VirtueMart Forum

VirtueMart 1.1.x [ Old version - no longer supported ] => Security (https) / Performance / SEO/ SEF issues VM 1.1 => Topic started by: HWG on February 20, 2008, 07:39:01 am

Title: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: HWG on February 20, 2008, 07:39:01 am
The question is simple:

With the SSL cert applied to my site, how can I hit CheckOut button without the prompt of the 'the page contains both secure and nonsecure items' from IE in the latest VM version (1.0.14)?

I've searched all of the forums and I've mixed clues about different people having different ways to deal with that. I had this issue back in version 1.0.10, I'm disappointed this issue still is not resolved now in 1.0.14.

I would love to have a central place that somebody from VM to address this issue correctly.

Without the HTTPS protocol in place and without it working correctly, I don't have it's an e-commerce solution.

I've tried: Joomla 1.0.13 + VM 1.0.14 (downloaded as Joomla! 1.0.13 eCommerce Edition) and Joomla 1.0.14 + VM 1.0.14, without any luck.


Viewed from the source code, I found all of the VM product categories on the left bar are still HTTP, without switching over to HTTPS when the checkout button is hit.

I hope I consolidate all the questions people would like to ask:


Thanks!
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on February 20, 2008, 08:36:55 am
The secure and non-secure items warning is not a problem of VM and so there's little, if any, VM can do.  (By the way putting a http link in a secure page will not cause the warning. The warning only occurs when the object is downloaded with the page.)

Judging from the problems I've fixed so far, most of the time the non-secure item is due to modules and templates outside of VM. If you use a third party modules/mambots/templates that has a non-secure item, the warning will come up. As obvious, VM cannot handle problems caused by these items.

Another source of problems is caused by custom VM modules and templates. By hard coding http in your template, eg, the secure and non-secure warning will come up when using https. Again, this is nothing VM can do.

To sum up, the secure and non-secure warning is caused by the modular and flexible structure of Joomla and Virtuemart. And that's the beauty we all treasure. The development teams cannot and should not guarantee every customized item is without problem. The end users/developers themselves should take up that responsibility.

Virtuemart has its weaknesses and rooms for improvements. But please don't blame VM for every problem you encounter.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: winfreepcs on May 06, 2008, 14:27:16 pm
It would be most helpful to know which 3rd party module, etc would run interference with VM.

I've used VM 1.0.5 for a long time without any SSL issues. I've upgraded to VM 1.1.0 (and Joomla 1.0.15) and I'm struggling with SSL issues in ie6 and ie7, but not FF.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: JJRO on May 09, 2008, 21:20:15 pm
Same here - 1.1 has some oddities... the update cart and remove item images are not coming up under https.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on May 13, 2008, 20:44:05 pm
winfreepcs,

There's no definite list. In fact, I must emphasize that those problem modules etc are not conflicting with VM. They are just referencing files that are not in https and caused the browser to warn user. The warning will pop up even if VM is uninstalled and you try to access the site through https.

Most probably, your problem lies in your joomla template which references a file that mean to fix IE bugs. The file is not referenced in Firefox and so error does not pop up.
This kind of problem can be difficult to identify as some times they are embedded in long trunk of crytic javascript code.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: winfreepcs on May 14, 2008, 01:50:40 am
I just switched to solarflare and madeyourweb templates and I still have the same SSL popup.

Furthermore, I've not had this problem in VM 1.05 as I'm having in 1.1.  I noticed that there's an extra two lines in virtuemart.cfg in 1.1 that was not in 1.05 and I'm trying to find out why the difference.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on May 15, 2008, 02:58:15 am
There can be several reasons why the secure warning popup. The VM templates you are using can also have problems. But I can't tell for sure which one without taking detailed look into the site.
What I mean is most of the time, it's not a problem of the VM core. This does not apply to any VM customization done including the templates.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: winfreepcs on May 15, 2008, 13:41:35 pm
I'ved reported it as a bug because I was comparing VM 1.05 and VM1.1 and the extra two lines are in 1.1.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: brick on May 20, 2008, 20:41:21 pm
One way you can use to figure out which module is not secure is to right click on the page and then click "View Source" in IE.  Then go to the notepad doc it opened and do a search for "http:".  Follow the line it returns until you see "mod_".  You can then go to the Joomla module manager and find the mod with that name. 

