Link to home
Start Free TrialLog in
Avatar of nhtahoe
nhtahoe

asked on

"This page contains both secure and nonsecure items..." - Help me get rid of this message!

Hello, I keep on getting the "This page contains secure and insecure..." on a secure page on my site. This only happens when I view my page with IE6, not Firefox or IE7.  I have looked everywhere for http:// and anything unsecured and I can't find anything anywhere.  The CSS's this page reference are also all https://.  Can anyone see anything in the following source that is insecure???


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
                        "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>*********** Personal Entries</TITLE>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<link href="https://www.***********.com/css/smain.css" rel="stylesheet" type="text/css">
<link href="https://www.***********.com/css/member/Personal.css" rel="stylesheet" type="text/css">
<script language="JavaScript" type="text/javascript" src="https://www.***********.com/textarea/wysiwyg.js">
</script>

<script language="JavaScript"  type="text/javascript">

function getCookie(NameOfCookie){
var begin;
if (document.cookie.length > 0) {
      begin = document.cookie.indexOf(NameOfCookie+"=");
      if (begin != -1) {
            begin += NameOfCookie.length+1;
            end = document.cookie.indexOf(";", begin);
            if (end == -1) end = document.cookie.length;
            return unescape(document.cookie.substring(begin, end)); }
}
return null;
}

function FindCookie(){

var aff_num=0;
userinfo=getCookie('YD');
//alert(userinfo);
if (userinfo=="||") {  
      // alert(document.body.innerHTML);
      // document.write('');
      location.replace("https://www.***********.com/login.php");
      document.body.innerHTML = "<html><head><title>***********.com Session Expiration</title></head><body>Your session has expired. Please <a href=\"https://www.***********.com/login.php\">Login</a> again. </body</html>";
        // LogMeOut();
}

}

function LogMeOut(){
//            document.info.action = "https://www.***********.com/cgi-bin/you/logout.cgi";
            top.location.href = 'https://www.***********.com/cgi-bin/you/logout.cgi?username=nhtahoe&fn_which=1';
            
}

function doLoad()
{
    document.info.ext.value = "E";
    setTimeout( "refresh()", 3600*1000 );
}

function refresh()
{
    setTimeout( "LogOut()", 300*1000 );
    // makeWin('https://www.***********.com/timeout.php');
    appear();
    document.info.ext.value = "";
}


function LogOut(){
       if (document.info.ext.value == "") {
            document.info.action = "https://www.***********.com/cgi-bin/you/logout.cgi?username=nhtahoe&fn_which=1";
            document.info.method = "POST";
            document.info.submit();
             }
}


function dis(){
       document.getElementById('logout_warning').style.visibility = "hidden";
            // document.getElementById("tft_swapper").innerHTML="<input type=\"hidden\" name=\"pass\" id=\"tft_pass_box\">";
            doLoad();
            // document.getElementById("tft_pass_box").focus();
}

function appear(){
       document.getElementById('logout_warning').style.visibility = "visible";
            // document.getElementById("tft_swapper").innerHTML="<input type=\"button\" name=\"pass\" id=\"tft_pass_box\" class=\"btn\" value=\"Click to Extend Time\" onClick=\"dis(\'tft_swapper\');\">" ;

}

</script>

</head>
<body onload="doLoad(); FindCookie();">

<script language="JavaScript"  type="text/javascript">
var errfound = false;
var err_mess;
var alert_title='Input Restriction';

function UpdateEntry(D,RN) {
      CheckVals();
      CheckForm();
      updateTextArea('entInfo1');
      document.info.fn_edit.value=D;
      document.info.fn_recordnum.value=RN;
      Demo();
      if (errfound==false) {
            document.info.action = "https://www.***********.com/cgi-bin/you/planinfo.cgi";
            document.info.method = "POST";
            document.info.submit();
      }
}

function CancelEntry(D,RN) {
      document.info.fn_edit.value=D;
      document.info.fn_recordnum.value=RN;
      document.info.action = "https://www.***********.com/cgi-bin/you/planinfo.cgi";
      document.info.method = "POST";
      document.info.submit();
}

function FixCookieDate (date) {
      var base = new Date(0);
        var skew = base.getTime(); // dawn of (Unix) time - should be 0
        if (skew > 0)  // Except on the Mac - ahead of its time
                date.setTime (date.getTime() - skew);
}

function SetCookie (name,value,expires,path,domain,secure) {
      document.cookie = name + "=" + escape (value) +
          ((expires) ? "; expires=" + expires.toGMTString() : "") +
          ((path) ? "; path=" + path : "") +
          ((domain) ? "; domain=" + domain : "") +
          ((secure) ? "; secure" : "");
}


