Jump to content

Forcing HTTPS on the domain disables website functions


zaaba

Recommended Posts

Hello, recently I forced HTTPS on my domain and it disabled the menu buttons on my homepage. (Page not Found Error) As I understand that PHP/Javascript are dynamically creating the pages, I have been trying to find which files to edit to change the URL to HTTPS.  I found a file that looks like a config file, and wondered if this is it. Can anyone advise?

 

<?php
function __getConfig() {
    if ($_SERVER['HTTPS'] == on)
        $protocol	= "https://";
    else
	$protocol	= "http://";

    if (substr($_SERVER["HTTP_HOST"], 0, 4) != "www.") {
	header("Location: ".$protocol."www.".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]);
        exit();
    }

    return array(
        'base_url'          => $protocol . "www.luxurybeach.com/admin/",
        'base_href'         => $protocol . "www.luxurybeach.com/",
        'appname'           => "Luxury",
        'GD'                => extension_loaded('gd') || function_exists('gd_info'),
        'manifestRealName'  => "js/FAQ-file-manifest.json",
        'manifestName'      => "front/JSONmanifest",
        'storageName'       => "LuxuryBeach_ManagedStore",
        'update_center_url' => 'http://dev/sergey.ostapenko/updatecenter/checker/index.php',
        'tablePrefix' => ''
    );
}

function __getDBConfig() {
    return  array(
        'hostname' => "localhost",
        'username' => "",
        'password' => "",
        'database' => "",
        //'database' => "faq",
        'dbdriver' => "mysql",
        'dbprefix' => "",
        'active_r' => TRUE,
        'pconnect' => FALSE,
        'db_debug' => TRUE,
        'cache_on' => FALSE,
        'cachedir' => ""
    );
}
?>

 

Link to comment
Share on other sites

Hi

No, I had to get SSL certificates then add the required Rewrite code to .htaccess file. The homepage was rendering really badly, and then I found the URL of the .js file that was causing the problem. Now I need to find where the code for the menu and/or the pages themselves and do the same.

Is the code I sent relevant?

 

 

Link to comment
Share on other sites

It's hard to tell from just that... It seems, at first glance, that the changes are correct: you have something that will force a www redirect but not an HTTPS redirect, but that isn't necessarily wrong.

Let's pretend your site is example.com. There are four combinations of names that could work:
* http://example.com - should redirect with HTTPS+www
* http://www.example.com - should redirect with HTTPS
* https://example.com - should redirect with www
* https://www.example.com - working site

Besides the menu buttons and whatever not working, when you try those four examples, do they work as stated? Does your browser always get redirected to the HTTPS+www site?

Link to comment
Share on other sites

5 hours ago, zaaba said:

My URL luxurybeach.com now redirects to https://www.luxurybeach.com/ . I don't know how to test any other combination.

You test it by entering "http://luxurybeach.com" in your browser and seeing what happens. But I'll do it...

The redirects look fine. You're using Apache and really ought to be doing the redirects with that instead of PHP.

I saw a 404 on the homepage once but couldn't see what it was for, and I'm not seeing it again, so I don't know.

I do see that a lot of images are being loaded over HTTP, but the browser is being smart and knowing it should go over HTTPS instead. You still ought to fix that. The images are /admin/propertyImages/stuff.jpg and I don't know for sure where those particular URLs are coming from.

Now,

10 hours ago, zaaba said:

recently I forced HTTPS on my domain and it disabled the menu buttons on my homepage. (Page not Found Error)

Correct. But this isn't a PHP problem. This is a server configuration problem. It doesn't know how to handle a URL like /real-estate-sales/1/2. My guess is that you have a HTTP server configuration and a second HTTPS server configuration, and the latter isn't set up the same way as the former.

Link to comment
Share on other sites

Thanks so I should not be looking at PHP code like this?

