checkout.php is missing... but it's not!

Hi, I have just uploaded the site to a testing server for my client to approve, and during the process of testing checkout, I am getting a an error:

Not Found
The requested URL /checkout.php was not found on this server.

It's because the remote URL is changing from http:// to https:// however, it's not changing on the localhost.

What do I do to ensure this works properly? Do I have the ability to stop it going to a https path?

Thanks

Mat

to stop it from redirecting to the https server, edit the webassist/plugins/shopping_cart/checkout_form.php file, change lines 7 - 19:

if (empty($_SERVER['HTTPS'])) {

  $testRedirect = "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];

  $c = curl_init();

  curl_setopt($c, CURLOPT_URL, $testRedirect);

  curl_setopt($c, CURLOPT_TIMEOUT, 90);

  curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 1);

  curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);

  $result = curl_exec($c);

  if ($result)  {

      header("location: ".$testRedirect);

      die();

  }

}

to:

/*if (empty($_SERVER['HTTPS'])) {

  $testRedirect = "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];

  $c = curl_init();

  curl_setopt($c, CURLOPT_URL, $testRedirect);

  curl_setopt($c, CURLOPT_TIMEOUT, 90);

  curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 1);

  curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);

  $result = curl_exec($c);

  if ($result)  {

      header("location: ".$testRedirect);

      die();

  }

}*/

Thank you Jason. That's worked a treat.

What are the consequences of not going through https? I am assuming I have to buy a SSL certificate with my hosts to ensure that the https works properly.

Thanks.

Mat

not using HTTPS means that checkout information is passed to the payment gateway insecurely.

If you are using one of the local checkout methods, meaning that the customer enters their credit card number on the checkout page of your site, it can pose a security risk.

if you are using one of the local checkout methods, you should have an ssl certificate installed.

I am about to create an SSL package on my web server, and it's asking me to create a folder where all the secure files need to go. Although I have currently disabled it, I need SSL as this is going to be a busy site for a reputable and long established company.

The way PowerStore is set up means that I will be moving files from the top level of the domain to a sub-level. Is this going to break links to files and includes etc? I suspect it is, so how do I get around this issue?

Can I just move the files in DW's site panel and it will update links? If so, which files do I need to move into the SSL related folder?

Thanks.

Mat

no links should need to be changed.


the https address:
yoursite.com

will point to the new secure folder and the http address:
yoursite.com

will point to the files in the original location

Sorry Jason, I'm not sure I understand that.

Are you saying that all I need to do is upload the site as normal to my http: directory, and I then simply need to upload certain pages to the https: folder (that I'll call 'securefiles') which as far as the web address bar is concerned, remains invisible?

Or, are you saying upload as normal to my http: directory, and the server deals with the https: request even though the pages that need to be secured don't actually sit in the folder 'securefiles'?

I am being asked to create a secured folder on my domain, then add required files to it. I assumed that I drop the required files here, but don't know what happens from there. Does the secured directory effectively become invisible as far as the web address bar is concerned? Is the only true evidence of a secured directory being present shown by the 's' in the https: regardless of the secured directory name?

If I have to place files in to the securefiles folder, which ones need to go in it. I assume that checkout.php is one, but are there any others?

Sorry for my ignorance, I have never had to set up https before. I have always redirected to the payment gateway rather than stay on the domain.

Thanks.

Mat

upload all the files to your site as per ussual, then upload them again into the secure folder. No links need to be changed, the server will send the correct page to the browser based on the url in the address bar using http or https

Oh OK, I see. So, if I make a change to any file, I need to upload it twice meaning DW's put doesn't fully work. Never mind!