Changeset f5d61d84 in github

Timestamp:

Oct 21, 2009 4:47:40 AM (4 years ago)

Author:

thomascube <thomas@…>

Branches:

master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8

Children:

6020c3d

Parents:

efe93ad

Message:

Revert r3038 and allow to specify the port as value of force_https

Files:

• config/main.inc.php.dist (modified) (1 diff)
• index.php (modified) (1 diff)
• plugins/force_https/force_https.php (deleted)

config/main.inc.php.dist

@@ -49 +49 @@
 // possible units: s, m, h, d, w
 $rcmail_config['message_cache_lifetime'] = '10d';
+
+// enforce connections over https
+// with this option enabled, all non-secure connections will be redirected.
+// set the port for the ssl connection as value of this option if it differs from the default 443
+$rcmail_config['force_https'] = FALSE;
 
 // automatically create a new RoundCube user when log-in the first time.

index.php

@@ -62 +62 @@
 if ($RCMAIL->action=='error' && !empty($_GET['_code'])) {
   raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
+}
+
+// check if https is required (for login) and redirect if necessary
+if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
+  $https_port = is_bool($force_https) ? 443 : $force_https;
+  if (!(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == $use_https || $RCMAIL->config->get('use_https'))) {
+    header('Location: https://' . $_SERVER['HTTP_HOST'] . ($https_port != 443 ? ':' . $https_port : '') . $_SERVER['REQUEST_URI']);
+    exit;
+  }
 }