Jump to content

Need some advice...

vozzek

By vozzek
in PHP Coding Help

 Share

Recommended Posts

vozzek Regular Member

vozzek

Posted
Posted

Hi everyone,

 

This may be more of an html question, but my site is 90% php and I wasn't sure.  If it's in the wrong area I apologize.

 

For the past four months I've been working on a retail website.  Built it from scratch, including the shopping cart, which uses a mySQL database indexed by session id.  All the pages in the site are php.  Everything was running smoothly, until I installed the credit card payment code.

 

I opened a merchant account with Linkpoint and they supplied the gateway.  I didn't like the Firefox "your data is unencrypted" warning messages the user got when clicking the 'submit payment' button (didn't get the message on I.E. for some reason), so I bought and installed an SSL certificate from Verisign.  Here's where the problems began...

 

I had to make the payment page secure, so all links pointing to it were changed from http: to https:  (I just assumed this is how to make the site secure?)  This wreaked havoc with the shopping cart, because I soon learned, much to my dismay, that switching from an unsecured to a secured page starts a whole new session... thereby generating a whole new session id.  So I then made the entire shopping cart secure, along with all the php pages relevant to it.  Half the site is now http, half is https.

 

But because almost all the pages in my site are based upon a template, there are certain link references in the template (to the background image, for example) that are not secure.  This triggers a beautiful new I.E. warning message:  "This page contains both secure and non-secure items.  Do you want to display the non-secure items?" whenever the user goes from the non-secure to the secure part of the site.  (Ironically, this message doesn't happen in Firefox).

 

Obviously these warnings can be turned off in the browser settings, but I don't want potential buyers coming to my site to get spooked.  I need the warnings not to show up at all.

 

At this point I am considering making the entire site secure.  A few questions:

 

1)  Is this a good idea?  Are there any other options?

 

2)  Is this as easy as just changing all links/references to the site from http: to https: or is there more to it than that? 

 

2)  If the user googles my website and arrives at the index page, they're getting to an http: url instead of an https: one.  Does the www.mywebsite.com/index.php page exist in both the http: and https: world? (I know that question sounds stupid...) and how do I direct them to the https: page to start off?

 

3)  The template code relating to the background image for example:

body {
background-image: url(Images/background7.jpg);
}

 

If I hardcode the background-image to an absolute link, would I use the https: extension?  I'm kinda confused, as this is the first time I'm dealing with secure sites.

 

Any advice would be appreciated, and again, sorry if this is in the wrong area.

Thanks!

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.