VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 General help me questions
 ssl customer pages
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Mark Priest
VP-ASP Expert

United Kingdom
570 Posts

Posted - April 22 2004 :  09:27:07  Show Profile  Reply with Quote
Hi Guys,

Customer requested that the pages that the user enters his personal details in are SSL protected, not just the credit card page.

Any ideas?

Regards,

Mark

Jill
VP-ASP Super User

USA
249 Posts

Posted - April 22 2004 :  12:33:27  Show Profile  Reply with Quote
Hardcode your links to the Checkout?

Jill

Go to Top of Page

GTM
VP-ASP New User

USA
122 Posts

Posted - April 23 2004 :  11:46:09  Show Profile  Reply with Quote
You can enter the ssl state when you start the checkout process by changing line 186 shopaddtocart.asp

Case "PROCE"
responseredirect "shopcustomer.asp"


to

Case "PROCE"
Response.Redirect "https://www.yoursite.com/" & "shopcustomer.asp"


Greg

Go to Top of Page

greatphoto
VP-ASP Super User

USA
304 Posts

Posted - July 31 2004 :  21:56:02  Show Profile  Reply with Quote
Hi Greg-

Thanks for the very valuable info! You saved me a lot of time tracking this down. I noticed you gave the similar pointers in a past posting: http://www.vpasp.com/virtprog/vpaspforum/topic.asp?TOPIC_ID=2169

Of course, the default cart design should have already been for all the customer info to be secure as that is expected on modern ecommerce sites.

I made your suggested change today, but took it a small step further. I used the xssl configuration instead of hard-coding the https site URL. This was important to me since I do local testing of the site before uploading to the server. I can't test locally with the public URL redirect embedded in the code, and its much easier not to have two versions of the same file. By using xssl, the file is the same on both the local and public site and I just have two different xssl configs for the local and public copies.

So my code looks like this starting at line 186 of shopaddtocart.asp:

Case "PROCE"
Dim ssl
ssl=getconfig("xssl")
if ssl<>"" then
slash=right(ssl,1)
if slash="/" or slash="\" then
else
ssl=ssl & "/"
end if
end if
Response.Redirect ssl & "shopcustomer.asp"


(Well, mine does have spacing to delimit the code hierarchy, but this forum tool removes them.)
;-)

BTW, I borrowed this code from shopcreateorder.asp.

Go to Top of Page

Rockdale
VP-ASP New User

USA
74 Posts

Posted - August 21 2004 :  06:49:32  Show Profile  Visit Rockdale's Homepage  Reply with Quote
Hi, I put in your suggested code for SSL, but I'm not getting HTTPS when I go into the add address area. Is there additional code to


>Case "PROCE"
>Dim ssl
>ssl=getconfig("xssl")
>if ssl<>"" then
>slash=right(ssl,1)
>if slash="/" or slash="\" then
>else
>ssl=ssl & "/"
>end if
>end if
>Response.Redirect ssl & "shopcustomer.asp"


Michael Kelley
Go to Top of Page

greatphoto
VP-ASP Super User

USA
304 Posts

Posted - August 21 2004 :  10:04:19  Show Profile  Reply with Quote
quote:
I put in your suggested code for SSL, but I'm not getting HTTPS ...


Have you set the xssl configuration?
The benefit of this code is that it leverages the configuration for ssl thats already built into the cart, so you can easily turn SSL on or off just by changing the config. However, it does mean that you have to take the extra step of setting the xssl config value under shop administration for it to work. I probably should have been more detailed about it in my previous post.

Setting xssl to enable ssl:
1) login to your shop administration pages
2) click "Configure Shopping Cart"
3) in the search prompt, type "xssl" and hit search
4) Fill in xssl to be "https://www.<yoursite>.com" (of course, substitute your domain name in place of <yoursite>
5) Click continue

If you want to disable ssl (as for your locally hosted test site), just follow the above directions, except delete the value in xssl.

The xssl config is covered in section 32.3 on page 102 of the Developer's Guide which is available at http://www.vpasp.com/virtprog/vpasp500developer.pdf

By the way, if you set xssl, but don't add the code to shopaddtocart.asp, then SSL will just turn on for the payment page.

Go to Top of Page

Rockdale
VP-ASP New User

USA
74 Posts

Posted - August 21 2004 :  11:22:50  Show Profile  Visit Rockdale's Homepage  Reply with Quote
I tried adding the url to the xssl config and I tried true and false for the yes/no field.

any ideas.

also I added Dim slash to the code

Any ideas?