$prphost  = "http://".$_SERVER["HTTP_HOST"]."/";
    $host     = "http://".$_SERVER["HTTP_HOST"]."/admin/";
    $printTXT = "";
    while ($line = mysql_fetch_row($resuls)) {
      $ImageUrl = $host . $line[2];
      $pname    = $this->wordcount(trim(str_replace("Puerto Vallarta Rental", "", str_replace("-","", $line[1]))), 25);
      $printTXT .=  "<div class=\"sldie\">\n";
      $printTXT .=  "  <a href=\"". $prphost . $line[0] . "/" . $line[1] ."\"><img alt=\"$pname\" border=\"0\" height=\"390\" src=\"$ImageUrl\" width=\"625\" /></a>\n";
      $printTXT .=  "  <div class=\"caption\"><h2><a href=\"". $prphost . $line[0] . "/" . $line[1] ."\">" . $pname . " <span>" . $line[4] .   "</span></a></h2></div>\n";
      $printTXT .=  "</div>\n";
    }
    $printTXT .= "\n";
    
    return $printTXT;
  }

 

Link to comment
Share on other sites

That there is especially important code you have to look at - it does say "http://" after all.

But you should fix this by not doing any https:// or HTTP_HOST stuff. You should use simple URLs that are just paths on your site. As in "/admin/propertyImages/stuff.jpg" and not "https://www.luxurybeach.com/admin/propertyImages/stuff.jpg". The browser can take the path and figure out the rest perfectly well.
So with that $ImageUrl variable, keep the /admin/ because your URLs in the database don't have that, but get rid of the rest. I would do it like:

$printTXT = "";
while ($line = mysql_fetch_row($resuls)) {
  $ImagePath = "/admin/" . $line[2];
  $pname    = $this->wordcount(trim(str_replace("Puerto Vallarta Rental", "", str_replace("-","", $line[1]))), 25);
  $printTXT .=  "<div class=\"sldie\">\n";
  $printTXT .=  "  <a href=\"/". $line[0] . "/" . $line[1] ."\"><img alt=\"$pname\" border=\"0\" height=\"390\" src=\"$ImagePath\" width=\"625\" /></a>\n";
  $printTXT .=  "  <div class=\"caption\"><h2><a href=\"/". $line[0] . "/" . $line[1] ."\">" . $pname . " <span>" . $line[4] .   "</span></a></h2></div>\n";
  $printTXT .=  "</div>\n";
}
$printTXT .= "\n";

return $printTXT;

where I get rid of $prphost and $host, rename $ImageUrl to $ImagePath (it's more accurate of a name that way), and write the "/" and "/admin/" prefixes right there on the lines (since it's just a slash now and not the more complicated stuff).

Link to comment
Share on other sites

Thanks. 

  • The complete file where this code is located, is inserted below, and appears 12 times on my server. I should change one and copy and replace the others correct?

Grateful for your advice as always.

<?php
  // Mijo! Brands, Development Department
  // Slideshow Flash + SEO Home Page
  // Luxurybeach.com
  // 2010-07-28
  
  class xmlOutput {
    var $PropertiesPool = Array(
      1  =>  "5",   2  =>  "3" ,   3  =>  "17",  4  =>  "28",  5  =>  "29",
      6  =>  "35",  7  =>  "37" ,  8  =>  "41",  9  =>  "43",  10 =>  "44", 
      11 =>  "56",  12 =>  "57" ,  13 =>  "57",  14 =>  "82",  15 =>  "108", 
      16 =>  "109", 17 =>  "101" , 18 =>  "112", 19 =>  "117", 20 =>  "128", 
      21 =>  "133", 22 =>  "138" , 23 =>  "151", 24 =>  "152", 25 =>  "154", 
      26 =>  "157", 27 =>  "175" , 28 =>  "202", 29 =>  "203", 30 =>  "205", 
      31 =>  "213", 32 =>  "220" , 33 =>  "222", 34 =>  "223", 35 =>  "226", 
      36 =>  "235", 37 =>  "240" , 38 =>  "243", 39 =>  "246", 40 =>  "248", 
      41 =>  "251", 42 =>  "255" , 43 =>  "260", 44 =>  "270", 45 =>  "281", 
      46 =>  "295", 47 =>  "296" , 48 =>  "304", 49 =>  "306", 50 =>  "316"
    );
    
    /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Open Contection ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
    function openCon() {
      $link = mysql_connect();
      mysql_select_db("luxury", $link);
      
      return $link;
    }
    
    /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Close Contection ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
    function closeCon($link) {
      mysql_close($link);
    }
    
    /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Create XML ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
    function creatXML() {
      /* -- Create random*/
      $numbers   = range(1, 50);
      $Condition = "WHERE LBPI.front_img = 'Y' AND (";
      $i         = 0;
      shuffle($numbers);
      foreach ($numbers as $number) {
        $Condition .= "LBP.id = '" . $this->PropertiesPool[$number] . "' OR ";
        $i++;
        if ($i > 4) { break; }
      }
      $Condition = substr($Condition, 0, strlen($Condition)-4);
      $Condition .= ")";
      
