From 979dc6190296b0c7ffdfe17031f2d32318da7e2b Mon Sep 17 00:00:00 2001 From: Paul J R Date: Fri, 28 Sep 2012 07:51:44 +1000 Subject: [PATCH] force ssl, change to /gwvp url --- gwvpmini/gwvpmini_admin.php | 33 +++++++++++++++++++++++++++++++-- gwvpmini/gwvpmini_user.php | 15 +++++++++++++++ gwvpmini/gwvpmini_web.php | 11 ++++++++++- www/.htaccess | 2 +- 4 files changed, 57 insertions(+), 4 deletions(-) diff --git a/gwvpmini/gwvpmini_admin.php b/gwvpmini/gwvpmini_admin.php index af007c1..e19a268 100644 --- a/gwvpmini/gwvpmini_admin.php +++ b/gwvpmini/gwvpmini_admin.php @@ -54,6 +54,9 @@ function gwvpmini_AdminCallMe() if($qspl[1] == "changegravs") { return "gwvpmini_SwitchGravatars"; } + if($qspl[1] == "changessl") { + return "gwvpmini_SwitchForceSSL"; + } } else { error_log("i got here, where next?"); return "gwvpmini_AdminMainPage"; @@ -87,7 +90,7 @@ function gwvpmini_AdminMainPage() function gwvpmini_AdminMainPageBody() { global $BASE_URL; - global $can_register, $reg_reqs_confirm, $confirm_from_address, $use_gravatar; + global $can_register, $reg_reqs_confirm, $confirm_from_address, $use_gravatar, $force_ssl; if($can_register) { $register = "Registration Enabled (Disable)"; @@ -107,10 +110,17 @@ function gwvpmini_AdminMainPageBody() $usegrav = "Gravatars are disabled (Enable)"; } + if($force_ssl) { + $forcessl = "Force SSL is enabled (Disable)"; + } else { + $forcessl = "Force SSL is disabled (Enable)"; + } + + $totalusers = gwvpmini_GetNUsers(); echo "
"; echo "

Users - $totalusers

"; - echo "$register
$regconfirm
$usegrav
"; + echo "$register
$regconfirm
$usegrav
$forcessl
"; echo "
"; echo "Address emails are sent from
"; echo "
"; @@ -502,4 +512,23 @@ function gwvpmini_SwitchGravatars() header("Location: $BASE_URL/admin"); } + +function gwvpmini_SwitchForceSSL() +{ + global $BASE_URL, $force_ssl; + + if($newst == 1) $stat = "disabled"; + else $stat = "enabled"; + + if($force_ssl) { + gwvpmini_setConfigVal("forcessl", "0"); + } else { + gwvpmini_setConfigVal("forcessl", "1"); + } + + gwvpmini_SendMessage("info", "forcessl $stat"); + + header("Location: $BASE_URL/admin"); + +} ?> \ No newline at end of file diff --git a/gwvpmini/gwvpmini_user.php b/gwvpmini/gwvpmini_user.php index c495552..f2efe02 100644 --- a/gwvpmini/gwvpmini_user.php +++ b/gwvpmini/gwvpmini_user.php @@ -15,6 +15,21 @@ if($IS_WEB_REQUEST) { } global $use_gravatar; + + $reg = gwvpmini_getConfigVal("forcessl"); + + $force_ssl = false; + if($reg == null) { + // dont force ssl by default + gwvpmini_setConfigVal("forcessl", "0"); + } else if($reg == 1) { + $force_ssl = true; + } else { + $force_ssl = false; + } + + global $force_ssl; + } diff --git a/gwvpmini/gwvpmini_web.php b/gwvpmini/gwvpmini_web.php index 4f83206..e7e0e54 100644 --- a/gwvpmini/gwvpmini_web.php +++ b/gwvpmini/gwvpmini_web.php @@ -13,7 +13,7 @@ $MENU_ITEMS["00home"]["link"] = "$BASE_URL"; function gwvpmini_goWeb() { - global $CALL_ME_FUNCTIONS; + global $CALL_ME_FUNCTIONS, $force_ssl; // first we determine if we have a valid setup and run the installer if not /*if(!gwvpmini_issetup()) { @@ -24,6 +24,15 @@ function gwvpmini_goWeb() // next, we go thru the CALL_ME_FUNCTIONS - the purpose of call_me_functions is to determine if a function should be called based on // the functions return (i.e. if function returns false, its not it, otherwise it returns a function name we have to call) // this is important for our plugin structure later on - the key on the array serves an an ordering method + + if($force_ssl) { + if(!isset($_SERVER['HTTPS'])) { + header("Location: https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"], true); + return; + } + } + + ksort($CALL_ME_FUNCTIONS); foreach($CALL_ME_FUNCTIONS as $key => $val) { //error_log("checking callmefunction $key as $val"); diff --git a/www/.htaccess b/www/.htaccess index 9f3570d..6805308 100644 --- a/www/.htaccess +++ b/www/.htaccess @@ -1,5 +1,5 @@ RewriteEngine on -RewriteBase /src/local/eclipse-workspace/gwvp-mini/www/ +RewriteBase /gwvp RewriteRule ^index\.php.* - [L,B] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d -- 1.7.0.4