secure warning on ie 7

[tcshadow]

I get a secure warning on my page when loaded in ie 7... I have tried and reconfigured anything i could, breaking a few other things in the process but i simply can't get it fixed.

I don't want to post my domain here because I don't want google to index it here so pls let me know if you're willing to try and help and I"ll I'll pm it or tell me how to post it so google doesn't find it.

My configure.php:

PHP Code:

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'http://www.mydomain.com.au'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www.mydomain.com.au'); // eg, https://localhost - should not be empty for productive servers 
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'mydomain.com.au');
  define('HTTPS_COOKIE_DOMAIN', 'mydomain.com.au'); 
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/');
  define('DIR_WS_HTTP_CATALOG', '/');
  define('DIR_WS_HTTPS_CATALOG', '/');
  define('DIR_WS_IMAGES', 'http://www.mydomain.com.au/images/');  
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'http://www.mydomain.com.au/icons/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

  define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
  define('DIR_FS_CATALOG', '/home/myaccount/public_html/');
  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
  define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); 


help?

[tcshadow]

I had to put the full path in so that it would load the images when people click yes on the warning otherwise it doesn't load any product images at all... all the background and template images work fine though


Firefox works fine and doesn't throw up any errors

[tcshadow]

For the love of god somebody help

Internet Exploder seems to be mocking me... everything works fine and bloody dandy in firefox... internet explorer which of course 90% of my customers would use says my website has insecure content and I can't fix it... help please!!!

I have tried everything in every thread i could find which had a similar issue

no warnings and images will show fine in firefox with either ssl or non ssl and internet explorer only shows images when i say yes to the prompt and still breaks one image.


What files do i need to check for paths?? where do i look for a problem?

[tcshadow]

I have now finally found the offending image that was causing the ie 7 errors... but my images still don't display...

it's wierd images in my /templates directory work fine, but my images under /images folder are broken.

They get called as https:// in both cases

It has now also stopped working in firefox

[tcshadow]

My situation at present in summary:

Mixed content warning is gone.
if I load the site as https:// in internet explorer it shows the images. Once i hit refresh, they come up as broken.

In Firefox they show as broken

my includes/config.php:

PHP Code:

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'http://www.mydomain.com.au'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www.mydomain.com.au'); // eg, https://localhost - should not be empty for productive servers 
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'www.mydomain.com.au');
  define('HTTPS_COOKIE_DOMAIN', 'www.tmydomain.com.au'); 
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/');
  define('DIR_WS_HTTP_CATALOG', '/');
  define('DIR_WS_HTTPS_CATALOG', '/');
  define('DIR_WS_IMAGES', 'images/');    
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

  define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
  define('DIR_FS_CATALOG', '/home/myaccount/public_html/');
  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
  define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
  define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers
  define('DB_SERVER_USERNAME', 'xxxxxxxx');
  define('DB_SERVER_PASSWORD', 'xxxxxxxxx');
  define('DB_DATABASE', 'xxxxxxxxx');
  define('USE_PCONNECT', 'false'); // use persistent connections?
  define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' 


my admin/include/configure.php:

PHP Code:

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'http://www.mydomain.com.au'); // eg, http://localhost - should not be empty for productive servers
  define('HTTP_CATALOG_SERVER', 'http://www.mydomain.com.au');
  define('HTTPS_CATALOG_SERVER', 'https://tmydomain.com.au'); // martin edit removed www
  define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module
  define('DIR_FS_DOCUMENT_ROOT', '/home/myaccount/public_html/'); // where the pages are located on the server
  define('DIR_WS_ADMIN', '/admin/'); // absolute path required
  define('DIR_FS_ADMIN', '/home/myaccount/public_html/admin/'); // absolute pate required
  define('DIR_WS_CATALOG', '/'); // absolute path required
  define('DIR_FS_CATALOG', '/home/myaccount/public_html/'); // absolute path required
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); 
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); 
  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
  define('DIR_FCKEDITOR', DIR_FS_CATALOG . 'FCKeditor/');
  define('DIR_WS_FCKEDITOR', DIR_WS_CATALOG . 'FCKeditor/'); 


any ideas?

[tcshadow]

When I do the following it completely fixes Firefox(all images and everything loads and works perfectly) and completely breaks internet explorer(brings back mixed content warning and if no clicked doesn't load any images at all) Internet Exploder should be illegal imo.

In your main_page.tpl.php, the base href line should look like this:

Code:
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
This allows the <base href="..."> tag to change to ssl when required. If your tag looks like above, try changing the $request_type == 'SSL' to $request_type == 'HTTPS'

If your line of code does not look like the above, paste my code in and see if that helps...

[tcshadow]

I've now got the 2 lines sitting together like so:

PHP Code:

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<base href="<?php echo (($request_type == 'HTTPS') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

and now firefox works fine and IE just refuses to load images again no error msg..

If i flip them and put https first and ssl second ie breaks again, errr message returns and no images show if "no" is clicked

[tcshadow]

So it turns out that the culprit all along was hotlink protection... except that was the first thing i had turned off and it still didn't fix it... but that's what my php guy says. If I get more info out of him I'll post it here.


Issue solved.