Also, if you have banners through a LinkShare or Kolimbo kind of situation, that will also do this with the links they provide if you're using the banner module.  You will have to disable the banners on the secure pages.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: winfreepcs on May 20, 2008, 20:57:07 pm
I've checked and there's no module causing the error. It is the VM that's causing the errors:

components/com_virtuemart/themes/default/images/update_quantity_cart.png
components/com_virtuemart/themes/default/images/remove_from_cart.png
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on May 24, 2008, 08:57:32 am
Thanks for reporting this. I'm really interested in following this through.
Do you mean that these 2 images caused the security popup in IE but not in FF?
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: winfreepcs on May 24, 2008, 16:15:34 pm
That is correct.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on May 24, 2008, 18:31:44 pm
Do you managed to get it fixed? Can you share the solution? It would be great if you can give us the url.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: JJRO on May 24, 2008, 18:52:19 pm
I didn't get this fixed, but interestingly in FF, it doesn't call to https: but still no error...
<input type="image" name="update" title="Update Quantity In Cart" src="http://www.sitename.com//components/com_virtuemart/themes/default/images/update_quantity_cart.png" border="0"  alt="Update" align="absmiddle" />
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on May 24, 2008, 19:45:14 pm
That's definite a bug in VM1.1 (and also bug in FF). Can't imagine why this can escape our excellent testing team. Try replacing the vm config file with the attachment and see if this works.

This file should replace the file administrator/components/com_virtuemart/virtuemart.cfg.php. Note the filename is different from the attachment. You have to rename your original file. Upload this file and rename it to virtuemart.cfg.php.

[attachment cleanup by admin]
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: JJRO on May 24, 2008, 20:06:27 pm
Thought it fixed it! - However, now it doesn't enter into the SSL mode at all... thanks for trying and please keep at it!
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on May 24, 2008, 23:47:33 pm
Forgot that your config file has changed. My apology.
Your best bet is to replace these lines of code in your original config file (line 38)
Code: [Select]
if ( @$_SERVER['HTTPS'] == 'on' ) {
define( 'IMAGEURL', SECUREURL .'components/com_virtuemart/shop_image/' );
} else {
define( 'IMAGEURL', URL .'components/com_virtuemart/shop_image/' );
}
define( 'COMPONENTURL', URL .'administrator/components/com_virtuemart/' );
define( 'ADMINPATH', $mosConfig_absolute_path.'/administrator/components/com_virtuemart/' );
define( 'CLASSPATH', ADMINPATH.'classes/' );
define( 'PAGEPATH', ADMINPATH.'html/' );
define( 'IMAGEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/shop_image/' );

define( 'VM_THEMEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/themes/default/' );
define( 'VM_THEMEURL', $mosConfig_live_site.'/components/com_virtuemart/themes/default/' );

with
Code: [Select]
if ( @$_SERVER['HTTPS'] == 'on' ) {
define( 'IMAGEURL', SECUREURL .'components/com_virtuemart/shop_image/' );
// added by JK for fixing https problem
define( 'VM_THEMEURL', SECUREURL.'components/com_virtuemart/themes/default/' );
} else {
define( 'IMAGEURL', URL .'components/com_virtuemart/shop_image/' );
// added by JK for fixing https problem
define( 'VM_THEMEURL', URL.'components/com_virtuemart/themes/default/' );
}
define( 'COMPONENTURL', URL .'administrator/components/com_virtuemart/' );
define( 'ADMINPATH', $mosConfig_absolute_path.'/administrator/components/com_virtuemart/' );
define( 'CLASSPATH', ADMINPATH.'classes/' );
define( 'PAGEPATH', ADMINPATH.'html/' );
define( 'IMAGEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/shop_image/' );

define( 'VM_THEMEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/themes/default/' );
// Following line commented out by JK for fixing https secure warning
//define( 'VM_THEMEURL', $mosConfig_live_site.'/components/com_virtuemart/themes/default/' );

Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: winfreepcs on May 25, 2008, 00:16:17 am
Thank you for the fix! I got the https to work in ie and FF.

