SSL Theme Problem

[neilva4]

I have purchased an SSL certificate for my site. I have enabled it in admin and the config.php files. My site works fine as normal but as soon as i click on a secure part of the site i.e login the theme does not load i just get the text. It is a 3rd party theme but it is doing the same with the default theme also. I am unsure if the 3rd party theme i uploaded as overwritten some files which is making the default theme act up aswell. Hope someone can help as posted this on opencart and no one can help.

 

[sb65]

Does your theme overwrite any files (e.g via vQmod)? If it does remove the vQmod file associated with your purchased theme and try again with the default theme. If the problem remains then it's nothing to do with the purchased theme.

Can you give a link to your site? Does your browser give any clues as to the issue? Are you sure the changes you've made in config.php are correct?

 

[neilva4]

Looking at the theme package i downloaded it does not look like the theme overwrites any files in VQMOD. Only 1 file is replaced and that is catalog/controller/common/header.php but there are hardly any changes. I have look at my config.php files and someone from opencart also had a look and they appear fine. My site is www v-c-s-shop co.uk

 

[antropy]

Sounds like the theme has some hardcoded links that include HTTP rather than HTTPS? If you know how to edit the code to change that then great, if not we may be able to help: http://www.antropy.co.uk/quote

 

[neilva4]

I have looked at a couple of the files from the theme and they are either .../image/ etc or href so i cannot see any references to HTTP or HTTPS.

 

[antropy]

How about when you view the site and go to View Source?

 

[neilva4]

I clicked on the create account page and then viewed source and all i can see are src=' or href=' and at the top where it says base ref it says http:// www mysite co.uk but there are a couple of references pointing to HTTPS

 

[antropy]

base ref says http://

Could be the issue.

 

[neilva4]

how would i change this and do you know what file

 

[sb65]

It can't be the theme if the problem persists with the default theme, unless the changes to header.php are causing the issue.

The base href should begin with https on a secure page. To rule out the theme, remove it from your server. The base href is set by /catalog/controller/common/header.php, which is the changed file.

If removing the theme doesn't fix the issue this suggests an error in your config.php.

Do you get similar errors using admin?

EDIT: (Your pages are extremely slow to load, by the way)
Having looked at your site, it doesn't look as if you have https enabled? That would explain why the base href is not https.......

 

[neilva4]

There was a few VQMOD files and some other files i had to upload, do i just delete these and replace the original header.php file and see what happens.

I turned off SSL in my admin page but i can turn it back on if you need to check anything.

In my admin/config.php file, if i add an S to the HTTP in the config.php file and go to my admin page it is also corrupted so what would cause this problem as well as the site itself.

 

[sb65]

You have SSL turned off on your shop front site at the moment. Try turning that on for starters.

 

[neilva4]

SSL has now been turned on

 

[sb65]

Right, and the base href is still not showing https.
Is your config.php correct?
It should look something like this, dependent on which version of OC you are running:

// HTTP
define('HTTP_SERVER', 'http://www.yoursite.com/');
define('HTTP_IMAGE', 'http://www.yoursite.com/image/');
define('HTTP_ADMIN', 'http://www.yoursite.com/admin/');

// HTTPS
define('HTTPS_SERVER', 'https://www.yoursite.com/');
define('HTTPS_IMAGE', 'https://www.yoursite.com/image/');

 

[neilva4]

Yes my config.php files look the same as above

 

[sb65]

What is the content of the vQmod file that modifies /catalog/controller/common/header.php?

 

[neilva4]

The above file was only uploaded and overwritten from my theme, all other files were uploaded to the themes folder and some to the VQMOD folder which did not overwrite any other stock files.

 

[sb65]

Ok, well, the bit of code that drives what base href value is returned sits at the top of catalog/controller/common/header.php, and retrieves the value from your config.php file - so it seems like that's where the issue lies.

Can you post the content of your overwritten catalog/controller/common/header.php.

You're running OC156?

