Support SSL for some, all, or no pages

Support SSL URLs either for all pages; no pages; or for sensitive
pages accepting passwords, like login, registration, API, and others.
This commit is contained in:
Evan Prodromou 2009-03-26 15:03:59 -04:00
parent 47b89aa2c3
commit e149f3d64b
4 changed files with 48 additions and 5 deletions

10
README
View File

@ -925,6 +925,16 @@ dupelimit: Time in which it's not OK for the same person to post the
same notice; default = 60 seconds.
logo: URL of an image file to use as the logo for the site. Overrides
the logo in the theme, if any.
ssl: Whether to use SSL and https:// URLs for some or all pages.
Possible values are 'always' (use it for all pages), 'never'
(don't use it for any pages), or 'sometimes' (use it for
sensitive pages that include passwords like login and registration,
but not for regular pages). Default to 'never'.
sslserver: use an alternate server name for SSL URLs, like
'secure.example.org'. You should be careful to set cookie
parameters correctly so that both the SSL server and the
"normal" server can access the session cookie and
preferably other cookies as well.
db
--

View File

@ -174,3 +174,13 @@ $config['sphinx']['port'] = 3312;
#http://taguri.org/ Examples:
#$config['integration']['taguri'] = 'example.net,2008';
#$config['integration']['taguri'] = 'admin@example.net,2009-03-09'
#Don't use SSL
#$config['site']['ssl'] = 'never';
#Use SSL only for sensitive pages (like login, password change)
#$config['site']['ssl'] = 'sometimes';
#Use SSL for all pages
#$config['site']['ssl'] = 'always';
#Use a different hostname for SSL-encrypted pages
#$config['site']['sslserver'] = 'secure.example.org';

View File

@ -87,6 +87,8 @@ $config =
'closed' => false,
'inviteonly' => false,
'private' => false,
'ssl' => 'never',
'sslserver' => null,
'dupelimit' => 60), # default for same person saying the same thing
'syslog' =>
array('appname' => 'laconica', # for syslog

View File

@ -721,25 +721,46 @@ function common_relative_profile($sender, $nickname, $dt=null)
function common_local_url($action, $args=null, $params=null, $fragment=null)
{
static $sensitive = array('login', 'register', 'passwordsettings',
'twittersettings', 'finishopenidlogin',
'api');
$r = Router::get();
$path = $r->build($action, $args, $params, $fragment);
$ssl = in_array($action, $sensitive);
if (common_config('site','fancy')) {
$url = common_path(mb_substr($path, 1));
$url = common_path(mb_substr($path, 1), $ssl);
} else {
if (mb_strpos($path, '/index.php') === 0) {
$url = common_path(mb_substr($path, 1));
$url = common_path(mb_substr($path, 1), $ssl);
} else {
$url = common_path('index.php'.$path);
$url = common_path('index.php'.$path, $ssl);
}
}
return $url;
}
function common_path($relative)
function common_path($relative, $ssl=false)
{
$pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';
return "http://".common_config('site', 'server').'/'.$pathpart.$relative;
if (($ssl && (common_config('site', 'ssl') === 'sometimes'))
|| common_config('site', 'ssl') === 'always') {
$proto = 'https';
if (is_string(common_config('site', 'sslserver')) &&
mb_strlen(common_config('site', 'sslserver')) > 0) {
$serverpart = common_config('site', 'sslserver');
} else {
$serverpart = common_config('site', 'server');
}
} else {
$proto = 'http';
$serverpart = common_config('site', 'server');
}
return $proto.'://'.$serverpart.'/'.$pathpart.$relative;
}
function common_date_string($dt)