summaryrefslogtreecommitdiffstats
path: root/web/lib
diff options
context:
space:
mode:
Diffstat (limited to 'web/lib')
-rw-r--r--web/lib/aur.inc.php7
-rw-r--r--web/lib/config.inc.php.proto3
2 files changed, 8 insertions, 2 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 0927604..474ebee 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -326,9 +326,12 @@ function html_header($title="") {
global $_POST;
global $LANG;
global $SUPPORTED_LANGS;
+ global $DISABLE_HTTP_LOGIN;
- $login = try_login();
- $login_error = $login['error'];
+ if (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
+ $login = try_login();
+ $login_error = $login['error'];
+ }
$title = htmlspecialchars($title, ENT_QUOTES);
diff --git a/web/lib/config.inc.php.proto b/web/lib/config.inc.php.proto
index f710844..0f672ab 100644
--- a/web/lib/config.inc.php.proto
+++ b/web/lib/config.inc.php.proto
@@ -71,3 +71,6 @@ $PERSISTENT_COOKIE_TIMEOUT = 60 * 60 * 24 * 30;
# please ensure "upload_max_filesize" is additionally set to no more than 3M,
# otherwise this check might be easy to bypass (FS#22991 for details)
$MAX_FILESIZE_UNCOMPRESSED = 1024 * 1024 * 8;
+
+# Allow HTTPs logins only
+$DISABLE_HTTP_LOGIN = true;