vozzek Posted January 5, 2008 Share Posted January 5, 2008 Hi everyone, This may be more of an html question, but my site is 90% php and I wasn't sure. If it's in the wrong area I apologize. For the past four months I've been working on a retail website. Built it from scratch, including the shopping cart, which uses a mySQL database indexed by session id. All the pages in the site are php. Everything was running smoothly, until I installed the credit card payment code. I opened a merchant account with Linkpoint and they supplied the gateway. I didn't like the Firefox "your data is unencrypted" warning messages the user got when clicking the 'submit payment' button (didn't get the message on I.E. for some reason), so I bought and installed an SSL certificate from Verisign. Here's where the problems began... I had to make the payment page secure, so all links pointing to it were changed from http: to https: (I just assumed this is how to make the site secure?) This wreaked havoc with the shopping cart, because I soon learned, much to my dismay, that switching from an unsecured to a secured page starts a whole new session... thereby generating a whole new session id. So I then made the entire shopping cart secure, along with all the php pages relevant to it. Half the site is now http, half is https. But because almost all the pages in my site are based upon a template, there are certain link references in the template (to the background image, for example) that are not secure. This triggers a beautiful new I.E. warning message: "This page contains both secure and non-secure items. Do you want to display the non-secure items?" whenever the user goes from the non-secure to the secure part of the site. (Ironically, this message doesn't happen in Firefox). Obviously these warnings can be turned off in the browser settings, but I don't want potential buyers coming to my site to get spooked. I need the warnings not to show up at all. At this point I am considering making the entire site secure. A few questions: 1) Is this a good idea? Are there any other options? 2) Is this as easy as just changing all links/references to the site from http: to https: or is there more to it than that? 2) If the user googles my website and arrives at the index page, they're getting to an http: url instead of an https: one. Does the www.mywebsite.com/index.php page exist in both the http: and https: world? (I know that question sounds stupid...) and how do I direct them to the https: page to start off? 3) The template code relating to the background image for example: body { background-image: url(Images/background7.jpg); } If I hardcode the background-image to an absolute link, would I use the https: extension? I'm kinda confused, as this is the first time I'm dealing with secure sites. Any advice would be appreciated, and again, sorry if this is in the wrong area. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/84625-need-some-advice/ Share on other sites More sharing options...
gerkintrigg Posted January 5, 2008 Share Posted January 5, 2008 use css? Quote Link to comment https://forums.phpfreaks.com/topic/84625-need-some-advice/#findComment-431180 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.