function SetUpdateCookie (N) {
     
      var expdate = new Date ();
      FixCookieDate (expdate); //
      expdate.setTime (expdate.getTime() + (60 * 60)); // session cookie
      SetCookie ("***********Entry",N,expdate,"/","www.***********.com",false);
}

function AddEntry(N) {
      CheckVals();
      updateTextArea('entInfo1');
      document.info.fn_edit.value=N;
      document.info.fn_task.value = "";
      CheckForm();
      Demo();
      if (errfound==false) {
            
      document.info.action = "https://www.***********.com/cgi-bin/you/planinfo.cgi";
      
            document.info.method = "POST";
            document.info.submit();
      }
}

function Edit(D,R,S) {
      document.info.fn_edit.value=D;
      document.info.fn_recordnum.value=R;
      document.info.fn_catSelected.value=S;
      document.info.action = "https://www.***********.com/cgi-bin/you/planinfo.cgi";
      document.info.method = "POST";
      document.info.submit();

}

function View(N) {
      SetUpdateCookie(N);
      document.info.fn_recordnum.value=N;
      document.info.action = "javascript:makeWin('https://www.***********.com/cgi-bin/you/viewEntry.cgi')";
      document.info.method = "POST";
      document.info.submit();
}

function Move(N) {
      SetUpdateCookie(N);
      document.info.fn_recordnum.value=N;
      document.info.action = "javascript:makeWin('https://www.***********.com/cgi-bin/you/moveEntry.cgi')";
      document.info.method = "POST";
      document.info.submit();
}

function AddAnEntry(x) {
     // alert(document.info.catSelect.value);
      if (document.info.catSelect.value != "") {
            document.info.fn_catSelected.value=x;
            document.info.fn_task.value = "okay";
            document.info.action = "https://www.***********.com/cgi-bin/you/planinfo.cgi";
            document.info.method = "POST";
            document.info.submit();
      }
}

function AddNewEntry(x) {
      document.info.fn_catSelected.value=x;
      document.info.fn_task.value = "okay";
      document.info.fn_edit.value="";
      document.info.fn_recordnum.value="";
      document.info.action = "https://www.***********.com/cgi-bin/you/planinfo.cgi";
      document.info.method = "POST";
      document.info.submit();
}

function RemoveEntry(D,RN) {
     
      Demo();
      if (errfound==false) {
            var n = confirm("Are you sure you wish to delete this Entry?");
            if (n) {
                  document.info.fn_edit.value=D;
                  document.info.fn_recordnum.value=RN;
                  
      document.info.action = "https://www.***********.com/cgi-bin/you/planinfo.cgi";
      
                  document.info.method = "POST";
                  document.info.submit();
            }
      }
}



function Login(){
      document.info.action = "https://www.***********.com/cgi-bin/you/login.cgi";
      document.info.method = "POST";
      document.info.submit();
}

function AccCenter(){
      document.info.action = "https://www.***********.com/cgi-bin/you/accCenter.cgi";
      document.info.method = "POST";
      document.info.submit();
}

function Contact(){
      document.info.action = "https://www.***********.com/cgi-bin/you/memContact.cgi";
      document.info.method = "POST";
      document.info.submit();
}

function makeWin(url) {
            agent = navigator.userAgent;
            windowName = "Sitelet";
            params  = "";
            params += "toolbar=0,";
            params += "location=0,";
            params += "directories=0,";
            params += "status=0,";
            params += "menubar=1,";
            params += "scrollbars=1,";
            params += "resizable=1,";
            params += "width=820,";
            params += "height=600";
            win = window.open(url, windowName , params);
            if (agent.indexOf("Mozilla/2") != -1 && agent.indexOf("Win") == -1) {
                win = window.open(url, windowName , params);
            }
            if (!win.opener) {

                win.opener = window;
            }
}



function purchaseLetter(){
      document.info.action = "javascript:makeWin('https://www.***********.com/cgi-bin/you/buyLetters.cgi')";
      document.info.method = "POST";
      document.info.submit();
}

function Manage(x){
      document.info.fn_category.value = x;
      document.info.fn_edit.value = "Listing";
      document.info.action = "https://www.***********.com/cgi-bin/you/planinfo.cgi";
      document.info.method = "POST";
      document.info.submit();
}


function WinManage(){
      document.info.fn_edit.value = "Listing";
      document.info.action = "https://www.***********.com/cgi-bin/you/planinfo.cgi";
      document.info.method = "POST";
      document.info.submit();
}