Finally the online store is working!
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: JJRO on May 25, 2008, 00:37:04 am
Joseph!   BRILLIANT!   CHEERS!!!
Works here perfectly.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Bruce Morgan on June 05, 2008, 03:45:30 am
Ouch!!!  My site has been down for 4 days since I attempted the earlier fix.  I tried the latest fix but still got an error message.  I tried to replace the file with the original VM release but now I have another error message.  It wants to recover a saved cart and when I try to delete it I get another error message as follows.  Help!

Error: Function Not Registered. deleteSavedCart is not a valid VirtueMart function.

Bruce
www.pepper-passion.com
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on June 05, 2008, 06:48:30 am
The save cart error has nothing to do with the fix. For the other problems, please give the detail of the eror message.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Bruce Morgan on June 05, 2008, 17:29:39 pm
The saved cart error went away when I closed the window and rebooted mye computer.  However, I still have the error from Authorized.net owing to the fact that during checkout my site never goes into the https mode.  I tried pasting in the code you you show in you recent post bu i may have made a small error.  Could you post a complete new virtuemart.config.php file with the fix?

Bruce
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on June 05, 2008, 17:45:22 pm
Go to your site and in the url section (vm configuration), put in the secure url with https.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Bruce Morgan on June 07, 2008, 21:39:28 pm
I finally got this working 100%.  Thank God for a program like Winmerge.  That is a very nice fix.

I think the customers will start coming back now.

Bruce
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: hsitech on June 08, 2008, 05:16:44 am
Forgot that your config file has changed. My apology.
Your best bet is to replace these lines of code in your original config file (line 38)
Code: [Select]
if ( @$_SERVER['HTTPS'] == 'on' ) {
define( 'IMAGEURL', SECUREURL .'components/com_virtuemart/shop_image/' );
} else {
define( 'IMAGEURL', URL .'components/com_virtuemart/shop_image/' );
}
define( 'COMPONENTURL', URL .'administrator/components/com_virtuemart/' );
define( 'ADMINPATH', $mosConfig_absolute_path.'/administrator/components/com_virtuemart/' );
define( 'CLASSPATH', ADMINPATH.'classes/' );
define( 'PAGEPATH', ADMINPATH.'html/' );
define( 'IMAGEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/shop_image/' );
define( 'VM_THEMEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/themes/default/' );
define( 'VM_THEMEURL', $mosConfig_live_site.'/components/com_virtuemart/themes/default/' );
with
Code: [Select]
if ( @$_SERVER['HTTPS'] == 'on' ) {
define( 'IMAGEURL', SECUREURL .'components/com_virtuemart/shop_image/' );
// added by JK for fixing https problem
define( 'VM_THEMEURL', SECUREURL.'components/com_virtuemart/themes/default/' );
} else {
define( 'IMAGEURL', URL .'components/com_virtuemart/shop_image/' );
// added by JK for fixing https problem
define( 'VM_THEMEURL', URL.'components/com_virtuemart/themes/default/' );
}
define( 'COMPONENTURL', URL .'administrator/components/com_virtuemart/' );
define( 'ADMINPATH', $mosConfig_absolute_path.'/administrator/components/com_virtuemart/' );
define( 'CLASSPATH', ADMINPATH.'classes/' );
define( 'PAGEPATH', ADMINPATH.'html/' );
define( 'IMAGEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/shop_image/' );
define( 'VM_THEMEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/themes/default/' );
// Following line commented out by JK for fixing https secure warning
//define( 'VM_THEMEURL', $mosConfig_live_site.'/components/com_virtuemart/themes/default/' );

