--- securelogin.module.original 2008-01-30 18:27:32.296875000 +0100 +++ securelogin.module 2008-01-30 18:43:50.250000000 +0100 @@ -1,5 +1,5 @@ ' . t("Enables passwords to be sent over a secure connection.") . '

'; break; case "admin/settings/securelogin": - $output = '

' . t("Secure Login redirects any forms with passwords to a secure address so that the password is not sent in cleartext. If you want the user to be redirected back to the insecure site after the password is sent securely, you need to set \$base_url in settings.php to your insecure URL.") . '

'; + $output = '

' . t("Secure Login redirects any forms with passwords to a secure address so that the password is not sent in cleartext. Users that log in at the insecure site can be redirected to the insecure site after the password is sent securely. Users that log in at the secure site will always be redirected to the secure site.") . '

'; break; } @@ -57,6 +57,12 @@ function securelogin_admin() { '#maxlength' => 300, '#description' => t("The base URL at which the site can be accessed securely (no trailing slash), e.g. " . $defurl . ". The hostname must match the hostname of the insecure URL, and in most cases, you will want the directory to match also (particularly if you have RewriteBase set).") ); + $form['securelogin_redirect_insecure'] = array( + '#type' => 'checkbox', + '#title' => t("Redirect to insecure site"), + '#default_value' => variable_get('securelogin_redirect_insecure', TRUE), + '#description' => t("Users that log in at the insecure site will be redirected to the insecure site after the password is sent securely when this option is enabled. Users that log in at the secure site will always be redirected to the secure site."), + ); $form['securelogin_loginform'] = array( '#type' => 'checkbox', '#title' => t("Secure login form"), @@ -92,7 +98,55 @@ function securelogin_form_alter($form_id // Strip trailing slash from base_path $base = substr(base_path(), 0, -1); $form['#action'] = preg_replace('@^' . $base . '@', variable_get('securelogin_baseurl', $base), $form['#action']); + + $form['secure_login_request'] = array( + '#type' => 'hidden', + '#value' => 1, + '#id' => 'secure_request', + ); + + $form['secure_login_is_https'] = array( + '#type' => 'hidden', + '#value' => (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off'), + '#id' => 'secure_is_https', + ); + } } // function securelogin_form_alter + +/** +* take care of the base_url +*/ +function securelogin_init() { + global $base_url; + + if (isset($_REQUEST['secure_login_request']) && variable_get('securelogin_redirect_insecure', TRUE)) { + $parsed = parse_url($base_url); + $parsed['scheme'] = ($_REQUEST['secure_login_is_https']) ? 'https' : 'http'; + $base_url = securelogin_glue_url($parsed); + } +} + + +/** +* Glue parsed url. +* Code from: http://nl3.php.net/manual/en/function.parse-url.php#77384 +*/ +function securelogin_glue_url($parsed) +{ + if (!is_array($parsed)) return false; + $uri = isset($parsed['scheme']) ? $parsed['scheme'].':'.((strtolower($parsed['scheme']) == 'mailto') ? '' : '//') : ''; + $uri .= isset($parsed['user']) ? $parsed['user'].(isset($parsed['pass']) ? ':'.$parsed['pass'] : '').'@' : ''; + $uri .= isset($parsed['host']) ? $parsed['host'] : ''; + $uri .= isset($parsed['port']) ? ':'.$parsed['port'] : ''; + if(isset($parsed['path'])) + { + $uri .= (substr($parsed['path'], 0, 1) == '/') ? $parsed['path'] : ('/'.$parsed['path']); + } + $uri .= isset($parsed['query']) ? '?'.$parsed['query'] : ''; + $uri .= isset($parsed['fragment']) ? '#'.$parsed['fragment'] : ''; + return $uri; +} + ?>