OSCommerce: HTTP to HTTPS Flash Header Files, Sessions, Pop-up Alert Issue

CURRENT SITUATION: The website associated with this project currently has two separate flash files in the [login to view URL] file. Both files are currently managed using the following code: <?php if(!tep_not_null($show_intro)){ <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" width="450" height="104"> <param name="movie" value="<?=URL.DIR_WS_HTTP_CATALOG.DIR_WS_IMAGES?>flash/flash_header1.swf"> <param name="quality" value="high"> <embed src="<?=URL.DIR_WS_HTTP_CATALOG.DIR_WS_IMAGES?>flash/flash_header1.swf" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer"type="application/x-shockwave-flash" width="450" height="104"></embed></object> <? $show_intro = '1'; tep_session_register('show_intro'); }else{ ?> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" width="450" height="104"> <param name="movie" value="<?=URL.DIR_WS_HTTP_CATALOG.DIR_WS_IMAGES?>flash/flash_header2.swf" /> <param name="quality" value="high" /> <embed src="<?=URL.DIR_WS_HTTP_CATALOG.DIR_WS_IMAGES?>flash/flash_header2.swf" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width="450" height="104"></embed> </object> <? } ?> The challenge is that I have been told that it is not possible to transition the [login to view URL] file and above referenced functionality from a HTTP to HTTPS environment. As a result, our site presents the standard "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" In an attempt to prevent this message from appearing each time a visitor or registered user clicks on a URL to which an SSL setting applies, I have tried the following values in the above referenced code, all to no avail: <param name="movie" value="http://domainname/onlinestore/flash/flash_header1.swf"> <param name="movie" value="http://www.domainname/onlinestore/flash/flash_header1.swf"> <param name="movie" value="<?=URL.DIR_WS_HTTP_CATALOG.DIR_WS_IMAGES?>flash/flash_header1.swf"> <param name="movie" value="<?php echo tep_href_link(DIR_WS_IMAGES. 'flash/[login to view URL]', '', 'SSL', false); ?>"> KEY OBJECTIVES OF THIS PROJECT (SCOPE OF WORK): 1. Re-write the code which manages both flash files so they are included in the HTTP to HTTPS transition. This MUST eliminate the pop-up window, "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" If re-writing the above code is not necessary, Service Provider will create custom-written code to successfully achieve the aforementioned objective. 2. Test and confirm the first objective applies to all files applicable files including: [login to view URL] [login to view URL] [login to view URL] [login to view URL] [login to view URL] [login to view URL] [login to view URL] [login to view URL] [login to view URL] [login to view URL] [login to view URL] [login to view URL] [login to view URL] [login to view URL] 3. All code/customizations will be annotated with the Service Providers contact information. 4. Service Provider will communicate any/all modifications made to complete this project successfully. Notes: Service Buyer speculates the following URLs may hold a solution, but cannot affirm same from a technical perspective: [login to view URL] The site on which services will be rendered is in a VPS environment, has it's own SSL (not shared), and is configured to be acknowledged via: domainname, http://domainname, and https://www.domainname. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Current Session Settings in "Configuration" section in Admin Control Panel: Session Directory /temp/ Force Cookie Use True Check SSL Session ID True Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session False ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There are two other items the Service Provider must be knowledeable of. Service Buyer recently had another Service Provider make the following modifications to transition certain pages over from HTTP to HTTPS: File Name Modified: /catalog/includes/[login to view URL] Code: $secure_pages = array("login.php", "create_account.php", "shopping_cart.php", "account_edit.php", "address_book.php", "account_pasword.php", "order_history.php", "account.php", "checkout_confirmation.php", "checkout_payment.php", "checkout_payment_address.php", "checkout_process.php", "checkout_shipping.php", "checkout_shipping_address.php", "checkout_success.php"); include(DIR_WS_MODULES."/enforce_https.php"); security_service(); if(empty($_SERVER['HTTPS'])) define('URL',HTTP_SERVER); else define('URL',HTTPS_SERVER); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File Name Modified: /catalog/[login to view URL] Code: <?php echo tep_draw_form('cart_quantity', tep_href_link(FILENAME_SHOPPING_CART, 'action=update_product', 'SSL')); ?> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CONTRIBUTIONS/CUSTOMIZATIONS CURRENTLY INSTALLED: - osCommerce PayPal IPN v1.1 ([login to view URL],2679) - Making PayPal Return Order Data * Held Orders v2.02 * Held Orders Fix * Held Orders UserAbandons Order [login to view URL],3819 - PayQuake Payment Module v1.0 (Harald Ponce de Leon - hpdl) - Ultimate SEO URLs - 2.1d with optional Admin settable Product and Category URLs - 29 November 2006 - SEO Assistant V 1.3.3_full package ([login to view URL],2370) - SID Killer v1.2b - plus integrate with Ultimate SEO URLs - nfrobertson 12 Feb 2006 - Header Tags Controller 2.6.3 - jonatanvalencia 2 Mar 2007 (MadFobos Updated previous version v2.5.9) - Spider Session Remover v1.0 ([login to view URL],2819) - Google position 1.3 ([login to view URL],2336/category,all/search,Jack+York) - Google XML Sitemap Feed ([login to view URL],3233) - RSS Feed 0.1 ([login to view URL],1513) - Froogle Data Feeder v 162d ([login to view URL],3876) - Printable Catalog 1.6 ([login to view URL],234/page,18) - VJ Links Manager for OSC v2.0 ([login to view URL],1256/category,all/search,vj+links) - Banner