Differences

This shows you the differences between two versions of the page.

--- admin_menu:site_setup:general_settings:start [2009/03/25 03:05]
jonyo
+++ admin_menu:site_setup:general_settings:start [2014/09/25 16:55] (current)
@@ Line 6: / Line 6: @@
 This menu controls the various general "site-wide" switches, and settings.
-===== URL Settings =====
+====== URL Settings ======
 These settings are used by the software when generating links, so it is important that they are set correctly.  Most of these will be auto-set during the installation process, but you may need to make adjustments to them if you change where the software is installed.
@@ Line 12: / Line 12: @@
 <tip c w>Be sure that these settings are set correctly, as many internal links within the software and links that appear in any generated emails are built off of these URL settings.</tip>
-==== Site URL ====
+===== Site URL =====
 You must set the complete URL for the top file of your listing site here. In other words, what is the URL to your listings site?  This includes the complete URL including the software's "index.php" file.  If your site was installed on the domain name "example.com" and you installed it to the main directory of the site, the URL you would enter would be:  **http://www.example.com/index.php**
@@ Line 18: / Line 18: @@
 This URL should also the **directory** you have installed the software into, if applicable. For example, if you installed the software into a directory named "listings", the **Site URL** field should look similar to this: **http://www.example.com/listings/index.php**
-==== Base File Name ====
+===== Base File Name =====
 The "top" file name within this Geo Software can be changed to any name you prefer. This gives you the flexibility to leave the file as **index.php** or change it to another file name. Depending on your server's configuration, the index.php will be opened automatically when no specific filename is entered in the address.  For instance, if someone visits www.example.com without specifying the file name, it will automatically load index.php to display.  For this reason, we recommend leaving the file name as index.php, but you can still re-name it and change this setting to match in your admin.
 Whatever the filename may be it must always end in an extension that will cause the server to parse the file as PHP code.  Note that //.php// will always work unless you wish to configure your server otherwise.
+If you change this file name, you must re-name the index.php file to match in the software.  After every software update, manually replace the contents of the re-named file with the new index.php file's contents from the new version you are updating to.  When changing the filename, you will also need to update all the links in your templates, by default they will all link to index.php.  Search through all of the templates for the old filename, usually //index.php//, and replace with the new file name.
 <tip c h>**Notes:** The end of the [[admin_menu:site_setup:start#Site URL]] setting should match this setting.  For example, if you re-named the index.php included with the Geo software to **alternate_index.php**, then your [[admin_menu:site_setup:start#Site URL]] and [[admin_menu:site_setup:start#Base File Name]] settings might look like this:
@@ Line 30: / Line 32: @@
 </tip>
-==== Secure SSL Site URL ====
+===== Secure SSL Site URL =====
+This setting is the complete SSL link to access your site for secure connections.  This will be the complete **https://www.example.com/index.php**.  We recommend that you have your own ssl server certificate attached to your own domain (attached to your domain name...not any other domain)  if you are going to have an ssl connection to list items.
-This setting is the complete SSL link to access your site for secure connections.  This will be the complete **https://www.example.com/index.php**.  We recommend that you have your own ssl server certificate attached to your own domain (attached to your domain name...not any other domain)  if you are going to have an ssl connection to list items.
+Note that the ssl certificate you get will only contain the domain within it so that it can cover all of your site.  Using the above example you would purchase your ssl certificate for **www.example.com** and not **www.example.com/index.php**.  You are also only able to purchase an ssl certificate for a domain name and not a specific file on that domain.  Another thing to mention when you get your ssl certificate is to be consistent with the use of domains between your **https** and **http** states of your site.  In other words if you use "example.com" or "www.example.com" on the **http side** on your site you use the same domain name on your **https side** of your site.  When you purchase the ssl certificate you will be asked the specific domain name to attach it to and should be the one you already use.
 This setting is similar to [[admin_menu:site_setup:start#Site URL]], in most cases it will be the same, except with http**s** instead of http at the beginning.
-=== Server-Wide SSL Certificate ===
+==== Server-Wide SSL Certificate ====
 A lot of hosting companies offer the use of a //server// wide SSL certificate((As opposed to a //domain// specific SSL certificate)), sometimes known as a shared SSL certificate.  They do this because it only requires one SSL certificate that is shared between many different domain names, so they are able to offer a SSL solution included with inexpensive shared hosting accounts.  In other words, if the "domain name" is different on your SSL URL than it is on your normal URL, most likely use a server wide SSL certificate.
