Author |
Topic |
|
Mark Priest
VP-CART Expert
United Kingdom
580 Posts |
Posted - April 22 2004 : 09:27:07
|
Hi Guys,
Customer requested that the pages that the user enters his personal details in are SSL protected, not just the credit card page.
Any ideas?
Regards,
Mark |
|
Jill
VP-CART Super User
USA
249 Posts |
Posted - April 22 2004 : 12:33:27
|
Hardcode your links to the Checkout?
Jill
|
|
|
GTM
VP-CART New User
USA
122 Posts |
Posted - April 23 2004 : 11:46:09
|
You can enter the ssl state when you start the checkout process by changing line 186 shopaddtocart.asp
Case "PROCE" responseredirect "shopcustomer.asp"
to
Case "PROCE" Response.Redirect "https://www.yoursite.com/" & "shopcustomer.asp"
Greg
|
|
|
greatphoto
VP-CART Super User
USA
304 Posts |
Posted - July 31 2004 : 21:56:02
|
Hi Greg-
Thanks for the very valuable info! You saved me a lot of time tracking this down. I noticed you gave the similar pointers in a past posting: http://www.vpasp.com/virtprog/vpaspforum/topic.asp?TOPIC_ID=2169
Of course, the default cart design should have already been for all the customer info to be secure as that is expected on modern ecommerce sites.
I made your suggested change today, but took it a small step further. I used the xssl configuration instead of hard-coding the https site URL. This was important to me since I do local testing of the site before uploading to the server. I can't test locally with the public URL redirect embedded in the code, and its much easier not to have two versions of the same file. By using xssl, the file is the same on both the local and public site and I just have two different xssl configs for the local and public copies.
So my code looks like this starting at line 186 of shopaddtocart.asp:
Case "PROCE" Dim ssl ssl=getconfig("xssl") if ssl<>"" then slash=right(ssl,1) if slash="/" or slash="\" then else ssl=ssl & "/" end if end if Response.Redirect ssl & "shopcustomer.asp"
(Well, mine does have spacing to delimit the code hierarchy, but this forum tool removes them.) ;-)
BTW, I borrowed this code from shopcreateorder.asp.
|
|
|
Rockdale
VP-CART New User
USA
76 Posts |
Posted - August 21 2004 : 06:49:32
|
Hi, I put in your suggested code for SSL, but I'm not getting HTTPS when I go into the add address area. Is there additional code to
>Case "PROCE" >Dim ssl >ssl=getconfig("xssl") >if ssl<>"" then >slash=right(ssl,1) >if slash="/" or slash="\" then >else >ssl=ssl & "/" >end if >end if >Response.Redirect ssl & "shopcustomer.asp"
Michael Kelley |
|
|
greatphoto
VP-CART Super User
USA
304 Posts |
Posted - August 21 2004 : 10:04:19
|
quote: I put in your suggested code for SSL, but I'm not getting HTTPS ...
Have you set the xssl configuration? The benefit of this code is that it leverages the configuration for ssl thats already built into the cart, so you can easily turn SSL on or off just by changing the config. However, it does mean that you have to take the extra step of setting the xssl config value under shop administration for it to work. I probably should have been more detailed about it in my previous post.
Setting xssl to enable ssl: 1) login to your shop administration pages 2) click "Configure Shopping Cart" 3) in the search prompt, type "xssl" and hit search 4) Fill in xssl to be "https://www.<yoursite>.com" (of course, substitute your domain name in place of <yoursite> 5) Click continue
If you want to disable ssl (as for your locally hosted test site), just follow the above directions, except delete the value in xssl.
The xssl config is covered in section 32.3 on page 102 of the Developer's Guide which is available at http://www.vpasp.com/virtprog/vpasp500developer.pdf
By the way, if you set xssl, but don't add the code to shopaddtocart.asp, then SSL will just turn on for the payment page.
|
|
|
Rockdale
VP-CART New User
USA
76 Posts |
Posted - August 21 2004 : 11:22:50
|
I tried adding the url to the xssl config and I tried true and false for the yes/no field.
any ideas.
also I added Dim slash to the code
Any ideas?
