PDA

View Full Version : How does one set up SSL certification on parts of a site?



achaye
02-27-2009, 01:16 AM
Hi everyone,

I'm wondering, how do you set up SSL certification for part of a site? Currently I am building a website, and have a shopping cart script that I've written that I plan to implement (but whilst perusing through these forums as a lurker for quite some time, I'm thinking about using Zen Cart instead of my own code, as my code is undoubtedly far inferior to what Zen Cart could do).

Say I have a site, (http)domainname.com, and users can purchase items from it, and eventually takes them to (https)domainname.com/checkout.php. How does that transfer work, from http to https? I figure it must come from the host server (Bluehost, GoDaddy, etc). Or is there a function that you must also call in PHP to change from non-secure to secure browsing? Any advice on this matter would be much appreciated, and please don't hold back on technical terms/explanations, as I'm a fairly avid coder and computer user, thanks!

-achaye

vangogh
02-27-2009, 01:25 AM
As long as you've set up the SSL certificate correctly through your hosting account all you need to do is make sure to link to the pages you want to be secure with https instead of http. Adding the 's' changes the protocol to use encryption when transferring data to and from server and browser.

I think Zen Cart will do this automatically (maybe you have to tell it to in the settings).

When you purchase the SSL you should get instructions for setting it up. If you haven't done it before it will look confusing, but it really isn't. It's copying and pasting some info in the right places.

You don't need to use any php. The protocol itself tells the server to encrypt things. Your SSL certificate is mostly just making sure you are who you say you are so the rest of us can trust that the encryption is working.

rezzy
02-27-2009, 09:53 AM
I was actually wondering the same thing myself, but figured it was something like that. I have never had to make a cart, but have seen ssl offered on my host.

billbenson
02-27-2009, 11:18 AM
Pretty sure Zen Cart is identical to oscommerce which I am more familiar with. In your includes directory there is is a configure.php file. When you look in that file look for a line that says something similar to:

define('ENABLE_SSL', true);

Yours will probably say false, not true. Change it to true and it will change your checkout section to SSL. Notepad is fine for editing this file. There is probably a configure file for the admin section as well that you can change if you like.

You can buy the certificate from Godaddy our probably your host. Easier through your host. You will get some long keys from them which you will need to have your host install on your site. They should take care of that part for you.

vangogh
02-27-2009, 11:24 AM
Bill I think there's something on the admin side that you can set without having to edit the file directly, though you can certainly edit the file. That might be easier for you, but I'm guessing most people would find it easier to set the option through the admin menu.

One thing with SSL certificates is that all aren't equal. Web hosts are offering some inexpensive ones, but they aren't really offering the same level of trust you get with the full SSL. Here's an article I found when I was first looking at purchasing an SSL certificate. It's called How does SSL work? (http://www.ourshop.org/resources/ssl.html)

The article is a few years old by now, but it made it easy to understand what SSL was all about.

billbenson
02-27-2009, 01:06 PM
I doesn't look like it VG. I did a search and all the procedures in the search used a text editor to modify the file catalog/includes/configuration.php and catalog/admin/includes/configuration.php You can certainly select the option to enable it during the installation of the program. I also have zen installed on a site. I went hunting in admin and couldn't find it.

I think you need to go into the config files with zen.

vangogh
02-27-2009, 03:58 PM
Interesting since you'd think the average website owner wouldn't want to change a file let alone a php config file. Good to know. Thanks.

billbenson
02-27-2009, 05:03 PM
When you recommend e commerce solutions, frequently ease of use / setup is a defining criteria. Perhaps if you looked at it from an easiest to hack / modify you would come up with a whole different set of recommendations for e commerce solutions?

Here's one of the things I did a number of years ago in oscommerce. In the database, I wrote the short descriptions in the form: several word description(three spaces)the rest of the short description.

Then I modified the products page, search page, and some other template sort of pages to look for the text before the three pages and use that text for the title and h1. Had to put an h1 in there because oscommerce didn't have any. The short description was displayed with only one space because that's the way html works. The search page is an obvious one. Rather than have the word search in big letters or an h1 at the top. The h1 and title contain a relevant key phrase.

I wonder if little things like that aren't easier to do in the programs that are less "canned"?

achaye
02-27-2009, 06:13 PM
Thank you so much everyone, I think I understand what I need to do to set up SSL on the checkout parts now. billbenson, I haven't played around with ZenCart fully yet, but when you're setting it up for the first time, there are a few checkboxes you can tick off for SSL; that probably sets the define('ENABLE_SSL', true); part of the code that you are talking about. I'm thinking if you did not tick the boxes at installation, you might have to go into the .ini to manually change that line.

billbenson
02-27-2009, 06:37 PM
billbenson, I haven't played around with ZenCart fully yet, but when you're setting it up for the first time, there are a few checkboxes you can tick off for SSL; that probably sets the define('ENABLE_SSL', true); part of the code that you are talking about.

There is definitely a checkbox at the initial installation which sets the DEFINE statement to true in your configuration files so I believe your statement above is accurate.

vangogh
02-27-2009, 07:38 PM
Glad to help achaye. That makes sense that you can set the SSL on install. I would think you'd be able to set it after too. I'm working on a Zen Cart site for a client now so next time I'm in I'll poke around and see if I notice anything.

Bill I would think the best CMS solutions are those that require no modification of files for site owners to get it to work, but allow easy customization for developers without having to hack the core files. One if the reasons I like WordPress is because it does all three.

billbenson
02-27-2009, 09:42 PM
The only thing on that is that some of them get so bloated trying to be everything to everybody. Joomla comes to mind on that. I haven't had time to play with wp much yet but it's installed on a site. Only has a handful of tables which is nice and clean. I assume that most plug ins add tables.