I take it thats for pre 1.1.0 because i tried it and got a php error

Code: [Select]
Warning: preg_match_all() expects parameter 2 to be string, array given in /home/oldvolks/public_html/wifirat/libraries/joomla/application/application.php on line 820
Array
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on June 08, 2008, 08:36:34 am
Sorry. I don't see any relation between your problem with the fix I suggested.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: hsitech on June 08, 2008, 11:23:36 am
I came here on a link from a vm 1.1 forum not noticing that this is 1.0 fix, I tried it with 1.1 because 1.1 they still dont have this fixed I get the same errors with 1.1 and I know Im not the only one.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on June 09, 2008, 21:22:24 pm
This fix is for VM 1.1 and will solve the insecure shopcart icon images problem only. Don't rely on this to solve all the insecure warnings.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: hsitech on June 10, 2008, 06:42:58 am
This fix is for VM 1.1 and will solve the insecure shopcart icon images problem only. Don't rely on this to solve all the insecure warnings.
Then why is this posted in the 1.0 forum? If its for 1.1.0
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Joseph Kwan on June 10, 2008, 07:22:10 am
I can't answer this question as this is how the thread evolved. Maybe moderator can move this to VM 1.1 instead.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: hsitech on June 10, 2008, 22:08:02 pm
https://www.wifirat.com I got it back working without the error I was having before

When you first start off, The padlock is locked but by the time the entire page loads, Its unlocked.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: hsitech on June 10, 2008, 22:25:03 pm
So I guess online stores are not allowed to use google analytics thats what was causing the error
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: hsitech on June 10, 2008, 22:32:50 pm
Luckily, the solution is quite simple. For the pages on your site that are secured by an SSL certificate, you need to place a different piece of code to install Google Analytics. You can get the correct piece of code for your account by logging in to your Google Analytics account, and selecting "edit" next to the website profile that you want to use. Choose to edit the URL at the top of that page, and replace the "http://" with "https://", which will tell Analytics your site is secure. Save the changes and click "account status" for that website profile to get the new JavaScript code to install on secure pages only.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: copeland on July 01, 2008, 02:57:51 am
I too found this problem... because of google analytics....

Use this code instead of the one supplied by google...
Code: [Select]
<?php
  $prefix 
= isset($_SERVER['HTTPS']) ? "https://ssl" "http://www";
?>

  <script src="<?php echo $prefix?>.google-analytics.com/urchin.js" type="text/javascript">
  </script>
  <script type="text/javascript">
    _uacct="UA-xxxxxxx-x";
    urchinTracker();
  </script>
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Bruce Morgan on July 04, 2008, 19:57:48 pm
This problem has crept back into my web site and I an not surte how it got back there.  I do not think Google Analytics is to blame.  Could some post the code that can be pasted into a VM1.1.1 file to solve the http/http problem?  Replacing the entire virtuemart.config.php file and then trying to restore all of the information unique to my site was simple toom much trouble.  Is there a fix in the wings for VM1.1.2?

Bruce
www.pepper-passion.com
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: ssoltz on July 07, 2008, 23:19:05 pm
For those of you, like me, that are using the "other" CMS (Mambo) and are scratching your heads over this issue, I believe I have a workaround.

After searching link by link (Page Info doesn't tell the whole story, folks), I found that mambojavascript.js was the "unsecure" item on my site.

My site also uses SMF, so I am already reading the VM config file through changes made to the SMF_header_include mambot found on the thread here: http://forum.virtuemart.net/index.php?topic=21449#msg53229.

If you are not using SMF, then you will probably want to add this code somewhere (in the function function mosShowHead, perhaps?):

Code: [Select]
global $mosConfig_absolute_path;
require_once($mosConfig_absolute_path.'/administrator/components/com_virtuemart/virtuemart.cfg.php');
$vm_url = rtrim(URL, '/');
$vm_secureurl = rtrim(SECUREURL, '/');

Then you will want to open the file /includes/core.classes.php and
Replace:
Code: [Select]
$head['mambojavascript'] = $my->id ? '<script language="JavaScript1.2" src="'.mamboCore::get('mosConfig_live_site').'/includes/js/mambojavascript.js" type="text/javascript"></script>' : '';
With:
Code: [Select]
if (@strstr($_REQUEST['page'], "checkout.") || @strstr($_REQUEST['page'], "account.")) {
$head['mambojavascript'] = $my->id ? '<script language="JavaScript1.2" src="'.SECUREURL.'/includes/js/mambojavascript.js" type="text/javascript"></script>' : '';
} else {
$head['mambojavascript'] = $my->id ? '<script language="JavaScript1.2" src="'.mamboCore::get('mosConfig_live_site').'/includes/js/mambojavascript.js" type="text/javascript"></script>' : ''; // commented out
}

I know this isn't perfect, but I'm just a hack and it seems to work.

