From: Andrew Dolgov Date: Fri, 9 Dec 2005 20:34:29 +0000 (+0100) Subject: option to redirect to https url for login, option ENABLE_LOGIN_SSL (fixes some non... X-Git-Tag: schema_freeze_for_1.1.1~83 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=75836f33860f26ca55ec8e8661cff4b0edc2fe5e;p=tt-rss.git option to redirect to https url for login, option ENABLE_LOGIN_SSL (fixes some non-absolute redirects) --- diff --git a/config.php-dist b/config.php-dist index 309af2da..44603811 100644 --- a/config.php-dist +++ b/config.php-dist @@ -54,4 +54,7 @@ define('GLOBAL_ENABLE_LABELS', false); // Labels are a security risk, so this option can globally disable them for all users. + define('ENABLE_LOGIN_SSL', false); + // Redirect to SSL url for login + ?> diff --git a/functions.php b/functions.php index ba80bab9..8b990740 100644 --- a/functions.php +++ b/functions.php @@ -723,12 +723,34 @@ session_destroy(); } + function get_script_urlpath() { + $request_uri = $_SERVER["REQUEST_URI"]; + return preg_replace('/\/[^\/]+$/', "", $request_uri); + } + + function get_login_redirect() { + $server = $_SERVER["SERVER_NAME"]; + + if (ENABLE_LOGIN_SSL) { + $protocol = "https"; + } else { + $protocol = "http"; + } + + $url_path = get_script_urlpath(); + + $redirect_uri = "$protocol://$server$url_path/login.php"; + + return $redirect_uri; + } + function login_sequence($link) { if (!SINGLE_USER_MODE) { - + if (!USE_HTTP_AUTH) { if (!$_SESSION["uid"]) { - header("Location: login.php?rt=tt-rss.php"); + $redirect_uri = get_login_redirect(); + header("Location: $redirect_uri?rt=tt-rss.php"); exit; } } else { diff --git a/login.php b/login.php index b162fa9c..eda2ac82 100644 --- a/login.php +++ b/login.php @@ -6,8 +6,11 @@ require_once "config.php"; require_once "functions.php"; + $url_path = get_script_urlpath(); + $redirect_base = "http://" . $_SERVER["SERVER_NAME"] . $url_path; + if (SINGLE_USER_MODE) { - header("Location: tt-rss.php"); + header("Location: $redirect_base/tt-rss.php"); exit; } @@ -25,7 +28,7 @@ } else { $redirect_to = "tt-rss.php"; } - header("Location: $redirect_to"); + header("Location: $redirect_base/$redirect_to"); } } diff --git a/logout.php b/logout.php index 9af2bab6..b258067a 100644 --- a/logout.php +++ b/logout.php @@ -7,7 +7,17 @@ logout_user(); if (!USE_HTTP_AUTH) { - header("Location: login.php"); + $url_path = get_script_urlpath(); + + if (ENABLE_LOGIN_SSL) { + $protocol = "https"; + } else { + $protocol = "http"; + } + + $redirect_base = "$protocol://" . $_SERVER["SERVER_NAME"] . $url_path; + + header("Location: $redirect_base/login.php"); } else { ?>