 

[neilva4]

This is the contents of the overwritten header.php and i am running 1.5.6
I will need to do this in a few parts as it wont let me type more than 10000 characters.

<?php
class ControllerCommonHeader extends Controller {
protected function index() {
$this->data['title'] = $this->document->getTitle();

if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1'))) {
$server = $this->config->get('config_ssl');
} else {
$server = $this->config->get('config_url');
}

if (isset($this->session->data['error']) && !empty($this->session->data['error'])) {
$this->data['error'] = $this->session->data['error'];

unset($this->session->data['error']);
} else {
$this->data['error'] = '';
}

$this->data['base'] = $server;
$this->data['description'] = $this->document->getDescription();
$this->data['keywords'] = $this->document->getKeywords();
$this->data['links'] = $this->document->getLinks();
$this->data['styles'] = $this->document->getStyles();
$this->data['scripts'] = $this->document->getScripts();
$this->data['lang'] = $this->language->get('code');
$this->data['direction'] = $this->language->get('direction');
$this->data['google_analytics'] = html_entity_decode($this->config->get('config_google_analytics'), ENT_QUOTES, 'UTF-8');
$this->data['name'] = $this->config->get('config_name');

if ($this->config->get('config_icon') && file_exists(DIR_IMAGE . $this->config->get('config_icon'))) {
$this->data['icon'] = $server . 'image/' . $this->config->get('config_icon');
} else {
$this->data['icon'] = '';
}

if ($this->config->get('config_logo') && file_exists(DIR_IMAGE . $this->config->get('config_logo'))) {
$this->data['logo'] = $server . 'image/' . $this->config->get('config_logo');
} else {
$this->data['logo'] = '';
}

$this->language->load('common/header');

$this->data['text_home'] = $this->language->get('text_home');
$this->data['text_wishlist'] = sprintf($this->language->get('text_wishlist'), (isset($this->session->data['wishlist']) ? count($this->session->data['wishlist']) : 0));
$this->data['text_shopping_cart'] = $this->language->get('text_shopping_cart');
$this->data['text_search'] = $this->language->get('text_search');
$this->data['text_welcome'] = sprintf($this->language->get('text_welcome'), $this->url->link('account/login', '', 'SSL'), $this->url->link('account/register', '', 'SSL'));
$this->data['text_logged'] = sprintf($this->language->get('text_logged'), $this->url->link('account/account', '', 'SSL'), $this->customer->getFirstName(), $this->url->link('account/logout', '', 'SSL'));
$this->data['text_account'] = $this->language->get('text_account');
$this->data['text_checkout'] = $this->language->get('text_checkout');

$this->data['home'] = $this->url->link('common/home');
$this->data['wishlist'] = $this->url->link('account/wishlist', '', 'SSL');
$this->data['logged'] = $this->customer->isLogged();
$this->data['account'] = $this->url->link('account/account', '', 'SSL');
$this->data['shopping_cart'] = $this->url->link('checkout/cart');
$this->data['checkout'] = $this->url->link('checkout/checkout', '', 'SSL');

// Daniel's robot detector
$status = true;

if (isset($this->request->server['HTTP_USER_AGENT'])) {
$robots = explode("\n", trim($this->config->get('config_robots')));

foreach ($robots as $robot) {
if ($robot && strpos($this->request->server['HTTP_USER_AGENT'], trim($robot)) !== false) {
$status = false;

break;
}
}
}

// A dirty hack to try to set a cookie for the multi-store feature
$this->load->model('setting/store');

$this->data['stores'] = array();

if ($this->config->get('config_shared') && $status) {
$this->data['stores'][] = $server . 'catalog/view/javascript/crossdomain.php?session_id=' . $this->session->getId();

$stores = $this->model_setting_store->getStores();

foreach ($stores as $store) {
$this->data['stores'][] = $store['url'] . 'catalog/view/javascript/crossdomain.php?session_id=' . $this->session->getId();
}
}