Ad in a box V1.1 by Aubrey Kilian ([login to view URL],59/page,2) - Banner Ads in Header (currently disabled) - How Did You Hear About Us 1.4 ([login to view URL],2159) - Ask a Product Question 2.3 ([login to view URL],1779) - Newsdesk v1.48.3 Updated ([login to view URL],934) - Notify Admin of New Account v1.0.5 (Not functional) ([login to view URL],3414) - WYSIWYG Editor v1.9FR ([login to view URL],1347) - Newsletter Unsubscribe ([login to view URL],913/category,all/search,newsletter+unsubscribe) - Option Type Feature v1.71 within OSC MS2.2 ([login to view URL],160) - osCommerce Account Agreement Checkbox ([login to view URL],3903) - Store Pickup Shipping Module 1.05 1 2 ([login to view URL],164/category/search,7626) - Skype Contact v1.0 ([login to view URL],4004/category/search,43895) - Store Offline ([login to view URL]) - Contact Us Subject Line ([login to view URL],4017/category,all/search,Subject+line) - Admin Notes v1.0 ([login to view URL],2599/category,all/search,Admin+Notes+v2.0) - FAQ System 2.1a ([login to view URL],1948/category,all/search,faq) - Tell a Friend (Custom functionality not based on a contribution) - Bookmark Page (Custom functionality not based on a contribution) - SiteMonitor: [login to view URL],4441 - Imagecheck 1.2: [login to view URL],572/category,all/search,Imagecheck+1.2 - Products Sort Order within Admin console - Product Attributes Sort Order v1.0: [login to view URL],1822/category,all/search,Sort+Product+Attributes+1.2 - Specials Page Displayed Like New Products Page: [login to view URL],3355/category,all/search,Specials+Page+Displayed+Like+New - Contact Us Email Subject - close popup window v1.1 ([login to view URL],1696/category,all/search,close+pop) - jQuery Image Pop-up Manager (I believe close popup window v1.1 should have been replaced by jQuery) (MadFobos) - Automatically notify admin via e-mail of new accounts - Link in Box Title: [login to view URL],3130/category,all/search,Link+in+Box+Title - Proprietary HTML, PHP, and Javascript Code for "Manage Account" box and "Shopping Cart" box (MadFobos) - Customer Never Loses Cart - Even without Sign In ([login to view URL],4738) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PROJECT TERMS AND CONDITIONS - DO NOT BID ON THIS PROJECT UNLESS YOU HAVE READ, FULLY UNDERSTAND, AND AGREE TO THE FOLLOWING: 1.0. Acceptance of this project also constitutes full and complete acceptance of the following Terms and Conditions: 1.1. Service Provider certifies he/she possesses extensive knowledge and a universally acceptable level of technical and professional experience required to successfully complete this project, including but not limited to expert-level/real-world expertise with OSCommerce (including core and highly customized files), PHP, mySQL, and Javascript. 1.2. Service Provider agrees to perform a full and complete backup of all files (including databases) prior to performing any work. 1.3. Service Provider agrees to restore all files and/or databases to their original state if he/she is unable to successfully complete this project as specified above. 2.0. Service Buyer reserves the right to cancel this project, shall be held harmless from all forms of financial, civil, or crimimal recourse, and is under no obligation to make payment for any services/work performed by Service Provider if: (a) Service Provider fails to honor the timetable agreed upon for this project. (b) Service Provider fails to respond at all or adequately to any/all communication, be it e-mail, Instant Messages, and/or GAF messages sent by Service Buyer in a timely fashion. A "Timely Fashion" is defined as a period of 24 hours per communication (per instance) sent by Service Buyer to Service Provider. (c) Service Provider fails to ensure the work performed associated with this project does not achieve the Scope of Work as defined above. (d) Work performed by Service Provider adversely impacts any other functionality within the application, including but not limited to core OSCommerce functionality, non-core contributions, and custom-written functionality. (e) Service Provider misrepresents his/her true professional/technical capabilities (expressed, implied, or through demonstration by/through performance) during the life of the project. (f) Service Provider installs any rogue code, application(s), script(s), or makes alterations to pre-existing code that could, will, would, does, or is known to compromise security both during and after completion of this project. This provision has no statute of limitations. (g) Service Provider fails to apply adequate computer security to prevent the observation of or access to any and all information, files, folders, usernames, passwords, login URL's, or any other proprietary or customer data associated with this project. 4.0. Service Provider agrees to respond to all support requests made by Service Buyer within 4 hours for a period of 30 days after Service Buyer makes payment for this project. Service Provider furthermore understands and agrees that support includes identifying and resolving any/all issues arising subsequent to payment for services. 5.0 Service Provider agrees to permanently discard and/or destroy all usernames and passwords provided by Service Buyer subsequent to the completion of this project. 6.0. Service Buyer reserves the right to seek legal relief in a court of competent jurisdiction as well as financial compensation for any damages resulting from deffective workmanship performed by Service Provider. 7.0. Service Provider is bound by all terms and conditions set forth herein. 8.0. Service Provider is also bound by all terms and conditions issued by GetAFreelancer (GAF). 9.0. The terms and conditions set forth herein shall supercede any conflicting terms and conditions issued by Get a Freelancer (GAF).