option to redirect to https url for login, option ENABLE_LOGIN_SSL (fixes some non-absolute redirects)
This commit is contained in:
parent
a24f525cce
commit
75836f3386
|
@ -54,4 +54,7 @@
|
|||
define('GLOBAL_ENABLE_LABELS', false);
|
||||
// Labels are a security risk, so this option can globally disable them for all users.
|
||||
|
||||
define('ENABLE_LOGIN_SSL', false);
|
||||
// Redirect to SSL url for login
|
||||
|
||||
?>
|
||||
|
|
|
@ -723,12 +723,34 @@
|
|||
session_destroy();
|
||||
}
|
||||
|
||||
function get_script_urlpath() {
|
||||
$request_uri = $_SERVER["REQUEST_URI"];
|
||||
return preg_replace('/\/[^\/]+$/', "", $request_uri);
|
||||
}
|
||||
|
||||
function get_login_redirect() {
|
||||
$server = $_SERVER["SERVER_NAME"];
|
||||
|
||||
if (ENABLE_LOGIN_SSL) {
|
||||
$protocol = "https";
|
||||
} else {
|
||||
$protocol = "http";
|
||||
}
|
||||
|
||||
$url_path = get_script_urlpath();
|
||||
|
||||
$redirect_uri = "$protocol://$server$url_path/login.php";
|
||||
|
||||
return $redirect_uri;
|
||||
}
|
||||
|
||||
function login_sequence($link) {
|
||||
if (!SINGLE_USER_MODE) {
|
||||
|
||||
if (!USE_HTTP_AUTH) {
|
||||
if (!$_SESSION["uid"]) {
|
||||
header("Location: login.php?rt=tt-rss.php");
|
||||
$redirect_uri = get_login_redirect();
|
||||
header("Location: $redirect_uri?rt=tt-rss.php");
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
|
|
|
@ -6,8 +6,11 @@
|
|||
require_once "config.php";
|
||||
require_once "functions.php";
|
||||
|
||||
$url_path = get_script_urlpath();
|
||||
$redirect_base = "http://" . $_SERVER["SERVER_NAME"] . $url_path;
|
||||
|
||||
if (SINGLE_USER_MODE) {
|
||||
header("Location: tt-rss.php");
|
||||
header("Location: $redirect_base/tt-rss.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
|
@ -25,7 +28,7 @@
|
|||
} else {
|
||||
$redirect_to = "tt-rss.php";
|
||||
}
|
||||
header("Location: $redirect_to");
|
||||
header("Location: $redirect_base/$redirect_to");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
12
logout.php
12
logout.php
|
@ -7,7 +7,17 @@
|
|||
logout_user();
|
||||
|
||||
if (!USE_HTTP_AUTH) {
|
||||
header("Location: login.php");
|
||||
$url_path = get_script_urlpath();
|
||||
|
||||
if (ENABLE_LOGIN_SSL) {
|
||||
$protocol = "https";
|
||||
} else {
|
||||
$protocol = "http";
|
||||
}
|
||||
|
||||
$redirect_base = "$protocol://" . $_SERVER["SERVER_NAME"] . $url_path;
|
||||
|
||||
header("Location: $redirect_base/login.php");
|
||||
} else { ?>
|
||||
|
||||
<html>
|
||||
|
|
Loading…
Reference in New Issue