mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-24 02:58:43 +02:00
Enhancement : new configuration option (secure_conenction_required) to force the use of HTTPS to connect to iTop. The redirection http -> https is still buggy but the usage of https is enforced anyway.
SVN:trunk[324]
This commit is contained in:
Denis Flaven
@@ -75,21 +75,50 @@ h1 {
|
||||
}
|
||||
// Finally, destroy the session.
|
||||
session_destroy();
|
||||
}
|
||||
|
||||
static function SecureConnectionRequired()
|
||||
{
|
||||
$oConfig = new Config(ITOP_CONFIG_FILE);
|
||||
return $oConfig->GetSecureConnectionRequired();
|
||||
}
|
||||
|
||||
static function IsConnectionSecure()
|
||||
{
|
||||
$bSecured = false;
|
||||
|
||||
if ( !empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS']!= 'off') )
|
||||
{
|
||||
$bSecured = true;
|
||||
}
|
||||
return $bSecured;
|
||||
}
|
||||
|
||||
static function DoLogin()
|
||||
{
|
||||
$operation = utils::ReadParam('loginop', '');
|
||||
if (self::SecureConnectionRequired() && !self::IsConnectionSecure())
|
||||
{
|
||||
// Non secured URL... redirect to a secured one
|
||||
$sUrl = Utils::GetAbsoluteUrl(true /* query string */, true /* force HTTPS */);
|
||||
header("Location: $sUrl");
|
||||
exit;
|
||||
}
|
||||
$operation = utils::ReadParam('loginop', '');
|
||||
session_start();
|
||||
|
||||
if ($operation == 'logoff')
|
||||
{
|
||||
self::ResetSession();
|
||||
}
|
||||
|
||||
|
||||
if (!isset($_SESSION['auth_user']) || !isset($_SESSION['auth_pwd']))
|
||||
{
|
||||
if ($operation == 'login')
|
||||
if ($operation == 'loginurl')
|
||||
{
|
||||
$sAuthUser = utils::ReadParam('auth_user', '', 'get');
|
||||
$sAuthPwd = utils::ReadParam('auth_pwd', '', 'get');
|
||||
}
|
||||
else if ($operation == 'login')
|
||||
{
|
||||
$sAuthUser = utils::ReadParam('auth_user', '', 'post');
|
||||
$sAuthPwd = utils::ReadParam('auth_pwd', '', 'post');
|
||||
@@ -106,9 +135,9 @@ h1 {
|
||||
{
|
||||
$sAuthUser = $_SESSION['auth_user'];
|
||||
$sAuthPwd = $_SESSION['auth_pwd'];
|
||||
}
|
||||
}
|
||||
if (!UserRights::Login($sAuthUser, $sAuthPwd))
|
||||
{
|
||||
{
|
||||
self::ResetSession();
|
||||
$oPage = new LoginWebPage();
|
||||
$oPage->DisplayLoginForm( true /* failed attempt */);
|
||||
@@ -119,8 +148,8 @@ h1 {
|
||||
{
|
||||
$_SESSION['auth_user'] = $sAuthUser ;
|
||||
$_SESSION['auth_pwd'] = $sAuthPwd;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
} // End of class
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user