// Search
if (isset($this->request->get['search'])) {
$this->data['search'] = $this->request->get['search'];
} else {
$this->data['search'] = '';
}

// Menu
$this->load->model('catalog/category');

$this->load->model('catalog/product');

$this->data['categories'] = array();

$categories = $this->model_catalog_category->getCategories(0);

foreach ($categories as $category) {
if ($category['top']) {
$children_data = array();

$children = $this->model_catalog_category->getCategories($category['category_id']);

foreach ($children as $child) {
$data = array(
'filter_category_id' => $child['category_id'],
'filter_sub_category' => true
);
/*Begin of the extension Header menu add level 3 sub categories extension code to be replaced:
$product_total = $this->model_catalog_product->getTotalProducts($data);



$children_data[] = array(
'name' => $child['name'] . ($this->config->get('config_product_count') ? ' (' . $product_total . ')' : ''),
'href' => $this->url->link('product/category', 'path=' . $category['category_id'] . '_' . $child['category_id'])
);
*/
// Level 2
$children_level2 = $this->model_catalog_category->getCategories($child['category_id']);
$children_data_level2 = array();
foreach ($children_level2 as $child_level2) {
$data_level2 = array(
'filter_category_id' => $child_level2['category_id'],
'filter_sub_category' => true
);



//level3 starts here

 

[neilva4]

$children_level3 = $this->model_catalog_category->getCategories($child_level2['category_id']);
$children_data_level3 = array();
foreach ($children_level3 as $child_level3)
{
$data_level3 = array(
'filter_category_id' => $child_level3['category_id'],
'filter_sub_category' => true
);
$product_total_level3 = '';
if ($this->config->get('config_product_count')) {
$product_total_level3 = ' (' . $this->model_catalog_product->getTotalProducts($data_level3) . ')';

}

$children_data_level3[] = array(
'name' => $child_level3['name'] . $product_total_level3,
'href' => $this->url->link('product/category', 'path=' . $child['category_id'] . '_' . $child_level3['category_id']),
'id' => $category['category_id']. '_' . $child['category_id']. '_' . $child_level3['category_id']
);
}
//level 3 ends here
$product_total_level2 = '';
if ($this->config->get('config_product_count')) {
$product_total_level2 = ' (' . $this->model_catalog_product->getTotalProducts($data_level2) . ')';
}

$children_data_level2[] = array(
'name' => $child_level2['name'] . $product_total_level2,
'href' => $this->url->link('product/category', 'path=' . $child['category_id'] . '_' . $child_level2['category_id']),
'id' => $category['category_id']. '_' . $child['category_id']. '_' . $child_level2['category_id'],
'children_level3' => $children_data_level3,
);
}
$children_data[] = array(
'name' => $child['name'],
'href' => $this->url->link('product/category', 'path=' . $category['category_id'] . '_' . $child['category_id']),
'id' => $category['category_id']. '_' . $child['category_id'],
'children_level2' => $children_data_level2,
);
//END of the extension Header menu add level 3 sub categories extension
}



// Level 1
$this->data['categories'][] = array(
'name' => $category['name'],
'children' => $children_data,
'column' => $category['column'] ? $category['column'] : 1,
'href' => $this->url->link('product/category', 'path=' . $category['category_id'])
);


}
}



if (isset($this->request->get['filter_category_id'])) {


$filter_category_id = $this->request->get['filter_category_id'];








} else {

$filter_category_id = 0;


}

$this->data['filter_category_id'] = $filter_category_id;







foreach ($categories as $category) {





$children_data = array();



$children = $this->model_catalog_category->getCategories($category['category_id']);



foreach ($children as $child) {

$data = array(

'filter_category_id' => $child['category_id'],

'filter_sub_category' => true

);



$product_total = $this->model_catalog_product->getTotalProducts($data);



$children_data[] = array(

'name' => $child['name'] . ($this->config->get('config_product_count') ? ' (' . $product_total . ')' : ''),

'category_id' => $child['category_id']


);