@@ Line 42: / Line 46: @@
 In most cases, a //server//-wide SSL certificate((As opposed to a //domain// specific SSL certificate)) will not work with the Geo installation.  We recommend obtaining a SSL certificate that is specific to your domain name if you wish to use SSL on your Geo installation.
-== To tell if you have a domain specific SSL certificate: ==
+=== To tell if you have a domain specific SSL certificate: ===
   - Visit your website in a browser. <
   - In the URL address bar, change the **http://** to **https://** and hit the enter key or click Go. <
-  - Does the page display?  If it does, you have a domain specific SSL certificate, which will work fine for using SSL with your Geo installation.  If it gives you an error like "Failed to Connect" (Firefox) or "Internet Explorer cannot display the webpage" (Internet Explorer), then a domain specific SSL certificate has not been installed for your site. <
+  - Does the page display without any security errors?  If it does, you have a domain specific SSL certificate, which will work fine for using SSL with your Geo installation.  If it gives you an error like "Failed to Connect" (Firefox) or "Internet Explorer cannot display the webpage" (Internet Explorer), then a domain specific SSL certificate has not been installed for your site. <
-==== Use SSL for 'Listing' Process ====
+===== Use SSL For =====
-See [[#Use SSL For]]
-==== Use SSL For ====
 {{ :admin_menu:site_setup:general_settings:use_ssl.png |Use SSL For}}
-**Note:** in 4.0 and before, the only setting available is for **'Listing' Process**.
 Checking or un-checking any of these settings turns on or off the use of SSL for the affected pages.
@@ Line 63: / Line 61: @@
 If you do, it can cause errors when someone attempts to visit part of the site that you have turned the setting on for.  For instance if you check the box for 'Listing' Process and SSL is not correctly configured, no one will be able to place any listings, when they try to it will display an error.</tip>
-=== Removing the unsecured objects browser warning ===
+<tip c n>**https for my whole site?**
+We only suggest that you use https on the sections of the site where a checkbox exists above unless you have very special circumstances.  The above "checkable" sections of the site are the only sites that contain possibly sensitive information to the client browsing your site.  The reason to only protect possibly sensitive information areas instead of your whole site is that the use of https pages creates a resource drain on your server and your clients browser.  The use of an ssl connection slows down the display of a page as a lot of extra things have to be done by the server and the client browser to start, ensure, maintain and close the ssl connection between the two.  This can drastically increase the time your clients see a page that may not have any sensitive information reducing the usability of your site.
+</tip>
-There may be other considerations on the pages where the "SSL" is used.  If you happen to be using the SEO addon you may have placed an HTML <base> tag within your page templates to facilitate the use of the rewritten URL's.  Or...you may have placed an HTML <base> tag in your templates for another reason.  In either instance if you do you may need to create a specific page template for use on the pages that are SSL when set to be.  Within your new page template make sure to access the HTTPS URL instead of the HTTP URL to your site.  If you don't create this "HTTPS" specific page template all of the elements and links within the page will reference the HTTP site when you want them to reference the HTTPS.  This will cause the browser to display the "unsecured objects" message if the URL in the browser address window is HTTPS yet all of the elements within the page are referenced using HTTP.
+==== 'Listing' Process ====
-=== 'Listing' Process ===
 This will make the entire listing process use SSL connection.  Any page that has //a=cart// in the URL is considered to be in the listing process, such as the link below:
@@ Line 76: / Line 75: @@
 If you are using the Authorize.net payment gateway, or any payment gateway that collects CC information directly from your site, we strongly recommend that you check the box as long as you have an SSL certificate.  If you do not collect CC information, using SSL is not as //important// so it is not as big a deal if you do not have a security certificate for your site, but it can still help your clients to feel more "secure" if they are placing a listing and it says that the site is "secure" while placing the listing.
-=== User Login ===
+==== User Login ====
-**Added in 4.1.0** - This feature is not available in 4.0 or before.
+This feature **Added in 4.1.0**
 Turning this setting on will make it use an SSL connection when the user logs in.  Any page that has //a=10// in the URL is considered to be in the login process, such as the link below:
@@ Line 88: / Line 87: @@
 As with any [[#Use SSL For]] setting, the [[#Secure SSL Site URL]] setting must be set correctly, and you must have an SSL certificate set up for your site, before turning this on.  Turning this on when either of those criteria are not met can cause errors.