function ShowAns() {
      params  = "";
      params += "toolbar=0,";
      params += "location=0,";
      params += "directories=0,";
      params += "status=0,";
      params += "menubar=0,";
      params += "scrollbars=1,";
      params += "resizable=1,";
      params += "width=650,";
      params += "height=500";
            
      updateTextArea('entInfo1');
      var n=new Date();
      var x=window.open('', 'newWin'+n.getTime(), params);
      x.document.write('<font face=arial,helvetica size=2><b>Mail to:</b><br>' + '<textarea rows=3 cols=50>' + document.info.fn_Re.value + '</textarea><br><br>' + document.info.entInfo1.value + '<br><br><br><br>');  
      x.document.write('<input type=button value="Close Window" onClick="javascript:window.close();">');
      x.focus();
}

function MailNow(M,RN){
      errfound = false;
      Demo();
       if (!ValidLength(document.info.fn_Re.value,10))
            error(document.info.fn_Re,"You did not enter a mailing address.");
      if (errfound==false) {
            var n = confirm("This will use one Letter Credit. Do you wish to continue?");
            if (n) {
                  document.info.fn_task.value = "okay";
                  updateTextArea('entInfo1');
                  document.info.fn_edit.value=M;
                  document.info.fn_recordnum.value=RN;
                  
      document.info.action = "https://www.***********.com/cgi-bin/you/planinfo.cgi";
      
                  document.info.method = "POST";
                  document.info.submit();
                  }
      }
     
}

function CheckForm() {
      errfound = false;
      err_mess = "";

      if (document.info.fn_category.value == "Letters") {
            if (!ValidLength(document.info.fn_Re.value,10))
                  error(document.info.fn_Re,"You need to enter a mailing address is invalid");
      }
      else {
            if (!ValidLength(document.info.fn_Re.value,4))
                  error(document.info.fn_Re,"You need to enter a Subject or Brief Description.");
      }
      if (document.info.fn_category.value == "Email") {
            if (!ValidEmail(document.info.fn_emailRec.value))
                  error(document.info.fn_emailRec,"The E-Mail address is invalid");  
       }
}

function ValidLength(item, len) {
          return (item.length >= len);
}

function ValidEmail(item) {
      emailcheck=item;
      //check for disallowed characters
      invalids="/:;";
      for(i=0; i<invalids.length; i++){
            characto=(invalids.charAt(i));
            if (emailcheck.indexOf(characto) != -1){
                  return false; }
      }
      //check for @, skip first character
      // atindex= emailcheck.indexOf("@",1)
      // if (atindex == -1){
      //      return false; }
      //check for only one @
      // if (emailcheck.indexOf("@",atindex+1) != -1){
            //      return false;             }
            //check for dot after @
      // dotindex=emailcheck.indexOf(".",atindex+1)
      // if (dotindex == -1){
      //      return false; }
            //check for at least 2 chars after dot
      // if ((dotindex+3) > emailcheck.length) {
      //      return false;}
         return true;
}

function error(elem, text) {
      if (errfound) return;
         window.alert(text);
           if ( elem.type == "text" )
            elem.select();
         elem.focus();
         errfound = true;
}

function limitLines(textarea,limit){
      var val=textarea.value.replace(/\r/g,'').split('\n');
      if(val.length>limit){
            alert('You can only have 5 address lines.');
            textarea.value=val.slice(0,-1).join('\n')
      }
}


function CheckVals(){
      var MultipleBenes = "";
      var i =0 ;
      document.info.fn_beneSelect.value = "";
      for( i=0; i<document.info.fn_beneSelectOne.length; i++ ) {
            if( document.info.fn_beneSelectOne.options[i].selected == true) {
                  document.info.fn_beneSelect.value = document.info.fn_beneSelect.value + document.info.fn_beneSelectOne.options[i].value + '|';      
            }
      }
}

function Demo() {

}

</script>
<form name="info" action="post">

<input type="hidden" name="ext">


<input type="hidden" name="fn_id" value="258">
<input type="hidden" name="fn_name" value="bob">
<input type="hidden" name="fn_Theusername" value="bab">
<input type="hidden" name="fn_category" value="Personal">
<input type="hidden" name="fn_task" value="">
<input type="hidden" name="fn_edit" value="">
<input type="hidden" name="fn_recordnum" value="">
<input type="hidden" name="template" value="Here is a template.">
<input type="hidden" name="fn_catSelected" value="asdf">
<input type="hidden" name="fn_beneSelect" value="">
<input type="hidden" name="textarea" value="">

