external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 09:43:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add a configuration setting to disallow HTTP login

Browse source 
If this is enabled, do not show the login form and display a note
suggesting to switch to a secure connection if a user accesses the site
via HTTP.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-08-11 17:35:03 +02:00
parent a47f4915dc
commit 1c9db1d1f1
3 changed files with 17 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
web/lib/aur.inc.php
View file

@ -326,9 +326,12 @@ function html_header($title="") {
global $_POST;
global $LANG;
global $SUPPORTED_LANGS;
global $DISABLE_HTTP_LOGIN;
$login = try_login();
$login_error = $login['error'];
if (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
$login = try_login();
$login_error = $login['error'];
}
$title = htmlspecialchars($title, ENT_QUOTES);

3
web/lib/config.inc.php.proto
View file

@ -71,3 +71,6 @@ $PERSISTENT_COOKIE_TIMEOUT = 60 * 60 * 24 * 30;
# please ensure "upload_max_filesize" is additionally set to no more than 3M,
# otherwise this check might be easy to bypass (FS#22991 for details)
$MAX_FILESIZE_UNCOMPRESSED = 1024 * 1024 * 8;
# Allow HTTPs logins only
$DISABLE_HTTP_LOGIN = true;