diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-08-11 17:35:03 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-08-11 21:04:38 +0200 |
commit | 1c9db1d1f14d5f83d8bd7dbbd535cf109680471f (patch) | |
tree | f0d43b6b7364deed54fb8317e7d8b0ffb52ed5a0 /web/template | |
parent | a47f4915dcc057b8b57130886e009db9ca6afd44 (diff) | |
download | aur-1c9db1d1f14d5f83d8bd7dbbd535cf109680471f.tar.gz aur-1c9db1d1f14d5f83d8bd7dbbd535cf109680471f.tar.xz |
Add a configuration setting to disallow HTTP login
If this is enabled, do not show the login form and display a note
suggesting to switch to a secure connection if a user accesses the site
via HTTP.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/template')
-rw-r--r-- | web/template/login_form.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/web/template/login_form.php b/web/template/login_form.php index ca81e0e7..b351a27e 100644 --- a/web/template/login_form.php +++ b/web/template/login_form.php @@ -6,7 +6,7 @@ if (isset($_COOKIE["AURSID"])) { <a href="logout.php">[<?php print __("Logout"); ?>]</a> <?php } -else { +elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) { if ($login_error) { print "<span class='error'>" . $login_error . "</span><br />\n"; } @@ -26,5 +26,13 @@ else { <a href="passreset.php">[<?php echo __('Forgot Password') ?>]</a> </div> </form> +<?php +} +else { +?> +<span class='error'> + <?php echo __("HTTP login is disabled. Please switch to HTTPs if you want to login: "); ?> + <a href="https://aur.archlinux.org/">https://aur.archlinux.org/</a> +</span> <?php } ?> </div> |