option to redirect to https url for login, option ENABLE_LOGIN_SSL (fixes some non-absolute redirects)

This commit is contained in:
Andrew Dolgov 2005-12-09 21:34:29 +01:00
parent a24f525cce
commit 75836f3386
4 changed files with 43 additions and 5 deletions

View file

@ -54,4 +54,7 @@
define('GLOBAL_ENABLE_LABELS', false);
// Labels are a security risk, so this option can globally disable them for all users.
define('ENABLE_LOGIN_SSL', false);
// Redirect to SSL url for login
?>

View file

@ -723,12 +723,34 @@
session_destroy();
}
function get_script_urlpath() {
$request_uri = $_SERVER["REQUEST_URI"];
return preg_replace('/\/[^\/]+$/', "", $request_uri);
}
function get_login_redirect() {
$server = $_SERVER["SERVER_NAME"];
if (ENABLE_LOGIN_SSL) {
$protocol = "https";
} else {
$protocol = "http";
}
$url_path = get_script_urlpath();
$redirect_uri = "$protocol://$server$url_path/login.php";
return $redirect_uri;
}
function login_sequence($link) {
if (!SINGLE_USER_MODE) {
if (!USE_HTTP_AUTH) {
if (!$_SESSION["uid"]) {
header("Location: login.php?rt=tt-rss.php");
$redirect_uri = get_login_redirect();
header("Location: $redirect_uri?rt=tt-rss.php");
exit;
}
} else {

View file

@ -6,8 +6,11 @@
require_once "config.php";
require_once "functions.php";
$url_path = get_script_urlpath();
$redirect_base = "http://" . $_SERVER["SERVER_NAME"] . $url_path;
if (SINGLE_USER_MODE) {
header("Location: tt-rss.php");
header("Location: $redirect_base/tt-rss.php");
exit;
}
@ -25,7 +28,7 @@
} else {
$redirect_to = "tt-rss.php";
}
header("Location: $redirect_to");
header("Location: $redirect_base/$redirect_to");
}
}

View file

@ -7,7 +7,17 @@
logout_user();
if (!USE_HTTP_AUTH) {
header("Location: login.php");
$url_path = get_script_urlpath();
if (ENABLE_LOGIN_SSL) {
$protocol = "https";
} else {
$protocol = "http";
}
$redirect_base = "$protocol://" . $_SERVER["SERVER_NAME"] . $url_path;
header("Location: $redirect_base/login.php");
} else { ?>
<html>