<div class="name_right_top">
 <div class="white_backround">
  <span class="pad_left">
Welcome&nbsp;<b>Nicholaus Harris</b></span><br>
  <span class="pad_left">You are currently <strong>Logged In</strong></span><br>
  <span class="pad_left"><input type="button" value="My Home" class="btn" style="width:7em;" onClick="javascript:Login();"><input type="button" value="Account Center" class="btn"  style="width:10em;" onClick="javascript:AccCenter();">
  </span><br /><span class="pad_left"><input type="button" value="Log Out" style="width:7em;" class="btn" onClick="LogMeOut();"></span>
  <a href="javascript:makeWin('https://www.***********.com/help/helpprocess.php?name=index')">Help?</a>
 </div>
 <div class="dialogd">
 <div class="ft">
   <div class="c">
   </div>
  </div>
 </div>
</div>

<table width="800" border="0" align="center">
  <tr>
    <td width="198">
          <img src="https://www.***********.com/images/logo_beta1.jpg" class="shiftdown" width="197" height="125">    </td>
    <td width="592"><div id="logout_warning">
Your account has been inactive for 60 minutes and you will now be logged out. To extend your session, click below:<br>
<input type="button" name="pass"  class="btn" value="Click to Extend Time" onClick="dis();">
</div>
</td>
  </tr>
</table>

<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
  <td>
  <div id="header1">
<ul>
      <li id="white1"><a href="javascript:Login()">My Home</a></li>
      <li><a href="javascript:AccCenter()">Account Center</a></li>
      <li id="white11"><a href="javascript:Manage('Directives')">Directives</a></li>  
      <li id="white2"><a href="javascript:Manage('Introduction')">Introduction</a></li>
      <li id="white3"><a href="javascript:Manage('Email')">Email</a></li>
      <li id="white4"><a href="javascript:Manage('Estate')">Estate</a></li>
      <li id="white5"><a href="javascript:Manage('Finance')">Finances</a></li>
</ul>
</div>
</td>
</tr>
<tr>
<td>
<div id="header1">
<ul>
    <li id="white12"><a href="javascript:Manage('Gifts')">Gifts &nbsp;</a></li>
      <li id="white6"><a href="javascript:Manage('Insurance')">Insurance &nbsp;</a></li>
      <li id="white7"><a href="javascript:Manage('Letters')">Letters</a> </li>
      <li id="white13"><a href="javascript:Manage('Messages')">Messages</a></li>
      <li id="white8"><a href="javascript:Manage('My Final Wishes')">My Final Wishes</a></li>
      <li id="white9"><a href="javascript:Manage('Passwords')">Passwords</a></li>
      <li id="white10"><a href="javascript:Manage('Personal')">Personal</a></li>
</ul>
</div>

</td>
</tr>
</table>

<table width="810" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
    <td>
    <div class="dialogb">
       <div class="hd">
          <div class="c">
          </div>
       </div>
    </div>
    </td>
 </tr>
</table>


<table width="800" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">

<tr><td colspan="4" class="currcat">Current Category:&nbsp;<b>Personal</b></td></tr>
<tr><td colspan="4" class="currcat">Switch To:&nbsp;<select size="1" name="catSelect" class="drop" onChange="AddAnEntry(document.info.catSelect.value);"><option value="">
<option value="Dependent Children">1
<option value="Family Medical History">2
<option value="Father">3

</select>
</td></tr>
</table>

<table width="800" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">

    <tr><td colspan="4"><img src="https://www.***********.com/images/thinline_blue.gif" alt="line" width="100%" height="1" /></td></tr>
    <tr><td colspan="4" align="right">
      <input type="button" value="Add Entry" class="pbtn" onCLick="AddEntry('N');">
      <input type=button value="Cancel" class="pbtn" onCLick="history.back()">
       </td></tr>
    <tr><td colspan="4"><strong>Dependent Children<br></strong>Enter information about your dependent children below. Include information about how to care for each child.<br><br></td></tr>
    <tr><td colspan="4"><img src="https://www.***********.com/images/thinline_blue.gif" alt="line" width="100%" height="1" /></td></tr>
   
      <tr><td colspan="2"><strong>Brief Description:</strong></td>
      <td colspan="2"><input type="text" name="fn_Re" value="" size="50"></td></tr>
     
    <tr><td colspan="4">&nbsp;</td></tr>
<tr><td colspan="4">
<textarea id="entInfo1" name="fn_Info1" style="height: 770px; width: 400px;">
<strong>Children who depend on me<br></strong<strong>Other Information</strong>:

