Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Force HTTPS administration

 
Reply
   X-Cart forums > X-Cart 4 > Dev Questions
 
Thread Tools Search this Thread
  #1  
Old 04-08-2003, 07:48 PM
 
lixy lixy is offline
 

Advanced Member
  
Join Date: Apr 2003
Posts: 41
 

Default Force HTTPS administration

How can I force all admin sessions to be conducted via HTTPS? I want any admin attempting to access the admin area using HTTP to be redirected to the HTTPS login area.
Reply With Quote
  #2  
Old 04-08-2003, 09:08 PM
  B00MER's Avatar 
B00MER B00MER is offline
 

X-Guru
  
Join Date: Sep 2002
Location: Keller, TX (Cart-Lab.com)
Posts: 3,165
 

Default

I do this to my admin/orders.php and provider/oders.php as sensitive info is stored with the customers cc so I add the following include at the top of the orders.php:

Code:
@include "../customer/https.php";

And make adjustments in customer/https.php:

Code:
$https_scripts = array("orders.php","cart.php");

You'll need to add the include on every area in the admin you want secure so if it is hit with http it will switch over, you'll also need to add the filename of the admin php script your wanting to secure, note ive got orders.php in my $https_scripts array.

hth.
__________________
Cart-Lab - 100+ Social Bookmarks for X-Cart.
Reply With Quote
  #3  
Old 04-09-2003, 10:38 AM
 
lixy lixy is offline
 

Advanced Member
  
Join Date: Apr 2003
Posts: 41
 

Default

Boomer, that worked perfect! Thanks alot for the help.
Reply With Quote
  #4  
Old 04-11-2003, 12:20 PM
  brian's Avatar 
brian brian is offline
 

Member
  
Join Date: Jan 2003
Posts: 28
 

Default

I wanted the entire admin section to be https, so I added the following to admin/auth.php:

Code:
# Force the admin section to be secure if($HTTPS != "on"){ $xcart_host = ($HTTPS == "on" ? $xcart_https_host : $xcart_http_host); $pos = strpos($xcart_host, "/"); $dir = $pos !== false ? substr($xcart_host, $pos) : ""; $current_script = substr($REQUEST_URI, strlen($dir) + strlen($xcart_web_dir)); $additional_query = ($QUERY_STRING?"&":"?").(strstr($QUERY_STRING,"XCARTSESSID")?"":"XCARTSESSID=$XCARTSESSID"); header("Location: $https_location".$current_script.$additional_query); }


Now if you visit the admin section at http you are redirected to https. So far so good.

Brian
Reply With Quote
  #5  
Old 04-14-2003, 07:05 AM
 
lixy lixy is offline
 

Advanced Member
  
Join Date: Apr 2003
Posts: 41
 

Default

Brian,

That is exactly what I was looking for - thanks alot. Forced SSL Admin working 100%
Reply With Quote
  #6  
Old 05-22-2003, 12:30 PM
  jolandia's Avatar 
jolandia jolandia is offline
 

Member
  
Join Date: Sep 2002
Location: London, UK
Posts: 12
 

Default

Thanks a lot, I tried this as well and it seems to work fine! I haven't tested it extensively, but I assume that in theory there should be no way now to access the admin functions without https? Obviously this is very important with regard to credit card details, as we all appreciate.
Reply With Quote
  #7  
Old 06-25-2003, 09:39 PM
 
e1front e1front is offline
 

Senior Member
  
Join Date: Feb 2003
Posts: 179
 

Default works 100% but now i can't generate sql files

When i click on the "generate db"

the dialog box asks me if i want to save or open,
i tryed both

then a new dialog box opens with the following message

Quote:
getting file information
db_backup.php

then after a minute I get this message,

Quote:
Internet Explorer cannot download db_backup.php from www.yoursite.com
Internet Expolrer wasn't able to open this internet site.
The requested site is either unavailable or cannot be found. Please try again later.


Quote:
if($HTTPS != "on"){
$xcart_host = ($HTTPS == "on" ? $xcart_https_host : $xcart_http_host);
$pos = strpos($xcart_host, "/");
$dir = $pos !== false ? substr($xcart_host, $pos) : "";
$current_script = substr($REQUEST_URI, strlen($dir) + strlen($xcart_web_dir));
$additional_query = ($QUERY_STRING?"&":"?").(strstr($QUERY_STRING,"XCA RTSESSID")?"":"XCARTSESSID=$XCARTSESSID");
header("Location: $https_location".$current_script.$additional_query );
}
# end of code
when i ereased this piece of code, The "generate SQL file worked fine ....

So how can i work out this conflict???
please help
Reply With Quote
  #8  
Old 11-04-2003, 10:39 AM
 
Chris B Chris B is offline
 

eXpert
  
Join Date: Oct 2002
Posts: 226
 

Default Forced administration ssl

Make sure your database has a connection via localhost.

I've seen this problem when x-cart is making a database connection via a URL or IP address.

(Therefore, the data is being transferred through an insecure connection.)
Reply With Quote
  #9  
Old 11-26-2003, 07:32 AM
 
nfc5382 nfc5382 is offline
 

X-Adept
  
Join Date: Nov 2002
Posts: 477
 

Default

i just modified the following for complete https access:

customer/https.php:

Code:
# everything https function is_https_link($link, $https_scripts) { return true; }


and for admin login - admin/auth.php:

add this to the top:
Code:
@include "../customer/https.php";


i just added the support for admin login but I have been using the whole site as https b/c many customers complained about portions of the site not secure. Personally I think they are parinoid, but if it will make them happy i'll accomodate for them!
Reply With Quote
  #10  
Old 12-07-2003, 03:36 PM
  kangus's Avatar 
kangus kangus is offline
 

Senior Member
  
Join Date: Feb 2003
Posts: 160
 

Default 3.5.1 does not work with HTTPS

Fatal error: Cannot redeclare is_https_link() (previously declared in /home/nquest/public_html/store/customer/https.php:54) in /home/nquest/public_html/store/customer/https.php on line 54
Reply With Quote
Reply
   X-Cart forums > X-Cart 4 > Dev Questions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 03:59 AM.

   

 
X-Cart forums © 2001-2020