      $sql = "SELECT 
        DISTINCT LBP.id, 
        LBP.name, 
        LBPI.filepath,
        LBP.descr_s,
        LBP.city, 
        LBPI.front_img
      FROM 
        lb_properties AS LBP 
        INNER JOIN lb_property_imgs LBPI 
          ON LBPI.property_id = LBP.id 
      $Condition 
        AND LBP.active = 'Y'
      LIMIT 0,6 
      ";
      
      $resuls = mysql_query($sql);
      
      $printXML  = "<?xml version=\"1.0\"?>\n";
      $printXML .= "  <LB_list>\n";
      
      $prphost = "http://".$_SERVER["HTTP_HOST"]."/";
      $host    = "http://".$_SERVER["HTTP_HOST"].":80/admin/";
      
      $ec   = 0;
      $temp = "";
      $last = "";
      
      while ($line = mysql_fetch_row($resuls)) {
        $ImageUrl = $host . $line[2];
        
        $printXML .= "    <LB>\n";
        $printXML .= "      <LB_plink>" . $prphost . $line[0] . "/" . $line[1] . "</LB_plink>\n";
        $printXML .= "      <LB_pname>" . trim(str_replace("Puerto Vallarta Rental", "", str_replace("-","", $line[1])))    .   "</LB_pname>\n";
        $printXML .= "      <LB_psub>"  . $line[4]    .   "</LB_psub>\n";
        $printXML .= "      <LB_pdesc>" . substr($line[3],0,150)    .   "...</LB_pdesc>\n";
        $printXML .= "      <LB_ppic>"  . $ImageUrl   .   "</LB_ppic>\n";
        // ~~~~~~~~~~~~~~~~~~
        // ~~~ Getting Thumbs
        $sql_imgs = "SELECT 
          filepath 
        FROM 
          lb_property_imgs 
        WHERE
          property_id = '".$line[0]."' 
          AND
          front_img = 'N'
        ORDER BY Rand()
        LIMIT 0,4 
        ";
        $resul_imgs = mysql_query($sql_imgs);
        while ($path = mysql_fetch_row($resul_imgs)) {
          //$host = "http://www.luxurybeach.com:80/admin/";
          $ThumbURL = $host . str_replace("propertyImages/","propertyImages/Thumbs/",$path[0]);
          if ($this->url_validate($ThumbURL) == true) {
            $ec++;
            $temp .= "      <LB_image$ec>" . $host . str_replace("propertyImages/","propertyImages/Thumbs/",$path[0])."</LB_image$ec>\n";
            $last = $path[0];
          }
        }
        
        while ($ec < 4) {
          $ec++;
          $temp .= "      <LB_image$ec>" . $host . str_replace("propertyImages/","propertyImages/Thumbs/",$last) . "</LB_image$ec>\n";
        }
        
        $printXML .= $temp;
        $printXML .= "    </LB>\n\n\n";
        
        $ec   = 0;
        $temp = "";
      }
      
      $printXML .= "  </LB_list>\n";
      
      return $printXML;
    }
    
    /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Create TXT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
    function creatTXT() {
      /* -- Create random*/
      $numbers   = range(1, 50);
      $Condition = "WHERE LBPI.front_img = 'Y' AND (";
      $i         = 0;
      shuffle($numbers);
      foreach ($numbers as $number) {
          $Condition .= "LBP.id = '" . $this->PropertiesPool[$number] . "' OR ";
          $i++;
          if ($i > 4) { break; }
      }
      $Condition = substr($Condition, 0, strlen($Condition)-4);
      $Condition .= ")";
      
      $sql = "SELECT 
        DISTINCT LBP.id, 
        LBP.name, 
        LBPI.filepath,
        LBP.descr_s,
        LBP.city
      FROM 
        lb_properties AS LBP 
        INNER JOIN lb_property_imgs LBPI 
          ON LBPI.property_id = LBP.id 
      $Condition 
      LIMIT 0,5 
      ";
      
      $resuls = mysql_query($sql);
      
      $prphost = "http://".$_SERVER["HTTP_HOST"]."/";
      
