|
Setting up on a secure server
When using the Capture
Card method, authorize.net AIM Method or PayPal PayFlow Pro,
the checkout portion of the process take place on
a secure server. There are two methods of doing this. One is to
have a secure certificate installed on your web. (Your host can
tell you if this is possible with your hosting plan). This means
that you can access your web using both non secure (http) and secure
(https) methods. For instance both these URLs would be valid...
http://www.yourstoreurl.com/products.php
https://www.yourstoreurl.com/products.php
If you enable a payment method that does require
the checkout on a secure server, then the second stage of checkout
will automatically
switch to a secure server. As during testing you may not have a
secure certificate installed, we have provided a method for you
to override this. In your vsadmin/includes.php file set the following...
$pathtossl = "http://www.yourstoreurl.com";
By doing this you will force the second stage of checkout to remain
on a non secure (http) connection
One thing to note is that if you are
on an https connection and then click on say the link to the categories.asp
page, you will
remain on the https connection which is not really desirable. To
overcome this you can make all your links absolute. For instance,
don't link to categories.php but rather link to http://www.yourstoreurl.com/categories.php
Using a shared SSL certificate
Some hosting providers may provide shared space
on their secure server. Generally this is a cheaper option as you
don't have
to purchase your own secure certificate, but it is a bit more difficult
to set up.
The first thing you must make sure of is that you can access your
database from both the secure and the non-secure areas. Your host
can tell you if this is possible when you contract the secure space.
You will need to make a copy to your secure area
of the thanks.php and cart.php pages. Also, you will need any images
from your images
directory that are used by these pages, the .css file and the whole
vsadmin directory on the secure space. Make sure the database connection
is set correcly in db_conn_open.php If you are working with Frontpage
then you will need to also upload the
includes
folder
as this may well contain files that are required.
Now set the pathtossl in includes.php, for instance...
$pathtossl = "https://secure.yourhost.com/yourdir/";
$pathtossl = "https://yoursubdomain.yourhost.com/";
As above, remember to make links in your site absolute to make
sure that your customers do not get stuck on the secure portion
of your site.
Please do read our guide here on credit
card fraud.
|
