Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Force HTTPS administration

 
Reply
   X-Cart forums > X-Cart 4 > Dev Questions
 
Thread Tools Search this Thread
  #11  
Old 12-09-2003, 08:56 AM
  leon's Avatar 
leon leon is offline
 

X-Wizard
  
Join Date: Mar 2003
Location: Costa Rica
Posts: 1,213
 

Default

I havent thought of using HTTPS yet, but I can see the importance now, so how can I make this done or configured on a VPS?
__________________
It doesn\'t matter what is done... it is how it is done.
=============================
XCart Version: 3.5.3 -> Dmcigars.com
XCart Version: 4.1.3....
Reply With Quote
  #12  
Old 12-09-2003, 10:00 AM
  shan's Avatar 
shan shan is offline
 

X-Guru
  
Join Date: Sep 2002
Location: Birmingham, UK
Posts: 6,163
 

Default

If your talking about using a system where your users are sent to a different company who deals with the payment part of the sale then they should take care of the secure side themselves
__________________
Looking for a reliable X-cart host ?
You wont go wrong with either of these.

EWD Hosting
Hands On Hosting
Reply With Quote
  #13  
Old 12-09-2003, 05:06 PM
  leon's Avatar 
leon leon is offline
 

X-Wizard
  
Join Date: Mar 2003
Location: Costa Rica
Posts: 1,213
 

Default

I think that's what I will have to do for the moment, but in the meanwhile do you know how to set it up (SSL) on a VPS ?
__________________
It doesn\'t matter what is done... it is how it is done.
=============================
XCart Version: 3.5.3 -> Dmcigars.com
XCart Version: 4.1.3....
Reply With Quote
  #14  
Old 12-12-2003, 03:32 AM
  kangus's Avatar 
kangus kangus is offline
 

Senior Member
  
Join Date: Feb 2003
Posts: 160
 

Default the position of the include seems to make a difference

With 3.5.1 I tried the https include before the require's and it fails

But this seems to work.

# $Id: orders.php,v 1.17 2003/08/11 10:44:46 svowl Exp $
#
require "./auth.php";
require $xcart_dir."/include/security.php";

if ($config["General"]["secure_store"]=="Y"){
@include "../customer/https.php";
}

Then add this to the database
INSERT INTO `xcart_config` VALUES ('secure_store', 'Enable Secure Store', 'Y', 'General', 5, 'checkbox', 'Y');

And modify https.php with:

if ($config["General"]["secure_store"]=="Y"){
$https_scripts = array("register.php","cart.php?mode=checkout","ord ers.php","order.php");
}
else{
$https_scripts = array();
}

I move the UNTOUCHED original files into my "patch" backup directory and add them to my "Patch-setup" script - before I patch I copy all changed files from the site with directory paths and replace them with these backups - If I need to, if the file name in not in the file.lst with the patch then the script by-passes the file.
Reply With Quote
  #15  
Old 01-29-2004, 02:52 AM
 
garryhs garryhs is offline
 

Senior Member
  
Join Date: Sep 2002
Location: Australia
Posts: 159
 

Default Entire Store in HTTPS (Customers & Admin) ???

Hi all,

In this thread I was reading how to change the entire store to HTTPS.

Can somebody shed some light on this.

I think it is great, and have just made the changes to 3.4.11 and it works perfect so far.

Why is this not common practice ??? Is this a performance thing ??? Will my Web Host provider complain ???

Please tell me why it should not be HTTPS....

Garry
__________________
All versions of X-Cart

Been in eCommerce 10 years, Coding, PM, SEO, Social. X-Cart 11 years. IT 30+ years.

Head of Web Dev for Australia's largest eCommerce 2 years.

Attended conferences, Velocity 2009 US, CeBit 2009, MySQL 2010 US, Online Retailer 2010, Web 2.0 2011 US, MySQL 2012 US (Percona).

Specialise in High Performance, High Volume, PHP, MySQL, HTML, CSS, JAVASCRIPT, SMARTY, MEMCACHED, APACHE, LIGHTTPD, FREEBSD, LINUX.

Email your requests to xcart@gazwebtech.com
Reply With Quote
  #16  
Old 01-29-2004, 07:19 AM
  kangus's Avatar 
kangus kangus is offline
 

Senior Member
  
Join Date: Feb 2003
Posts: 160
 

Default HTTPS

You should only enable HTTPS on personal information and ADMIN functions that expose personal information. Encrypting everything sucks CPU so if you what your customers to have a snappy response only use HTTPS on personal information and ADMIN functions.
Reply With Quote
Reply
   X-Cart forums > X-Cart 4 > Dev Questions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 02:04 AM.

   

 
X-Cart forums © 2001-2020