-**Quick Login Box**:
+==== User Management Pages ====
-If you use the default quick login box on the front page of your site, you will need to change the Logged IN/OUT HTML module so that it uses the SSL URL to submit to.  To do so, follow these instructions:
+This feature **Added in 4.1.0**
-  - In your admin, go to **Page Modules > HTML**, click **edit** for **Display Logged In/Out HTML - 7** <
-  - If using the WYSIWYG editor, temporarily turn it off by clicking **(Add/Remove Editor)**. <
-  - In the **Logged Out HTML** (the first big text box), the first line should look something like:
-<code html><form action="index.php?a=10" method="post"></code>
-In that line, replace **index.php** with the [[#Secure SSL Site URL]].  Here is an example of what it might look like after:
-<code html><form action="https://www.example.com/index.php?a=10" method="post"></code>
-<
-  - Save the changes.  Now try it out, go to the front page of the site, and submit the quick login form, and see if it submits to the SSL URL (https) and not the normal url (http). <
-=== User Management Pages ===
-**Added in 4.1.0** - This feature is not available in 4.0 or before.
 Turning this setting on will make it use an SSL connection when the user visits any //User Management// page.  Any page that has //a=4// in the URL is considered to be a user management page, such as the link below:
@@ Line 111: / Line 97: @@
 As with any [[#Use SSL For]] setting, the [[#Secure SSL Site URL]] setting must be set correctly, and you must have an SSL certificate set up for your site, before turning this on.  Turning this on when either of those criteria are not met can cause errors.
-==== Force SSL URL ====
+==== Removing the unsecured objects browser warning ====
-This feature **added in 4.0.4**
-This setting will only have an effect if one of the [[#Use SSL For]] settings above is turned on, or on [[admin_menu/registration_setup/general_settings/start]] the [[admin_menu/registration_setup/general_settings/start#Use SSL for Registration]] setting is set to "yes"((Or, if you have an addon that adds it's own pages that need to use SSL connection, but this is not typical.)).
+**Using <base> Tag:**  If you use the <base> tag within your templates, and also use the SEO addon, we recommend to remove the <base> tag as the SEO Addon automatically adds that for you((As of SEO addon version 2.0.0 released a few years ago.)), but only if there is not already a <base> tag present in your templates.  The <base> tag added by the SEO addon will automatically use the correct HTTP VS. HTTPS depending on if the current page is using a secure connection or not.  If you have added a <base> tag for other reasons, and do not use or wish to use the SEO addon:  You may need to create a specific page template for use on the pages that are SSL when set to be.  Within your new page template make sure to access the HTTPS URL instead of the HTTP URL to your site in the <base> tag.  If you don't create this "HTTPS" specific page template all of the elements and links within the page will reference the HTTP site when you want them to reference the HTTPS.  This will cause the browser to display the "unsecured objects" message if the URL in the browser address window is HTTPS yet all of the elements within the page are referenced using HTTP.
+**Using Absolute URLs:** If you know you are going to require SSL on some of your pages you need to make sure all the elements (images, javascript, CSS, and any other included elements of the design) used within those pages use **relative URL's** when possible, or use HTTPS if they need to be absolutely referenced((Meaning, they need to include the full URL, such as images loaded off of a different website)).  If any single element of your design is referenced "non-securely" your clients will see the "unsecured objects" warning message.  Also note that if you aren't seeing a warning while others are seeing it usually means that you checked the little box on that "unsecured objects" pop up box to "trust all pages from this site".  We do not suggest you do this for your own site as you want to see that security warning if there is one.
+To **find all non-secured elements of a page**, view the HTML source code of that page within your browser.  Now search that source for any absolutely referenced "HTTP" elements by searching for "http:" within that page.  If you find one or more non-secure elements you will need to correct these by changing the "http:" to "https:" within their URL's for elements referenced from elsewhere on the Internet or change those URL's to reference their elements relatively if they are on your same domain.
+===== Force SSL URL =====
+This setting will only have an effect if one of the [[#Use SSL For]] settings above is turned on, or on [[admin_menu/registration_setup/general_settings/start]] the [[admin_menu/registration_setup/general_settings/start#Use SSL for Registration]] setting is set to "yes"((Or, if you have an addon that adds its own pages that need to use SSL connection, but this is not typical.)).
 If this setting is turned on (checked), when someone goes to a page that should be viewed using a "SSL connection" where the URL should start with "<nowiki>https://</nowiki>", but it is not using a SSL connection (starts with "<nowiki>http://</nowiki>"), then it does a re-direct to the SSL version.  It will also correct for the opposite, if someone views a "non secure" page using SSL connection, it will redirect them to the page without using SSL connection.
@@ Line 122: / Line 115: @@
 Or if user visits the home page at **https**:<nowiki>//</nowiki>example.com/index.php which should NOT be viewed in SSL mode: It will "redirect" them to **http**:<nowiki>//</nowiki>example.com/index.php.