Hopefully this helps someone else.

Take care,
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: d_spice on July 23, 2008, 19:04:22 pm
Is there a definitely solution to this? I added the modified code and saw no change. Even after telling the configuration to be secure when in the users account, it only becomes secure when they go to checkout with their order, and then stays in secure mode when logging out. I want the users account to be secured too, any solutions?
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: ssoltz on July 23, 2008, 22:17:30 pm
Code: [Select]
if(@strstr($page, "account.") || @strstr($page, "checkout.")Do you have this conditional in your root directory's index.php file?

If so, there is something else loading in the account pages that is not being loaded in the checkout pages.

Have you analyzed your links in the "View Page Info" option in FF? This is the best place to start. See which links are different between the checkout pages and the account pages.

After I made the above mentioned changed, I no longer get the "unsecure mix" warning on checkout OR account pages, so it definitely works.

Take care,
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: allanchan on July 30, 2008, 07:22:24 am
Forgot that your config file has changed. My apology.
Your best bet is to replace these lines of code in your original config file (line 38)
Code: [Select]
if ( @$_SERVER['HTTPS'] == 'on' ) {
define( 'IMAGEURL', SECUREURL .'components/com_virtuemart/shop_image/' );
} else {
define( 'IMAGEURL', URL .'components/com_virtuemart/shop_image/' );
}
define( 'COMPONENTURL', URL .'administrator/components/com_virtuemart/' );
define( 'ADMINPATH', $mosConfig_absolute_path.'/administrator/components/com_virtuemart/' );
define( 'CLASSPATH', ADMINPATH.'classes/' );
define( 'PAGEPATH', ADMINPATH.'html/' );
define( 'IMAGEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/shop_image/' );
define( 'VM_THEMEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/themes/default/' );
define( 'VM_THEMEURL', $mosConfig_live_site.'/components/com_virtuemart/themes/default/' );
with
Code: [Select]
if ( @$_SERVER['HTTPS'] == 'on' ) {
define( 'IMAGEURL', SECUREURL .'components/com_virtuemart/shop_image/' );
// added by JK for fixing https problem
define( 'VM_THEMEURL', SECUREURL.'components/com_virtuemart/themes/default/' );
} else {
define( 'IMAGEURL', URL .'components/com_virtuemart/shop_image/' );
// added by JK for fixing https problem
define( 'VM_THEMEURL', URL.'components/com_virtuemart/themes/default/' );
}
define( 'COMPONENTURL', URL .'administrator/components/com_virtuemart/' );
define( 'ADMINPATH', $mosConfig_absolute_path.'/administrator/components/com_virtuemart/' );
define( 'CLASSPATH', ADMINPATH.'classes/' );
define( 'PAGEPATH', ADMINPATH.'html/' );
define( 'IMAGEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/shop_image/' );
define( 'VM_THEMEPATH', $mosConfig_absolute_path.'/components/com_virtuemart/themes/default/' );
// Following line commented out by JK for fixing https secure warning
//define( 'VM_THEMEURL', $mosConfig_live_site.'/components/com_virtuemart/themes/default/' );

I use this to change my virtuemart.cfg.php files but I am still getting the same error when my Customer reach Checkout..

When I am under secure site. Virtuemart

com_virtuemart/themes/default/images/checkout/checkout4_2.png
com_virtuemart/themes/default/images/update_quantity_cart.png
com_virtuemart/themes/default/images/remove_from_cart.png

Is still loaded from http://

Where should I change this?

Can anyone please tell me y? My website is www.trade-asy.com

Thank You
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: MrBoza on July 30, 2008, 11:24:37 am
this doesn’t work for me.... www.preorder-figure.com/index.php
By the way how can I avoid the message in IE do you want to display unsecure items when logging in ...lots of post's but still not clear...
Any help appreciated!!!

Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: MrBoza on July 30, 2008, 11:56:38 am
It works! I found this file that I had to put for my stylesheet to work in VM that was nor https...
<link href="https://www.preorder-figure.com/components/com_virtuemart/fetchscript.php?gzip=1&amp;subdir[0]=/themes/default&amp;file[0]=theme.css&amp;subdir[1]=/js/mootools&amp;file[1]=mooPrompt.css" type="text/css" rel="stylesheet" />

I changed it from the admin template edit html...I added the s and magic!

I did change the config file too and it's all supersmooth! 

Thanks
 ;D
I was about to punch the monitor...LOL  :) :) :) :)




Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: allanchan on July 30, 2008, 14:25:12 pm
It works! I found this file that I had to put for my stylesheet to work in VM that was nor https...
<link href="https://www.preorder-figure.com/components/com_virtuemart/fetchscript.php?gzip=1&amp;subdir[0]=/themes/default&amp;file[0]=theme.css&amp;subdir[1]=/js/mootools&amp;file[1]=mooPrompt.css" type="text/css" rel="stylesheet" />
I changed it from the admin template edit html...I added the s and magic!
I did change the config file too and it's all supersmooth! 
Thanks
;D
I was about to punch the monitor...LOL  :) :) :) :)

Hi therem

Could you please list a range of file that you have changed to get it to work please!!
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: allanchan on July 31, 2008, 12:08:14 pm
Can anyone please help me solve my problem above,,,,
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: allanchan on August 02, 2008, 18:18:49 pm
No one can help me???
Common I know someone can help me...!!!
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: JJRO on August 02, 2008, 23:49:17 pm
Hey! This problem has re-appeared for me too...
None of the above fixes seem to fix it any more.
I upgraded to 1.1.2 VM & Joomla 1.5.3

YIKES!  S.O.S.!!
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: MrBoza on August 11, 2008, 07:30:28 am
Ok fist step turn off all your add on modules that may have unsecure items like the one i was using called user info something like that. Then go to the log in page https and check in the source if there is a link http that may look fishy. One more thing ...check in your VM admin that it's correct mine was https://preorder-figure.com/index.php but should be https://www.preorder-figure.com/index.php  :)

I did change the config file as they say in this post but I’m not sure if the two small gif files made the problem. For me was the module.
make sure you have the latest Joomla 1.54 at list and virtue mart 1.1.2 just installed and very fast with cache on!! Recommended.
www.preorder-figure.com/index.php feel free to test

...have fun! ::)

Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: JJRO on August 13, 2008, 19:21:48 pm
Just came back to give a quick update...
I solved all the SSL images issues by going into EVERY instance of an image and using absolute paths  http://blahblahblah.com/images/...
PITA! but it works.
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: allanchan on August 15, 2008, 01:51:21 am
Hi There,

When I try to go into https right... The Script below which I copy out from your site had problem with mine...

Code: [Select]
<script src="https://www.preorder-figure.com/components/com_virtuemart/fetchscript.php?gzip=1&amp;subdir[0]=/themes/default&amp;file[0]=theme.js&amp;subdir[1]=/js&amp;file[1]=sleight.js&amp;subdir[2]=/js/mootools&amp;file[2]=mootools-release-1.11.js&amp;subdir[3]=/js/mootools&amp;file[3]=mooPrompt.js" type="text/javascript"></script>

  <script type="text/javascript">var cart_title = "Cart";var ok_lbl="Continue";var cancel_lbl="Cancel";var notice_lbl="Notice";var live_site="https://www.preorder-figure.com";</script>
  <link href="https://www.preorder-figure.com/components/com_virtuemart/fetchscript.php?gzip=1&amp;subdir[0]=/themes/default&amp;file[0]=theme.css&amp;subdir[1]=/js/mootools&amp;file[1]=mooPrompt.css" type="text/css" rel="stylesheet" />


My code shows like this...

