Add a configuration setting to disallow HTTP login

If this is enabled, do not show the login form and display a note suggesting to switch to a secure connection if a user accesses the site via HTTP. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2011-08-11 17:35:03 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2011-08-11 21:04:38 +0200
commit: 1c9db1d1f14d5f83d8bd7dbbd535cf109680471f (patch)
tree: f0d43b6b7364deed54fb8317e7d8b0ffb52ed5a0 /web/template
parent: a47f4915dcc057b8b57130886e009db9ca6afd44 (diff)
download: aurweb-1c9db1d1f14d5f83d8bd7dbbd535cf109680471f.tar.xz
1 files changed, 9 insertions, 1 deletions
diff --git a/web/template/login_form.php b/web/template/login_form.php
index ca81e0e..b351a27 100644
--- a/web/template/login_form.php
+++ b/web/template/login_form.php
@@ -6,7 +6,7 @@ if (isset($_COOKIE["AURSID"])) {
  <a href="logout.php">[<?php print __("Logout"); ?>]</a>
 <?php
 }
-else {
+elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
 	if ($login_error) {
 		print "<span class='error'>" . $login_error . "</span><br />\n";
 	}
@@ -26,5 +26,13 @@ else {
 	<a href="passreset.php">[<?php echo __('Forgot Password') ?>]</a>
 	</div>
 </form>
+<?php
+}
+else {
+?>
+<span class='error'>
+	<?php echo __("HTTP login is disabled. Please switch to HTTPs if you want to login: "); ?>
+	<a href="https://aur.archlinux.org/">https://aur.archlinux.org/</a>
+</span>
 <?php } ?>
 </div>
author	Lukas Fleischer <archlinux@cryptocrack.de>	2011-08-11 17:35:03 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2011-08-11 21:04:38 +0200
commit	1c9db1d1f14d5f83d8bd7dbbd535cf109680471f (patch)
tree	f0d43b6b7364deed54fb8317e7d8b0ffb52ed5a0 /web/template
parent	a47f4915dcc057b8b57130886e009db9ca6afd44 (diff)
download	aurweb-1c9db1d1f14d5f83d8bd7dbbd535cf109680471f.tar.xz