When I put "https://www.rockdalewreaths.com" in directly it still doesn't work

______________________

By the way - when I use the code

<%
'If (Request.ServerVariables("HTTPS") = "off") Then
'Dim strCurrentFile
'strCurrentFile = Request.ServerVariables("SCRIPT_NAME")
'Response.redirect "https://www.rockdalewreaths.com" & strCurrentFile
'End if
'%>
in the shoppageheader page it works.

I just can't seem to get the ssl to work in addtocart page.



Michael Kelley
Go to Top of Page

greatphoto
VP-ASP Super User

USA
304 Posts

Posted - August 21 2004 :  12:15:00  Show Profile  Reply with Quote
Michael-

The location that I suggested for placement of the code (at line 186 of shopaddtocart.asp) will not cause ssl to be enabled for the addtocart page. It will only affect the shopcustomer.asp (where the customer normally enters all their info) and the pages that follow it during the checkout process (shopcreateorder.asp, shopcheckout.asp).

If you want other pages to be affected, then you'll need to modify other pages.

I'm writing you an email directly with specific information for your site.

Nathan




Edited by - greatphoto on August 21 2004 12:25:39
Go to Top of Page

Rockdale
VP-ASP New User

USA
74 Posts

Posted - August 22 2004 :  13:31:36  Show Profile  Visit Rockdale's Homepage  Reply with Quote
The issue is with the shopdeliveryedit.asp page. The shopaddtocart.asp doesn't seem to have a direct call for the shopdeliveryedit.asp page. Does anyone know where vp-asp keeps this reference?

I can add the https:// and initiate the Security, starting with the shopdeliveryedit.asp page.

Any other ideas are welcome.

Michael Kelley
Go to Top of Page

dwight
VP-ASP New User

USA
143 Posts

Posted - August 29 2007 :  16:29:17  Show Profile  Reply with Quote
quote:
Originally posted by greatphoto

Michael-

The location that I suggested for placement of the code (at line 186 of shopaddtocart.asp) will not cause ssl to be enabled for the addtocart page. It will only affect the shopcustomer.asp (where the customer normally enters all their info) and the pages that follow it during the checkout process (shopcreateorder.asp, shopcheckout.asp).

If you want other pages to be affected, then you'll need to modify other pages.

I'm writing you an email directly with specific information for your site.

Nathan




Edited by - greatphoto on August 21 2004 12:25:39



was wondering if you would shed some light on how to do this to other pages such as the login page.
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - August 29 2007 :  17:34:15  Show Profile  Visit devshb's Homepage  Reply with Quote
if you use the deliveryedit page and you want that on ssl, then shopaddtocart will also need to be on ssl, because they post back+forward to each other. either that, or delve into the nitty-gritty code that creates the form tag and manually change it to post on/off ssl between shopaddtocart and the deliveryedit pages; if you change it to redirect instead of posting then you'd lose the posted info, so shopaddtocart and deliveryedit need to be:
1) both on ssl, or neither on ssl via redirection and link changes.
or:
2) form tags changed to post to a specific domain
(or a combination of 1+2)

There are some tweaks that would need to be done manually depending on which pages you'd want on/off ssl, and what your side-panels link to for their mini-forms etc. It's usually all achieved by a combination of the kind of logic that's mentioned above, and when needed changing form tags to post to a specific domain.

see also:

Domain Tools:
http://www.bigyellowzone.com/shopexd.asp?id=64

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons

Edited by - devshb on August 29 2007 17:37:07
Go to Top of Page

extremeskillz
VP-ASP New User

USA
94 Posts

Posted - August 30 2007 :  07:32:55  Show Profile  Reply with Quote
If you own the server, you can go under the server properties that is hosting your pages and turn on ssl directly on those customer pages. JUst go under IIS manager and click your site and you will see all the pages in the directory in the right window. Find all the customer pages you want secured and enable ssl with 128bit encryption right on the pages.

Also what i did under the shop$config file was that the shop files to https://www.mydomain.com/ and ssl for checkout is https://www.mydomain.com/ so when the customer clicks the order button they will be ssl for the rest of the time they shop on the site.

Oh i forgot to mention my above method was done in v6.50. In 6.09 same thing just the xssl is configured in the admin pages under shop config.

Edited by - extremeskillz on August 30 2007 07:46:11
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000