-==== Affiliate URL ====
+====Server Compatibility Warning====
-This is the URL of the //affiliate// file that will be used to build the affiliate links to those users in groups that have affiliate privileges.  See [[admin_menu/users_user_groups/add_new_user_group/start#Affiliate Privileges]] for more info.
+The [[#Force SSL URLs]] feature relies on 3 things to work:
-Specify the path to the affiliate file's base file, which is **aff.php**. This URL will look identical to the [[admin_menu:site_setup:start#Site URL]] field specified above, except it will end with **aff.php** instead of **index.php**.
+  * [[#Site URL]] set in your admin, for NON-SSL pages. <
+  * [[#Secure SSL Site URL]] set in your admin, for SSL pages. <
+  * **_SERVER[HTTPS]** reported correctly by the server, OR **_SERVER[HTTP_X_FORWARDED_PROTO]** for servers that use a proxy.  If you have the above 2 admin settings set correctly and still have problems with turning on [[#Force SSL URL]], most likely your server is not reporting **HTTPS** the standard way (or possibly not at all). <
-==== Site On/Off Switch ====
+Since it relies on the above 3 things to detect whether the current URL is using SSL connection or not, if any of them are not working properly, it can **break** SSL URLs in the site to turn on [[#Force SSL URL]].  If you turn the feature on, make sure that it does not cause //endless redirects// or cause it to redirect to the wrong URL, when you visit a page that would "switch" between SSL and non-SSL.  It is rare, but if you do experience any problems, turn the feature back off immediately if your site is live, until you are able to determine cause.
+One example of a host that does not "report" HTTPS correctly is **Network Solutions** as they mention on their site under [[http://www.networksolutions.com/support/ssl-redirects/|SSL Redirects]].  Note that the "solution" they give, to add JS to "sensitive pages" to make it redirect to SSL page, is not a good solution at all because the sensitive information has already been sent to the browser.  So it may take the user to HTTPS but only AFTER all the contents on the page have already been sent over the Internet on a non-secure connection.  So if you use Network Solutions, you must keep the **force SSL** setting turned off.
+**Technical details:**
+  * If the [[#Site URL]] or [[#Secure SSL Site URL]] is set incorrectly, it can re-direct to the wrong place or cause //endless redirects//, or any number of different problems depending on what you have those settings set to, so be sure they are set correctly according to the applicable help sections above. <
+  * If your server //improperly// reports the **HTTPS** of the page, it can cause "endless redirects". <
+  * If your server //does not// report the **HTTPS** at all, the force SSL URL feature may have no effect or cause endless redirect when turned on. <
+  * Another symptom of HTTPS being reported incorrectly:  If your server //improperly// reports the **SERVER_PORT** as **80** instead of the standard port **443**, when viewing the page in HTTPS, PHP is reporting the server environment incorrectly.  The software does not use the reported port number, that is just one way to tell that the server environment reported by PHP is not correct, something you need to contact your host to resolve. <
+===== Site On/Off Switch =====
 This switch allows you to temporarily take down your site (front user side) for routine maintenance, such as setting up Price Plans, or updating the software, etc. In affect, what you are doing is simply blocking access to the software's pages.
@@ Line 136: / Line 143: @@
 When the site is turned off, you can still access your site in one of two ways:
-=== Login as the Admin ===
+==== Login as the Admin ====
 While this setting is still set to "on", login to the front side using the same username and password that you ordinarily login to the Admin Panel with. Then, change this setting to "off". You will still be able to browse the front side as the admin, but users will not be able to access the site. Instead, they will see the html file specified in the next setting below.
-=== Specify Allowed IP's ===
+==== Specify Allowed IP's ====
 You can specify in the admin panel that only certain IP's may access your site. This setting is under the following menu:
@@ Line 146: / Line 153: @@
 [[admin_menu:admin_tools_settings:security_settings:general_security_settings:start#Allowed IPs When Site Disabled|Admin Tools & Settings > Security Settings > General Security Settings]]
-==== Site On/Off URL ====
+===== Site On/Off URL =====
 If using the [[admin_menu:site_setup:start#site on/off switch]], you will need to specify the URL to a static html page that will display while your site is down for maintenance. With your software distribution you received an html file named "site_off.htm". It is located at the root of your software distribution and unless you change the file name to something else, the "site_off.htm" file will display when your "site on/off switch" is in the "off" mode.
