From 1c9db1d1f14d5f83d8bd7dbbd535cf109680471f Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Thu, 11 Aug 2011 17:35:03 +0200
Subject: Add a configuration setting to disallow HTTP login

If this is enabled, do not show the login form and display a note
suggesting to switch to a secure connection if a user accesses the site
via HTTP.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/config.inc.php.proto | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'web/lib/config.inc.php.proto')

diff --git a/web/lib/config.inc.php.proto b/web/lib/config.inc.php.proto
index f710844..0f672ab 100644
--- a/web/lib/config.inc.php.proto
+++ b/web/lib/config.inc.php.proto
@@ -71,3 +71,6 @@ $PERSISTENT_COOKIE_TIMEOUT = 60 * 60 * 24 * 30;
 # please ensure "upload_max_filesize" is additionally set to no more than 3M,
 # otherwise this check might be easy to bypass (FS#22991 for details)
 $MAX_FILESIZE_UNCOMPRESSED = 1024 * 1024 * 8;
+
+# Allow HTTPs logins only
+$DISABLE_HTTP_LOGIN = true;
-- 
cgit v1.2.3-70-g09d2