Putting your cubecart site on SSL

[Guest twisted]

This isn't a true "fix"...more of a work-a-round.

It works brilliantly for me on 2.0.7, and should [although I have not tried it] work just as well for v.3.

And its really simple to do.

First...BACK UP the files you are about to make changes to.

I accept no responsibility for broken carts.

Next, decide which pages should be on SSL.........obviously, it is not necessary to have ALL of them on SSL, as, we all know, having your entire site on SSL REALLY slows it down.

I figure the following are probably all you need on SSL:

account.php

control_panel.php

customer.php

login.php

order.php

register.php

secure.php

shopping_cart.php

view_order.php

your_orders.php

The last 2 probably not necessary...but you're putting the customer on ssl to login or view their control_panel, might as well put their pages within control_panel on SSl too...make 'em feel secure.

Now....what you want to do is go through all these files, and change all the relative urls, to absolute urls, WHERE THOSE URLS POINT TO THE ABOVE PAGES. If the url points to a page that is not in the above list...leave it alone.

Now, what I mean is, for example, a relative URL might be register.php. You want to change this to https://www.yourdomain.com/register.php [or just yourdomain.com if the www. is not included in the domain name on your SSL cert - if your ssl cert is configured for http://www.yourdomain.com, and you point your links to https://yourdomain.com, you are going to get security warning notices].

Also, [and don't forget this] any page NOT in the above list, THAT CONTAINS A LINK TO A PAGE IN THE ABOVE LIST, should have that links URL also changed to the https one.

Also...ALL image tags on those pages should point to the secure absolute url...i.e. <img src="images/imagename.jpg"> should be changed to <img src="https://www.yourdomain.com/images/imagename.jpg">

Now, this may sound like a daunting task, but I promise you, its not ... especially if you have an editor that has find & replace. All up, it took me about 20 mins. to change all that I have oultined above.

And its 100% foolproof. Works like a charm.

There is one other thing to be aware of.

header.inc.php and footer.inc.php are included on every page. If either of those 2 files include links, or <img src=...> tags that do NOT point to the ssl url, you will again get the security warning.

To avoid this, you should also change the links in header.inc.php, and any links in footer.inc.php, including the image links.

If you are on a non-ssl page, it is ok to call the images from an https location.

Of course....you have to have your SSL certificate installed first.

Oh..........and do NOT put your store "On SSL? - Yes." in admin. Leave it set to "No".

You can fill in the SSL url field if you wish, but its not necessary.

Hope somebody finds this useful.

[And, of course, the pages to change will be different under v.3, but I think you should probably get the gist of what to do from the above instructions enough that you can figure out which pages to change].