-==== Use 404 Status Code ====
+===== Use 404 Status Code =====
-This feature **Added in 4.0.4**
 If this is turned on (box is checked):  When someone visits a listing that has expired (or an invalid listing ID), the "page status" is set to "404".  It also does this if visiting an "old" category that no longer exists (or using an invalid category ID).  This is recommended to turn on, so that search engines will know to stop "indexing" a listing after it has expired.
-===== Miscellaneous Site Settings =====
+===== Add noindex,nofollow to sorted pages =====
+If this setting is turned on, when the page has "sorting" applied it automatically adds a meta tag that indicates to search engines to not index this page and not follow links on this page.  This way search engines do not "follow" links to sort the browsing listings by a certain column.  The result is that search engines will only index "main" browsing pages, and not attempt to index hundreds of different sorting options for each browsing page, which can result in a lot of extra "duplicate content" pages getting indexed.
+====== Miscellaneous Site Settings ======
 These are misc. settings that are of the site-wide nature.
-==== Listing Types Allowed ====
+===== Listing Types Allowed =====
 This is a site wide setting which allows your visitors to place only classifieds, only auctions, or both within all categories of the site. Some sites may have additional listing types in this list.
@@ Line 171: / Line 179: @@
 </tip>
-==== Company Address ====
+===== Company Address =====
 This is the company's address information (where payments should be sent, contact info, etc).
@@ Line 185: / Line 193: @@
-==== Server Time Offset ====
+===== Server Time Offset =====
 If your hosting server is in a different time zone than where your site is located, you may want to adjust this setting relative to your server's time clock. For example, if you are located in the UK, but your hosting server is located in the United States, you may want to adjust this setting accordingly so that the software knows the system default time to display.
-==== Levels of categories in Dropdown (client side) ====
+===== Levels of categories in Dropdown (client side) =====
 Set this to the number of levels of categories and subcategories you wish to display in these category dropdowns.  If you set this to "2" the main categories and the first level of subcategories to these main categories will be displayed.
@@ Line 195: / Line 203: @@
 If you do not have a large number of total categories within your site it would be best to leave this setting to 0 (less than 30).  This setting affects all places where a dropdown to choose a category is used. Some sites have several categories based on states of the US.  It doesn’t take too many categories with all 50 states under each to run into hundreds of categories quickly.  A dropdown containing possibly thousands of entries can be cumbersome and take a long time for the page to "draw" within the browser, and may even cause errors due to taking so many server resources.  Therefore, we created this setting to account for this possibility.
-==== Levels of categories in Dropdown (admin) ====
+===== Levels of categories in Dropdown (admin) =====
 This setting is similar to the one above, except it applies only to the admin panel. It is intended to help you more easily browse your admin panel if you have a lot of categories in the system.
-==== Use built-in CSS ====
+===== Use built-in CSS =====
 Choose whether to use site wide built in css or use your own. This will most likely be set to **yes** unless you use your own CSS files.
-===== IDevAffiliate Integration =====
+====== IDevAffiliate Integration ======
 These settings are only used if you plan on integrating [[http://www.idevdirect.com/|IDevAffiliate]] with your Geo installation.
 These settings enable you to turn on the integration between the Geo software, and IDevAffiliate's software, which allows you to pay affiliate commissions to your affiliate sites that have sent visitors to you who in turn listed items on your site. Please contact [[http://www.idevdirect.com/|IDevAffiliate]] for information regarding the installation and features of their software.
-==== Activated ====
+===== Activated =====
 Checking this will allow you to turn on the IDevAffiliate integration with our software.  To fully activate the integration, you must also correctly specify the [[admin_menu:site_setup:start#Absolute Path to IDevAffiliate sale.php]] setting.
-==== Absolute Path to IDevAffiliate sale.php ====
+===== Absolute Path to IDevAffiliate sale.php =====
 Note that this setting is hidden unless you have checked the [[admin_menu:site_setup:start#activated]] setting.  This will be the absolute path to the directory that your **sale.php** file that is part of the IDevAffiliate software.  It should be the directory only (does not include sale.php at the end), and it should include the trailing slash.
@@ Line 222: / Line 230: @@
 ===== Character Encoding =====
-==== Character Set (CHARSET) Currently Used in Admin ====
+===== Character Set (CHARSET) Currently Used in Admin =====
 Choose the character set based upon the current Language you are editing text for. Changing the setting here, will affect only the text entries that you make within the Admin Panel. You will be able to enter special encoded characters in this admin depending upon which character setting you choose.
 <tip c n>**NOTE**: This setting only affects the **admin area**, to change the charset used on the //front side// you need to do so by changing the charset in the templates.</tip>

Geodesic Solutions Community Wiki

User Tools

Site Tools

Differences

Page Tools