.

Anyway, if https is not active, it redirects to the secure version

Code:

$REQUEST_URI=$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']; #For IIS's sake
if($_SERVER['HTTPS'] == 'off'){
	Header("Location: $https_location".substr($REQUEST_URI, 1, strlen($REQUEST_URI)-1)); 
}