}



// Level 1

$this->data['categories_search'][] = array(


'name' => $category['name'],

'category_id' => $category['category_id'],

'children' => $children_data,



);



}



$this->children = array(
'module/language',
'module/currency',
'module/cart'
);

if (file_exists(DIR_TEMPLATE . $this->config->get('config_template') . '/template/common/header.tpl')) {
$this->template = $this->config->get('config_template') . '/template/common/header.tpl';
} else {
$this->template = 'default/template/common/header.tpl';
}

$this->render();
}
}
?>

 

[sb65]

Can't see anything wrong with that, the relevant bits are unchanged from the original.
If your config.php is correct then there's something else odd happening.
At this point I would try the following:

Directly edit the file you've posted above, and after this line:

$this->data['title'] = $this->document->getTitle();

add this

global $log;
$log->write($this->config->get('config_ssl'));

Then load any page on your site, doesn't have to be an SSL page.
Then check your error logs from admin and view the last entry.

If this does start with https, then your config.php is correct and for some reason I don't understand the page thinks it isn't https.

If this doesn't start with https then there's an issue with your config.php file.

All this is doing is reading what should be the base URL for an SSL page and printing it out to the system log. By doing this we're removing any remaining doubt about the config file.

 

[neilva4]

I clicked the home page and then on a product and all that appeared is the log is this, i did not click on a secure page just a product, i had to put spaces in the address otherwise i would not let me send because i am new to the forum:

2014-02-25 17:59:17 - https:// www v-c-s-shop co.uk/
2014-02-25 17:59:21 - https:// www v-c-s-shop co.uk/
2014-02-25 17:59:22 - https:// www v-c-s-shop co.uk/
2014-02-25 17:59:27 - https:// www v-c-s-shop co.uk/
2014-02-25 17:59:32 - https:// www v-c-s-shop co.uk/
2014-02-25 17:59:40 - https:// www v-c-s-shop co.uk/
2014-02-25 17:59:48 - https:// www v-c-s-shop co.uk/
2014-02-25 17:59:54 - https:// www v-c-s-shop co.uk/
2014-02-25 17:59:58 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:03 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:09 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:13 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:15 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:19 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:22 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:27 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:27 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:28 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:32 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:33 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:36 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:41 - https:// www v-c-s-shop co.uk/
2014-02-25 18:00:41 - https:// www v-c-s-shop co.uk/

 

[sb65]

OK, well in that case config.php is correct.
This means that somehow, that page does not think it is an https page.
To confirm this amend the code added above to:

        global $log;
        $log->write('HTTPS server:'.$this->request->server['HTTPS']);

This time navigate to an https page, and view the error log again.
I'm expecting that you'll see something like:

HTTPS server:

in which case the request is not being processed as an HTTPS request, and the controller file is not generating the base href with https. Why this should be I'm not sure - it's probably one to take up with your hosting company - it may be an issue with your certificate.

Specifically, it appears the condition below, which tests the value of $this->request->server['HTTPS'] is not being met:

        if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1'))) {
            $server = $this->config->get('config_ssl');
        } else {
            $server = $this->config->get('config_url');
        }

 

[neilva4]

i tried the above and received this in the log and at the top of my website:

Notice: Undefined index: HTTPS in /websites/123reg/LinuxPackage23/v_/c_/s_/v-c-s-shop co uk/public_html/vqmod/vqcache/vq2-catalog_controller_common_header.php on line 25

 

[sb65]

OK, as it looks then, that value is not being set on an HTTPS page, which is why your page has the wrong base href and hence insecure data.

Don't know enough about SSL to comment further - I'd start with your hosting company, as I said.

 

[neilva4]

Thanks for your help. I have contacted my host regarding this issue. Do you think it is worthwhile deleting the theme and going back to basics and see if there is any problems as i get the same problems with the default theme also.

 

[sb65]

It sounds more like a server issue to me, so I don't personally think it's anything to do with your theme. I think (but am prepared to be corrected on this) that your server should be returning a value to $_SERVER['HTTPS'] (see here for explanation), but isn't.