When I put "https://www.rockdalewreaths.com" in directly it still doesn't work
______________________
By the way - when I use the code
<% 'If (Request.ServerVariables("HTTPS") = "off") Then 'Dim strCurrentFile 'strCurrentFile = Request.ServerVariables("SCRIPT_NAME") 'Response.redirect "https://www.rockdalewreaths.com" & strCurrentFile 'End if '%> in the shoppageheader page it works.
I just can't seem to get the ssl to work in addtocart page.
Michael Kelley |
|
|
greatphoto
VP-CART Super User
USA
304 Posts |
Posted - August 21 2004 : 12:15:00
|
Michael-
The location that I suggested for placement of the code (at line 186 of shopaddtocart.asp) will not cause ssl to be enabled for the addtocart page. It will only affect the shopcustomer.asp (where the customer normally enters all their info) and the pages that follow it during the checkout process (shopcreateorder.asp, shopcheckout.asp).
If you want other pages to be affected, then you'll need to modify other pages.
I'm writing you an email directly with specific information for your site.
Nathan
Edited by - greatphoto on August 21 2004 12:25:39 |
|
|
Rockdale
VP-CART New User
USA
76 Posts |
Posted - August 22 2004 : 13:31:36
|
The issue is with the shopdeliveryedit.asp page. The shopaddtocart.asp doesn't seem to have a direct call for the shopdeliveryedit.asp page. Does anyone know where vp-asp keeps this reference?
I can add the https:// and initiate the Security, starting with the shopdeliveryedit.asp page.
Any other ideas are welcome.
Michael Kelley |
|
|
dwight
VP-CART New User
USA
143 Posts |
Posted - August 29 2007 : 16:29:17
|
quote: Originally posted by greatphoto
Michael-
The location that I suggested for placement of the code (at line 186 of shopaddtocart.asp) will not cause ssl to be enabled for the addtocart page. It will only affect the shopcustomer.asp (where the customer normally enters all their info) and the pages that follow it during the checkout process (shopcreateorder.asp, shopcheckout.asp).
If you want other pages to be affected, then you'll need to modify other pages.
I'm writing you an email directly with specific information for your site.
Nathan
Edited by - greatphoto on August 21 2004 12:25:39
was wondering if you would shed some light on how to do this to other pages such as the login page. |
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - August 29 2007 : 17:34:15
|
if you use the deliveryedit page and you want that on ssl, then shopaddtocart will also need to be on ssl, because they post back+forward to each other. either that, or delve into the nitty-gritty code that creates the form tag and manually change it to post on/off ssl between shopaddtocart and the deliveryedit pages; if you change it to redirect instead of posting then you'd lose the posted info, so shopaddtocart and deliveryedit need to be: 1) both on ssl, or neither on ssl via redirection and link changes. or: 2) form tags changed to post to a specific domain (or a combination of 1+2)
There are some tweaks that would need to be done manually depending on which pages you'd want on/off ssl, and what your side-panels link to for their mini-forms etc. It's usually all achieved by a combination of the kind of logic that's mentioned above, and when needed changing form tags to post to a specific domain.
see also:
Domain Tools: http://www.bigyellowzone.com/shopexd.asp?id=64
Simon Barnaby Developer [email protected] www.BigYellowZone.com Web Design, Online Marketing and VPASP addons |
Edited by - devshb on August 29 2007 17:37:07 |
|
|
extremeskillz
VP-CART New User
USA
94 Posts |
Posted - August 30 2007 : 07:32:55
|
If you own the server, you can go under the server properties that is hosting your pages and turn on ssl directly on those customer pages. JUst go under IIS manager and click your site and you will see all the pages in the directory in the right window. Find all the customer pages you want secured and enable ssl with 128bit encryption right on the pages.
Also what i did under the shop$config file was that the shop files to https://www.mydomain.com/ and ssl for checkout is https://www.mydomain.com/ so when the customer clicks the order button they will be ssl for the rest of the time they shop on the site.
Oh i forgot to mention my above method was done in v6.50. In 6.09 same thing just the xssl is configured in the admin pages under shop config. |
Edited by - extremeskillz on August 30 2007 07:46:11 |
|
|
|
Topic |
|