Securing Pages

Can you walk me throught the process of securing pages for the check-out process. I have my ssl certificate and the secure directory on my web server. The problem is Dreamweaver will not let me drag the;

checkout.php
confirm.php
checkout_success.php
checkout_failure.php
pp_confirm.php
pp_checkout_success.php
pp_checkout_failure.php
pp_cancel.php

pages into the secure directory. I called my hosting service and they said that I would have to use their file manager to relocate the files. When I do this the links are lost and the site is not functional. I have no idea how to re-establish the links after the move.

It should not be this hard should it? I feel like such an idiot that I can not get this preconfigured solution working.

THanks,

Bruce

You should move a copy of all the powerr store files into the secure directory.


Then open the cart.php file and change line 133:
$Redirect_redirStr="checkout.php";


to:
$Redirect_redirStr="https://www.mydomain.com/checkout.php";

Hi Jason,

I have made the "checkout.php" secured. But if I use "Paypal checkout" and when it returns to my website - a window pops up - warning the user that it is returning from secured to nonsecured site.

My questions are:

1. Does it suffice to render only my "checkout.php" secured? Does the return from paypal to confirm.php have to be secured too?

2. if yes, how do I make all the confirm.php page secured.

3. Besides confirm.php and checkout.php, which other pages must be secured?

4. Is there any issue if I put the whole site under ssl? i.e. speed issue?

5. How do I put the whole site under ssl? Do I have to undo "$Redirect_redirStr="https://www.mydomain.com/checkout.php" back to $Redirect_redirStr="checkout.php"?

Thank you.

The problem is that the $WAGLOBAL_Root_URL setting in the WA_Globals file points to the non secure domain. the return URL uses the $WAGLOBAL_Root_URL to tell paypal the domain to return to.

There is no problem with hosting all of the pages on the SSL server and making all of the pages secure, this is the simplest solution to the problem.

Hi,

We are now live and need to do this, too, as Authorize.net is going to do a site review really, really soon...

Please see the attached pic so I'm clear on what "move a copy of the powerstore files to the secure directory" means... I'm thinking...

Do I simply put the entire site into the highlighted ssl directory on the remote server?

And then do I change the line you mentioned in the page on the non-secure directory(ies)?

Thanks heaps!

Iggy

Yes, upload it to the ssl directory and change the $WAGLOBAL_Root_URL to use the https address.

Thanks Jason!

The WA_Globals we mean is the one at the http url and not the https, yes, or should I do both?

Best!

Iggy

both of them should use the https url.

Currently the one at the ssl directory says this:

$WAGLOBAL_Root_URL = "https://localhost/PowerStore200/" ;

which seems to be working... I'm actually buying something as we write to test it.

Does that look good to you?

Uh Oh just got this when I hit checkout:

Warning: require_once(../PowerStore2_01/WA_Globals/WA_Globals.php) [function.require-once]: failed to open stream: No such file or directory in /home8/prefert5/public_html/confirm.php on line 1

Fatal error: require_once() [function.require]: Failed opening required '../PowerStore2_01/WA_Globals/WA_Globals.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home8/prefert5/public_html/confirm.php on line 1

---

Maybe the root URL should be the domain?

All the required links on confirm.php look like this:

<?php require_once( "../PowerStore2_01/WA_Globals/WA_Globals.php" ); ?>

that can't be right, can it?

no, the require once lines are wrong, the default confirm page has the require once lines as:
<?php require_once( "WA_Globals/WA_Globals.php" ); ?>