X-Cart forums

[SystemSkins]

It was receintly brought to my attention that my page has secure and non-secure items when in https. I use FF and this warning doesnt pop up in my browser so I never knew but it does in IE.

I know what the problem is... All of my product images and thumbnails are not in the {ImagesDir} but are referenced in an image folder (http://www.systemskins.com/images). I had done this long before I had X-cart and figured why should I move them if when creating a product it asks me for the url anyways. These same images are linked to in all of my eBay auctions as well.

Is there a quick fix to this? or am I going to have to move all the images into the /skin1/images/ folder and edit all 500+ products and change the paths of the image and thumbnail?


Doug

[gb2world]

If you have the http harcoded into your pages, I think IE will give you that error on an https page. Have you tried calling the images without using the full url? In other words: <img src="images/myimage.gif" alt=""> as opposed to <img src="http://www.systemskins.com/images/myimage.gif" alt="">

[SystemSkins]

no no... When I created all my 500+ products, the 2 spots where you add a product image and the product thumbnail. Theres a button that allows you to browse to a url for the images. I inputted the url of my images that I already had stored on my server for my eBay images. http://www.systemskins.com/images/image.gif and http://www.systemskins.com/images/thumbnails/image.gif etc.

However, now when you view the product page when you are in https:// you will get a warning of, "this page has secure and insecure items, do you wish to proceed" or something of that nature.

Understand now?

Is there a way to fix this without having to change the link (in the add/search products admin area) in every product that I have? Like somehow taking my www.systemskins.com/images folder and making it secure or something?

[gb2world]

Oh - sorry. I assumed you had modified your checkout page to include images - those are the ones that have https.

I am not sure that you need to have https on a product page. Is that something you require?

[SystemSkins]

No it's not... but if someone goes into checkout mode and then continues to shop you are in https mode because I have it checked in admin that you cant go back and forth from http to https.

But regardless... I'm not sure your catching my drift... anyone know a way to fix this?

[gb2world]

It does not have to stay in https unless you want it to.

You can unselect Do not redirect customers from HTTPS to HTTP in
in general settings->security options

If you want to stay in https - you could try to change the hard links in the database. I'll stop trying to help you now.

[SystemSkins]

I only have that option selected because it was part of the security checklist on these forums to have it checked. I don't know why... Security hole maybe? If doesn't hurt anything then I can uncheck it... Why is this recommended to leave checked?

You don't need to stop helping me, not trying to offend you or anything. Just wasn't sure you were understanding what I meant.

[gb2world]

I think I understand - but I am not set up this way, so I can't verify my suggestions. Maybe you do need someone else to help.

Also read in these forums that running in https causes loading on the server, so we both need somone else to explain why it may be a security issue to stop using https when you come back to using http after https access.

My other suggestion - don't know if it will work - was to try changing the hard http links in the images_T and images_P tables in the db to remove the http://. If you are lucky, then the generated html won't have it either, and IE may be okay with it. You could try it on one item, if it works, then you could use a sql query to update all of them at once.