From 5ca41b68703e8d8e41325ab4dd9c798946fc7a10 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 9 Jan 2010 16:19:45 -0800 Subject: redirect to sitename.wildcard for SSL --- classes/Status_network.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/classes/Status_network.php b/classes/Status_network.php index b3117640d..8dff879df 100644 --- a/classes/Status_network.php +++ b/classes/Status_network.php @@ -150,9 +150,18 @@ class Status_network extends DB_DataObject } if (!empty($sn)) { - if (!empty($sn->hostname) && 0 != strcasecmp($sn->hostname, $servername)) { - $sn->redirectToHostname(); + + // Redirect to the right URL + + if (!empty($sn->hostname) && + empty($SERVER['HTTPS']) && + 0 != strcasecmp($sn->hostname, $servername)) { + $sn->redirectTo('http://'.$sn->hostname.$_SERVER['REQUEST_URI']); + } else if (!empty($SERVER['HTTPS']) && + 0 != strcasecmp($sn->sitename.'.'.$wildcard, $servername)) { + $sn->redirectTo('https://'.$sn->sitename.'.'.$wildcard.$_SERVER['REQUEST_URI']); } + $dbhost = (empty($sn->dbhost)) ? 'localhost' : $sn->dbhost; $dbuser = (empty($sn->dbuser)) ? $sn->nickname : $sn->dbuser; $dbpass = $sn->dbpass; @@ -179,11 +188,8 @@ class Status_network extends DB_DataObject // (C) 2006 by Heiko Richler http://www.richler.de/ // LGPL - function redirectToHostname() + function redirectTo($destination) { - $destination = 'http://'.$this->hostname; - $destination .= $_SERVER['REQUEST_URI']; - $old = 'http'. (($_SERVER['HTTPS'] == 'on') ? 'S' : ''). '://'. -- cgit v1.2.3-54-g00ecf From 6d66a28b3591b579f0230620339882e9ba8078ab Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 9 Jan 2010 16:23:41 -0800 Subject: Use OTP to set cookies from registration action --- actions/register.php | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/actions/register.php b/actions/register.php index 57f8e7bdf..108d05f5a 100644 --- a/actions/register.php +++ b/actions/register.php @@ -259,6 +259,16 @@ class RegisterAction extends Action // Re-init language env in case it changed (not yet, but soon) common_init_language(); + + if (common_config('ssl', 'sometimes') && // mixed environment + common_config('site', 'server') != common_config('site', 'sslserver')) { + $url = common_local_url('all', + array('nickname' => + $user->nickname)); + $this->redirectFromSSL($user, $url, $this->boolean('rememberme')); + return; + } + $this->showSuccess(); } else { $this->showForm(_('Invalid username or password.')); @@ -578,5 +588,32 @@ class RegisterAction extends Action $nav = new LoginGroupNav($this); $nav->show(); } + + function redirectFromSSL($user, $returnto, $rememberme) + { + try { + $login_token = Login_token::makeNew($user); + } catch (Exception $e) { + $this->serverError($e->getMessage()); + return; + } + + $params = array(); + + if (!empty($returnto)) { + $params['returnto'] = $returnto; + } + + if (!empty($rememberme)) { + $params['rememberme'] = $rememberme; + } + + $target = common_local_url('otp', + array('user_id' => $login_token->user_id, + 'token' => $login_token->token), + $params); + + common_redirect($target, 303); + } } -- cgit v1.2.3-54-g00ecf