Code: [Select]
<script src="http://www.trade-asy.com/components/com_virtuemart/fetchscript.php?gzip=0&amp;subdir[0]=/themes/default&amp;file[0]=theme.js&amp;subdir[1]=/js&amp;file[1]=sleight.js&amp;subdir[2]=/js/mootools&amp;file[2]=mootools-release-1.11.js&amp;subdir[3]=/js/mootools&amp;file[3]=mooPrompt.js" type="text/javascript"></script>
  <script type="text/javascript">var cart_title = "Cart";var ok_lbl="Continue";var cancel_lbl="Cancel";var notice_lbl="Notice";</script>
  <link href="http://www.trade-asy.com/components/com_virtuemart/fetchscript.php?gzip=0&amp;subdir[0]=/themes/default&amp;file[0]=theme.css&amp;subdir[1]=/js/mootools&amp;file[1]=mooPrompt.css" type="text/css" rel="stylesheet" />

And May I know are u (MrBoza) using Sh404SEF. BEcause your

Code: [Select]
<base href="https://www.preorder-figure.com/index.php" />
seems to change to seure site url when I type in https...

Code: [Select]
<base href="http://www.trade-asy.com/index.php" />

But Mine never change with sh404SEF...

Could you please teach me how to configure sh404sef corrently...

Joomla 1.5.5 Virtuemart 1.1.2 sh404Sef 1.0.3

Thanks

Allan

Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: snyder97 on October 01, 2008, 03:16:33 am
I am getting an error when I switch to the checkout error (https://)
I have spent days reading posts and trying to figure this out but I just can't seem to get it.

Firefox error "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?"

IE6 error "This page contains both secure and nonsecure items. Do you want to display the nonsecure items"
I need help to resolve the security issue so that the page is 100% secure, no error and the store is functional.

What I am working with:
I am using a shared ssl certificate through netfirms.
Joomla 1.5.4 Production/Stable
VirtueMart 1.1.2 stable
Custom Template (this is my first template should there be something in the template to force everything to https)
Authorize.net for payment

I linked my style sheet as https:// and now it seems to load ok but what am I missing.
Big thanks to anyone that can help!!!
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: MozartMcLaus on June 11, 2009, 13:35:47 pm
I will fix this problem soon, just give me some time, because i encountered it myself.

The problem is that many modules, tamplates and so on dont handle https logical cases. Open your final page with https. open its generated html source code and copy it to notepad. Search for "http://".
you will encounter that many images, css, javascript links are absolutely linked to http: while your browsing https. thats the problem. browser will fire up warning message of unsecure items.

1) The only way to quick fix it is to get ReReplacer component: http://extensions.joomla.org/extensions/4336/details
Add rule to replace
http://www.mydomain.tld
to
https://www.mydomain.tld
for specific menu item (for example shop) or for all sites everywhere.

This WILL definitively solve all you problems with theese SSL warning messages.

2) BUT! There is always a "but". Also joomla has damn poor handling of $live_site. I have never seen such poor core functionality. anyway. many modules use this variable for different conditional statements. if you use https and your live_site is http you will get different conditional logic failing in different modules. for example in VM during order processing + login.
The only way to fix it is to generate live_site dynamically.
when i finish with this, the problem will be solved to the end.

cheers
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: Gary on October 29, 2009, 13:27:01 pm
Any more developments on this? I have the same problem!
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: natecovington on September 16, 2010, 16:28:49 pm
Hi,

I am having a similar problem.  Joomla (1.5.18), VM (1.5.14), SH404sef (version 2.1.4.734)

My solution was to disable the JSN Imageshow Pro module on the VM pages, as this module was hard-coding some URL's without https://

As soon as the browser detected this module, it warned that there was an unsafe connection.

Fixed!
Title: Re: SSL - https/http switchover - both secure nosecure items - encrypted
Post by: lindapowers on November 27, 2011, 06:34:36 am
and here comes the stupid question after reading all the comments,

I'm having a problem with IE9 warning which after testing I noticed is caused by the login module (slick_login).

I checked the source code on the ssl checkout page and the images from the module are pointing to http.

So the stupid question is in what files you edit those lines?

Thanks