      $printTXT = "<div class=\"properties_home\">\n";
      
      while ($line = mysql_fetch_row($resuls)) {
        $printTXT .= "    <a href=\"" . $prphost . $line[0] . "/" . $line[1] . "\">ViewDetails</a>\n";
        $printTXT .= "    <h2>" . trim(str_replace("Puerto Vallarta Rental", "", str_replace("-","", $line[1]))) . " " . $line[4] .   "</h2>\n";
        $printTXT .= "    <p>" . substr($line[3],0,150)    .   "...</p>\n";
      }
      $printTXT .= "  </div>\n";
      
      return $printTXT;
    }
    
    /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Create Gallery ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
    function createGallery() {
      /* -- Create random*/
      $numbers   = range(1, 50);
      $Condition = "WHERE LBPI.front_img = 'Y' AND (";
      $i         = 0;
      shuffle($numbers);
      foreach ($numbers as $number) {
          $Condition .= "LBP.id = '" . $this->PropertiesPool[$number] . "' OR ";
          $i++;
          if ($i > 4) { break; }
      }
      $Condition = substr($Condition, 0, strlen($Condition)-4);
      $Condition .= ")";
      
      $sql = "SELECT 
        DISTINCT LBP.id, 
        LBP.name, 
        LBPI.filepath,
        LBP.descr_s,
        LBP.city
      FROM 
        lb_properties AS LBP 
        INNER JOIN lb_property_imgs LBPI 
          ON LBPI.property_id = LBP.id 
      $Condition 
      LIMIT 0,5 
      ";
      
      $resuls   = mysql_query($sql);
      $prphost  = "http://".$_SERVER["HTTP_HOST"]."/";
      $host     = "http://".$_SERVER["HTTP_HOST"].":80/admin/";
      $printTXT = "";
      
      while ($line = mysql_fetch_row($resuls)) {
        $ImageUrl = $host . $line[2];
        $printTXT .=  "<div class=\"sldie\">\n";
        $printTXT .=  "  <img alt=\"\" border=\"0\" height=\"390\" src=\"$ImageUrl\" width=\"625\" />\n";
        $printTXT .=  "  <div class=\"caption\">" . trim(str_replace("Puerto Vallarta Rental", "", str_replace("-","", $line[1]))) . " " . $line[4] .   "</div>\n";
        $printTXT .=  "</div>\n";
      }
      $printTXT .= "\n";
      
      return $printTXT;
    }
    
    /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      ValidateURL ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
    function url_validate($link) {
      $url_parts = @parse_url($link);
      
      if (empty($url_parts["host"])) return(false);
      
      if (!empty( $url_parts["path"])) {
        $documentpath = $url_parts["path"];
      } else {
        $documentpath = "/";
      }
      
      if (!empty($url_parts["query"])) {
        $documentpath .= "?" . $url_parts["query"];
      }
      
      $host = $url_parts["host"];
      $port = $url_parts["port"];
      // Now (HTTP-)GET $documentpath at $host";
      
      if (empty($port)) $port = "80";
      
      $socket = @fsockopen($host, $port, $errno, $errstr, 30);
      
      if (!$socket) {
        return(false);
      } else {
        fwrite ($socket, "HEAD ".$documentpath." HTTP/1.0\r\nHost: $host\r\n\r\n");
        $http_response = fgets($socket, 22);
        
        if (preg_match("/200 OK/i", $http_response)) {
          fclose($socket);
          return(true);
        } else {
          fclose($socket);
          return(false);
        }
      }
    }
  }
?>

 

Link to comment
Share on other sites

25 minutes ago, zaaba said:

Thanks. 

  • The complete file where this code is located, is inserted below, and appears 12 times on my server. I should change one and copy and replace the others correct?

 

 

That sounds really bad.  12 Copies of the same script with the same code?  

No, the way is not to replicate that insanity.  Have one copy and require_once() that file everywhere else it is needed.

Link to comment
Share on other sites

I don't mean to be rude, but that code shouldn't appear once on your server, let alone 12 times. Just to grab the most egregious issue, the myql_* functions were deprecated over a decade ago. Beyond that, this is rife with SQL injection concerns and PHP has a whole set of functions to build an XML document dynamically as opposed to concatenating strings.

The impression that I get is you're not a coder, which is absolutely fine and groovy. But given the state of the code you've posted, if there's any substantial financial concerns in it working, bite the bullet and hire someone to fix this right.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.