Redirect non-SSL hits to login & register actions to SSL if 'always' or 'sometimes' SSL modes are kicked in.

The forms would already submit to SSL, but people are happier if they start on a secure page! Note: this really should be done for sensitive/all URLs in index.php, but it seems a bit awkward to reconstruct the SSL version of the link atm. Cleanup todo!
author: Brion Vibber <brion@pobox.com> 2010-05-18 21:52:17 +0000
committer: Brion Vibber <brion@pobox.com> 2010-05-18 21:52:17 +0000
commit: 14a76926a225dec3d29aeffa13ab7ece74f708e5 (patch)
tree: 53cc27ed0e9d2629f4e54be8705a7b150d1b9f34 /actions/register.php
parent: 813bbc912d73910943b966d1be80f27c3ff3584a (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/actions/register.php b/actions/register.php
index 7fdbb4ded..2fc7ef921 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -74,6 +74,13 @@ class RegisterAction extends Action
         parent::prepare($args);
         $this->code = $this->trimmed('code');
 
+        // @todo this check should really be in index.php for all sensitive actions
+        $ssl = common_config('site', 'ssl');
+        if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) {
+            common_redirect(common_local_url('register'));
+            // exit
+        }
+
         if (empty($this->code)) {
             common_ensure_session();
             if (array_key_exists('invitecode', $_SESSION)) {
author	Brion Vibber <brion@pobox.com>	2010-05-18 21:52:17 +0000
committer	Brion Vibber <brion@pobox.com>	2010-05-18 21:52:17 +0000
commit	14a76926a225dec3d29aeffa13ab7ece74f708e5 (patch)
tree	53cc27ed0e9d2629f4e54be8705a7b150d1b9f34 /actions/register.php
parent	813bbc912d73910943b966d1be80f27c3ff3584a (diff)