summaryrefslogtreecommitdiff
path: root/actions/login.php
diff options
context:
space:
mode:
authorBrion Vibber <brion@pobox.com>2010-05-18 21:52:17 +0000
committerBrion Vibber <brion@pobox.com>2010-05-18 21:52:17 +0000
commit14a76926a225dec3d29aeffa13ab7ece74f708e5 (patch)
tree53cc27ed0e9d2629f4e54be8705a7b150d1b9f34 /actions/login.php
parent813bbc912d73910943b966d1be80f27c3ff3584a (diff)
Redirect non-SSL hits to login & register actions to SSL if 'always' or 'sometimes' SSL modes are kicked in.
The forms would already submit to SSL, but people are happier if they start on a secure page! Note: this really should be done for sensitive/all URLs in index.php, but it seems a bit awkward to reconstruct the SSL version of the link atm. Cleanup todo!
Diffstat (limited to 'actions/login.php')
-rw-r--r--actions/login.php22
1 files changed, 22 insertions, 0 deletions
diff --git a/actions/login.php b/actions/login.php
index dc6352368..d3e4312f7 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -63,6 +63,28 @@ class LoginAction extends Action
}
/**
+ * Prepare page to run
+ *
+ *
+ * @param $args
+ * @return string title
+ */
+
+ function prepare($args)
+ {
+ parent::prepare($args);
+
+ // @todo this check should really be in index.php for all sensitive actions
+ $ssl = common_config('site', 'ssl');
+ if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) {
+ common_redirect(common_local_url('login'));
+ // exit
+ }
+
+ return true;
+ }
+
+ /**
* Handle input, produce output
*
* Switches on request method; either shows the form or handles its input.