external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add a configuration setting to disallow HTTP login

Browse source 
If this is enabled, do not show the login form and display a note
suggesting to switch to a secure connection if a user accesses the site
via HTTP.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-08-11 17:35:03 +02:00
parent a47f4915dc
commit 1c9db1d1f1
3 changed files with 17 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
web/template/login_form.php
View file

@ -6,7 +6,7 @@ if (isset($_COOKIE["AURSID"])) {
<a href="logout.php">[<?php print __("Logout"); ?>]</a>
<?php
}
else {
elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
if ($login_error) {
print "<span class='error'>" . $login_error . "</span><br />\n";
}
@ -26,5 +26,13 @@ else {
<a href="passreset.php">[<?php echo __('Forgot Password') ?>]</a>
</div>
</form>
<?php
}
else {
?>
<span class='error'>
<?php echo __("HTTP login is disabled. Please switch to HTTPs if you want to login: "); ?>
<a href="https://aur.archlinux.org/">https://aur.archlinux.org/</a>
</span>
<?php } ?>
</div>