I'd be curious to know what the solution to this is as and when you find it.

 

[neilva4]

I have received a reply from my host with this comment:

Further on this we can advise that the server uses SSL Reversed Proxy & Load Balanced SSL Proxy.
The variable to check for HTTPS and $_SERVER['HTTPS'] is 'HTTP_X_FORWARDED_SSL

Do you know what this means and can it be changed

 

[sb65]

Not come across that before...

You would need to edit /catalog/controller/common/header.php and replace this:

if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1'))) {
$server = $this->config->get('config_ssl');
} else {
$server = $this->config->get('config_url');
}

to this (preserving the original check):

        if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1')) || isset($this->request->server['HTTP_X_FORWARDED_SSL']) && (($this->request->server['HTTP_X_FORWARDED_SSL'] == 'on') || ($this->request->server['HTTP_X_FORWARDED_SSL'] == '1')) ) {
            $server = $this->config->get('config_ssl');
        } else {
            $server = $this->config->get('config_url');
        }

So essentially as well as the check for the $_SERVER['HTTPS'] variable you're also checking for the variable as advised by your host.

This assumes that the variable is set as 'on' or true, if it doesn't work immediately then you can print this variable to the error log as above to check what value is being set.

 

[neilva4]

I have changed the text to above and it is now working fine. Would you be able to check it also your end just to make sure. I cannot thank you enough for helping me with this.

 

[sb65]

Your page displays OK, in that the css loads OK now, but I don't get the padlock sign, so looks like you still have some insecure items on the page. It looks like the images in your menu are not secure. I suspect that might be an issue with your theme. I can't see from the header controller how the image src attribute is created for the menu - first place to look would be the common/header.tpl file for your theme.

 

[neilva4]

I have looked at this and the only code i can see that points to this is the following code:

<!-- Nav Bar -->
<div class="navbar">
<div class="container">
<a class="btn btn-navbar" data-toggle="collapse" data-target=".navbar-responsive-collapse"><?php echo $text_categories_nav ;?></a>

<?php if ($categories) { ?>
<div class="nav-collapse collapse navbar-responsive-collapse">
<ul class="nav">
<?php foreach ($categories as $category) { ?>
<?php if ($category['children']) { ?>
<li class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown"><img src="<?php echo $category['thumb']; ?>" alt="" /> <?php echo $category['name']; ?> <b class="caret"></b></a>
<?php for ($i = 0; $i < count($category['children']) { ?>
<ul class="dropdown-menu">
<?php $j = $i + ceil(count($category['children']) / $category['column']); ?>
<?php for (; $i < $j; $i++) { ?>
<?php if (isset($category['children'][$i])) { ?>
<li class="dropdown-submenu">
<?php if(count($category['children'][$i]['children_level2'])>0) {?>
<a tabindex="-1" href="<?php echo $category['children'][$i]['href']; ?>"><img class="pull-left" src="<?php echo $category['children'][$i]['thumb']; ?>" alt="" /> <?php echo $category['children'][$i]['name']; ?>

<span><?php echo $category['children'][$i]['description']; ?></span></a>
<?php } else { ?>


<a href="<?php echo $category['children'][$i]['href']; ?>"><img class="pull-left" src="<?php echo $category['children'][$i]['thumb']; ?>" alt="" /> <?php echo $category['children'][$i]['name']; ?>
<span><?php echo $category['children'][$i]['description']; ?></span></a>
<?php } ?>