Do you find that plugins you use alter tables (add columns etc) and if so, does that affect updates?

vangogh
02-27-2009, 10:39 PM
Most plugins never touch tables. In fact I haven't seen any that do. I could imagine shopping cart plugins might, but I haven't installed any yet. Plugins are usually a mix of php, jasvascript, css, html. They generally don't interact directly with the database.

billbenson
02-28-2009, 12:02 AM
one oscommerce plugin added a column to a table. When I tried to move the tables to zen it it failed. I deleted that column in the oscommerce install and the tables loaded cleanly into zen via phpmyadmin.

In the end in oscommerce the only plugin I used was was ezpopulate (may have that spelled wrong). It's worth installing in zen as it allows you to add / update the database from excel. Makes adding data to the database easy. If you use it, be careful with comas, single and double quotes in the descriptions. Excel does funny things with them at times or ads them in when you don't want them and the php insert fails.

vangogh
02-28-2009, 12:29 AM
WordPress is different than osCommerce. OsCommerce is an old system and not really built to easily customize. WordPress is. I can't tell you that no WP plugin updates the database, but none that I've installed ever has. Your generally better not changing the db around unless you really have to.

billbenson
02-28-2009, 01:05 AM
WordPress is different than osCommerce. OsCommerce is an old system and not really built to easily customize. WordPress is. I can't tell you that no WP plugin updates the database, but none that I've installed ever has. Your generally better not changing the db around unless you really have to.

I hate oscommerce. It was about the only game in town when I started the site in 2003 though. I'm converting to zen cart because the table structure is the same. I have seen some good webmasters that really like Zen though. I'm not that far along, but compared to oscommerce, anything is good - mmmm well almost anything; wouldn't use yahoo :)

vangogh
02-28-2009, 11:31 AM
Compared to osCommerce, Zen Cart is definitely great. It's till not my favorite app to work on though. You know I like WordPress by now and I'm beginning to learn Drupal, which I think is nice so far.

billbenson
02-28-2009, 12:13 PM
What free shopping cart is your preference. If I recall, there wasn't a shopping cart plug in for WP.

vangogh
02-28-2009, 12:29 PM
I generally don't need shopping carts so I can't tell you I've used one for WordPress. The one I generally see recommended is WP e-Comerce (http://www.instinct.co.nz/e-commerce/). The basic plugin is free, though there are a variety of extras you pay for.

It will alter the database, which is really necessary for a shopping cart. You can see the schema here (http://www.instinct.co.nz/e-commerce/database-schema/).

My own lack of use for it is really a lack of need for a shopping cart. Most of the sites I work on with carts already had a system in place before I began working on the site and at the moment I don't need a shopping cart for myself. I do plan on using wp ecommerce at my first opportunity though and it does come recommended.

billbenson
03-01-2009, 01:51 AM
If you do play with it, please post. I'd be interested in what you think and the application.

lav
07-24-2009, 03:31 AM
Ive just put my new site together www.xlgrafix.com (http://www.xlgrafix.com) using joomla and virtuemart. Well Im still learning joomla let alone virtuemart as far as a cart goes its great if your products are simple but i wouldnt recommend it if you have products with options or if you require categories within categories. I also had problems with setting up the ssl and had to manually edit the configure.php and htacces to get it to work properly with virtuemart. Not something I was expecting to have to do.

One problem Im having is once a user enters https area they stay in https even when returning to the home page. I dont think it causes too much hassle but some users may have the "this site contains both secure and non secure items" popup with every page they visit on my site from then on.......mmmmm.... maybe ???: I'll sort it out LOL

After using joomla for a couple of weeks now Im slowly getting the hang of it but I totally understand why your a big fan of wordpress vangogh. Its a breeze compared to joomla but then again I havent tried anything challenging with wordpress yet.

Why in the world anyone would want to build websites for a living is beyond me LOL.

vangogh
07-24-2009, 11:19 AM
Why in the world anyone would want to build websites for a living is beyond me LOL.

Funny.

I haven't really spent time with Joomla, but I've heard it's harder to use than WordPress. Working with WordPress it's hard to think that something else could be easier, though I'm sure something could be.

I looked into Joomla for a client and one thing I noticed was every extension/plugin was pay only. I don't mind paying for extra functionality, but some of it should have been free. Another thing I had read about Joomla was the way it was structured wasn't the best. It was more feature rich out of the box than Drupal which I was comparing it to, but it seemed to be held together with duct tape and chewing gum. I have no idea if that's really true, but it was the impression I got from what I read.

The more I work with WordPress the more I like working with WordPress. Some things will be more difficult with it, but as long as you're willing to read the documentation and learn a few things and if you have some basic php knowledge along with the usual html/css, it's not too hard to get it to do what you want.

And the community around WP is quite good and helpful when you have a question.

billbenson
07-24-2009, 08:19 PM
You might want to fix that https issue for pages that don't need to be secure. It could create problems down the road for incoming links - adwords or whatever. Should be able to redirect it in htaccess if nothing else.

lav
07-24-2009, 08:44 PM
Most of the extensions i started using were free but after using some of them i realised that i needed more from the extension. The people who build these extensions are clever for example the upload extension i used (which is fantastic by the way) advertises as free so i install it on my local server and test it and get it working just great. once i installed it on my remote server it wouldnt let me upload files bigger than 3mb. To get it to upload larger files i had to buy the license. Clever arent they!! oh well $30 for the licence but it was worth every cent so Im happy to pay for it just would have been nice to know beforehand.

vangogh
07-24-2009, 09:48 PM
That is clever, though a little deceptive. $30 isn't a lot to pay for someone else's programming, but it is nice to be able to get those extensions free at times. At least until you know you really want it.