Add a configuration setting to disallow HTTP login

If this is enabled, do not show the login form and display a note suggesting to switch to a secure connection if a user accesses the site via HTTP. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2011-08-11 17:35:03 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2011-08-11 21:04:38 +0200
commit: 1c9db1d1f14d5f83d8bd7dbbd535cf109680471f (patch)
tree: f0d43b6b7364deed54fb8317e7d8b0ffb52ed5a0 /web/lib/aur.inc.php
parent: a47f4915dcc057b8b57130886e009db9ca6afd44 (diff)
download: aur-1c9db1d1f14d5f83d8bd7dbbd535cf109680471f.tar.gz
aur-1c9db1d1f14d5f83d8bd7dbbd535cf109680471f.tar.xz
1 files changed, 5 insertions, 2 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 0927604a..474ebeed 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -326,9 +326,12 @@ function html_header($title="") {
 	global $_POST;
 	global $LANG;
 	global $SUPPORTED_LANGS;
+	global $DISABLE_HTTP_LOGIN;
 
-	$login = try_login();
-	$login_error = $login['error'];
+	if (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
+		$login = try_login();
+		$login_error = $login['error'];
+	}
 
 	$title = htmlspecialchars($title, ENT_QUOTES);
author	Lukas Fleischer <archlinux@cryptocrack.de>	2011-08-11 17:35:03 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2011-08-11 21:04:38 +0200
commit	1c9db1d1f14d5f83d8bd7dbbd535cf109680471f (patch)
tree	f0d43b6b7364deed54fb8317e7d8b0ffb52ed5a0 /web/lib/aur.inc.php
parent	a47f4915dcc057b8b57130886e009db9ca6afd44 (diff)
download	aur-1c9db1d1f14d5f83d8bd7dbbd535cf109680471f.tar.gz aur-1c9db1d1f14d5f83d8bd7dbbd535cf109680471f.tar.xz