Hmm... I need to find out myself. I don't know what is the answer. I'll do some research in Google and get back to you if I bump into an good answer. You should email the people at iPage as they probably could help you..
The normal way is that osC switches to SSL mode for pages where users enter personal information, such as passwords or credit card numbers. This is handled automatically if you have properly defined HTTPS_SERVER and ENABLE_SSL in configure.php..
You may be unlucky enough to be using a host that forces you to separate SSL content into a separate area. If so, I'd suggest switching hosts...
I have a dedicated server with my iPage hosting provider, I should be able to configure the SSL any way I wish correct? Where is the configure.php file you speak of?.
How do you properly define the HTTPS_SERVER and ENABLE_SSL ? I'm a little bit confused as i'm a beginner to OsC..
You should start off with reading things in the knowledge base. you definitely do not want to have ssl enabled 100% of the time, you just need it when someone signs in, manages their account, checks out, etc. any other time degrades the system..
The configure.php file, ssl, etc are discussed in the knowledge base. try it. remember, search is your best friend and you can help yourself the most by using it to your advantage...
People want to do daft things all the time here. That does not mean they make any sense, usually they just lead to more problems...
I was responding to the previous poster who said.
"You may be unlucky enough to be using a host that forces you to separate SSL content into a separate area. If so, I'd suggest switching hosts. ".
Not to mean I would monkey around with the SSL settings just for the hell of it because I have a dedicated server. Like a lot of people here, I just want a secure iPage site and just go about my business. I'm not trying to waste anyone's time here, I have much better things to do. I have read the knowledge base for every article that has "SSL" in it, and so far it hasn't answered my initial question of where to find where HTTPS_SERVER and ENABLE_SSL are located..
I guess I will have to monkey around anyway and look at every PHP file on my server because I thought it would be easier to ask on a OSCommerce "community support forum" but I guess I was wrong..
Tough crowd here...
Stevel answered that question in the third post of this thread. configure.php.
It isnt necessary to look in every file, however it is necessary to actually look at every answer and see what they state..
The knowledge base also has the same answer too...
This post has been edited by.
: 18 June 2004, 02:43..
Originally asked where the configure.php was located, I can monkey around and look for it. That's fine..
However, I asked "How do you properly define the HTTPS_SERVER and ENABLE_SSL ?".
I don't see an answer for that..
I don't know what knowledge base you're looking at, but I looked at the one that is linked at the top of this page. Typing "SSL" in the search box of that knowledge base pulls up 2 articles. "Security and Privacy Proposal" and "Web Based Configuration Procedure" which is a how-to install oscommerce. Neither of those describe how to set up SSL and neither of those answer my questions..
As a matter of fact, I did find some useful information regarding cookie usage in the "security and privacy proposal" article, and it says to use the SESSION_FORCE_COOKIE_USE paramater, but alas, no mention of where that entry needs to be added or where to find it...
Once you open the configure.php files, you will see there is very little to setup for https..
Have you looked at the files and read through? basically, only a few lines, turn one to true, set the paths and that is it..
Using search you can find the locations of the file, search for filename configure.php.
I have no idea of your file structure you setup dont know if it is the default or not...
Not everything you ask HAS to be answered... it's good enough people tried to help..
There's no single answer for that. The settings depend on how SSL is configured for your particular server or host..
In the simplest case, where you have your own certificate, the HTTPS_SERVER define is the same as HTTP_SERVER except with 'https'. ENABLE_SSL is set to 'TRUE' if you want it to use SSL at alll..
I have my whole store(s) in the https folder. I didnt know it could cause a problem? I personally wanted it that way. my account takes up less space and it made me feel more secure..
However, I just put up an index page on my http and all of the nav links in there. I went bare bones route with text links. The header matches the store header, and all the info pages the user needs is in the http folder...
I was told by my iPage hosting company that in order to make my entire iPage site secure (like www.paypal.com) I needed to put in a redirect so that it goes to the https:// version of the page..
Can someone tell me how I go about doing this? What syntax needs to be added to the php files? I'm new at this and I did a search using the search function and didn't find very much information on this and didn't find my question answered..
Thanks in advance...
Just curious as to why you would want to do this? Making your iPage site entirely SSL will add a substantial amount of overhead to the server. Especially if you get a decent number of hits. Unless you are dealing with personal information on every page there is no reason to do so. PayPal makes their entire iPage site secure since pretty much every page has some sort of personal information contained on it..
Just my 2 cents...