</textarea>
<script language="javascript1.2">
  generate_wysiwyg('entInfo1','770','400');
</script>
</td>
</tr>
 

<tr><td colspan="4">&nbsp;</td></tr>

<tr><td colspan="2" class="recip"><strong>Select Recipients:</strong></td>

<td align="right" colspan="2" class="recip"><strong>Add Email Recipients:</strong></td></tr>
<tr><td colspan="2" class="recip">
<select name="fn_beneSelectOne" class="bsel" Multiple size="3" class="drop">

</select></td>
<td colspan="2" align="right" class="recip">
      <textarea name="fn_emailRec" class="textareaEmail" rows="2" cols="50" value="" wrap="on"></textarea>
      <br><span class="heading1">
      Enter email addresses seperated by commas.</span>
      <br>
       </td>
</tr>
<tr><td colspan="4"><span class="heading1">
<a href="javascript:makeWin('https://www.***********.com/help/helpprocess.php?name=multiple')">
<b>How to select multiple Recipients</b></a></span>
</td></tr>

 <tr><td colspan="4"><img src="https://www.***********.com/images/thinline_blue.gif" alt="line" width="100%" height="2" /><br><br></td></tr>
<tr><td>
      <input type="button" value="Add Entry" class="pbtn" onCLick="AddEntry('N');">
      <input type=button value="Cancel" class="pbtn" onCLick="history.back()">
       </td><td colspan="3">&nbsp;</td></tr>


</table>

<table class="smallnavlinks" width="810" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
   <td>
    <div class="dialogb">
    <div class="ft">
     <div class="c"></div>
    </div>
      </div>
  </td>
 </tr>
 <tr>
  <td class="footer_text">
  <div style="float: left; margin: 10px 0px 0 30px;">
         <a href="http://hackerstopper.com/verified.php?name=***********" target="_blank"><img src="https://www.***********.com/images/verified.gif" alt="HackerStopper has verified that *********** is a completeley secure website." width="100" height="65" border="0" /></a><br />
         <span class="hacker_stopper">Secured-Feb 24, 2007</span> </div>
 
  <p><a href="http://www.***********.com/index.php" target="_blank">Home</a> | <a href="http://www.***********.com/security.php" target="_blank">Security </a> | <a href="http://www.***********.com/about.php" target="_blank">About</a></p>
  <p> &#169;2007 ***********.com </p>
  </td>
 </tr>
</table>
<input type="button" name="ChangeCategory" class="verysmall" onClick="WinManage();">
</form>
</body>

</html>

Avatar of Marc Z
Marc Z
Flag of United States of America image

Aren't the bottom few links going to http: instead of https?
Avatar of nhtahoe
nhtahoe

ASKER

Yes, they are, but external links to nonsecure pages don't need to be https.  I use the same footer with links to unsecured pages on all kinds of other secure pages and I don't get the error.
If you choose no - can you compare the source code to see what is not showing?  
Avatar of nhtahoe

ASKER

I saved the source from both and then used the comparison tool ExamDiff (http://www.prestosoft.com/ps.asp?page=edp_examdiff) to see if there were any differences... but there were not.  Pretty strange...
And you don't have Google Analytics in there or anything like that?  If you are using the same footer and going to a non-secure page, do you get the same error?
-Corey
Are all the javascript codes coming from secure pages?  I read somewhere that if the javascript is not on secure server you will get this error.
From http://ask-leo.com/can_i_get_rid_of_the_this_page_contains_both_secure_and_nonsecure_items_warning.html
my site was giving this error, until i'd made my 'include' folder run under SSL, as well as my main folder.
So, check the code insecure links, and then double check all folders in the website are using ssl.
Also from there.
It was caused by an IFRAME I put on my page to have a DIV over a SELECT box. The problem was that my IFRAME didn't have a secure SRC target (actually, it was left blank ;p), so it is treated as a "nonsecure item".

I just could get free from that boring message by adding a SRC URL to the IFRAME.
and then a reply to this guy.
Thanks, Marcio. Not having a src was my problem. I added "blank.html" (nothing in the file except beginning and ending html tags) to the same folder as the file (so that it is within the secure site) and assigned the src attribute to it. Problem resolved!

Good luck.
ASKER CERTIFIED SOLUTION
Avatar of qualtran
qualtran

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of nhtahoe

ASKER

yes, the iframe was the problem. After I did this:
<iframe frameborder="0" id="wysiwyg' + n + '">
to
<iframe src="https://www.ourdomain.com/textarea/" frameborder="0" id="wysiwyg' + n + '">

I finally go rid of the error. Gotta loe IE6....NOT.