<?php if ($category['children'][$i]['children_level2']) { ?>
<ul class="dropdown-menu">
<?php for ($wi = 0; $wi < count($category['children'][$i]['children_level2']); $wi++) { ?>
<li>
<?php if(count($category['children'][$i]['children_level2'][$wi]['children_level3'])>0){ ?>
<a href="<?php echo $category['children'][$i]['children_level2'][$wi]['href']; ?>"><img class="pull-left" src="<?php echo $category['children'][$i]['children_level2'][$wi]['thumb']; ?>" alt="" /> <?php echo $category['children'][$i]['children_level2'][$wi]['name']; ?>
<span><?php echo $category['children'][$i]['children_level2'][$wi]['description']; ?></span></a>
<?php } else { ?>
<a href="<?php echo $category['children'][$i]['children_level2'][$wi]['href']; ?>"><img class="pull-left" src="<?php echo $category['children'][$i]['children_level2'][$wi]['thumb']; ?>" alt="" /> <?php echo $category['children'][$i]['children_level2'][$wi]['name']; ?>
<span><?php echo $category['children'][$i]['children_level2'][$wi]['description']; ?></span></a>
<?php } ?>

<?php if ($category['children'][$i]['children_level2'][$wi]['children_level3']) { ?>
<ul class="dropdown-menu">
<?php for ($wid = 0; $wid < count($category['children'][$i]['children_level2'][$wi]['children_level3']); $wid++) { ?>
<li>
<a href="<?php echo $category['children'][$i]['children_level2'][$wid]['children_level3']['href']; ?>" ><?php echo $category['children'][$i]['children_level2'][$wi]['children_level3'][$wid]['name']; ?></a>
</li>
<?php } ?>
</ul>
<?php } ?>
</li>
<?php } ?>
</ul>
<?php } ?>
</li>
<?php } ?>
<?php } ?>
</ul>
<?php } ?>
</li>
<?php } else {?>
<li><a href="<?php echo $category['href']; ?>"><img src="<?php echo $category['thumb']; ?>" alt="" /> <?php echo $category['name']; ?></a></li>
<?php } ?>
<?php } ?>
</ul>
</div>
<?php } ?>
</div>
</div>

</div>

<div id="container" class="container-fluid">

<?php if ($error) { ?>
<div class="warning"><?php echo $error ?><img src="catalog/view/theme/ewall/image/close.png" alt="" class="close" /></div>
<?php } ?>

<div id="notification"></div>

<div class="row-fluid">

<ul id="portfolio-filter">
<li><a href="#all"><?php echo $text_show_all; ?></a></li>
<li><a href="#specials"><?php echo $text_show_specials; ?></a></li>
<li><a href="#featured"><?php echo $text_show_featured; ?></a></li>
<li><a href="#latest"><?php echo $text_show_latest; ?></a></li>
</ul>

<?php endif; ?>

 

[sb65]

Right...

So the image displayed is pulled from $categories['thumb'], and this value is showing as http not https. However, there's nothing in controller/common/header.php as posted that populates $categories['thumb'] that I can see....is it possible that there are vQmod changes being applied to this file as well?

 

[neilva4]

There are no vQmod changes for ths images in categories, i remember seeing the http for the images in the theme folder but can't remember which one it was.

 

[sb65]

I'm missing something somewhere then, because the header.tpl you posted uses an index of 'thumb' on the array $categories to display the image on the menu. This is the value that should begin with https. However the controller file which you posted earlier contains no reference to that index, so it's not clear how it's being passed, and hence how it can be fixed. There's no http reference within the tpl file itself.

If you're prepared to give me access to your server via PM then I'm happy to have a quick look for you.

 

[neilva4]

I have just sent you a private message with my host login details.

 

[sb65]

OK, got it.
You have another vQmod, menu-image.xml which adds the thumb index to that array.
This is (quite correctly) calling the Opencart image resize tool which returns the URL - but this, of course, is using the same test for HTTPS as earlier and, for the same reason, returning the http URL. I have edited the file to add the additional check - wouldn't normally directly edit but in this situation it seems sensible.

Your login page now has a padlock....

 

[neilva4]

Thank you so much for all the effort and help you have given me, i can't thank you enough.

 

[sb65]

You're welcome.
I've not come across that issue with SSL and Opencart before so it's a useful piece of knowledge to tuck away! It's conceivable that there might be a few more gotchas caused by that same issue - feel free to drop me a PM if any occur.