View source
<?php
function securelogin_help($section = '') {
$output = '';
switch ($section) {
case "admin/help#securelogin":
$output = '<p>' . t("Enables passwords to be sent over a secure connection.") . '</p>';
break;
case "admin/settings/securelogin":
$output = '<p>' . t("Secure Login redirects any forms with passwords to a secure host address so that the password is not sent in cleartext. Users can be redirected to the original host address after logging in.") . '</p>';
break;
}
return $output;
}
function securelogin_menu() {
$items = array();
$items[] = array(
'path' => 'admin/settings/securelogin',
'title' => t("Secure login"),
'description' => t("Change secure login settings"),
'callback' => 'drupal_get_form',
'callback arguments' => array(
'securelogin_admin',
),
'access' => user_access('administer site configuration'),
'type' => MENU_NORMAL_ITEM,
);
return $items;
}
function securelogin_admin() {
global $base_url;
$form['securelogin_baseurl'] = array(
'#type' => 'textfield',
'#title' => t("Base URL for secure pages"),
'#default_value' => variable_get('securelogin_baseurl', preg_replace('@^http://@', 'https://', $base_url)),
'#description' => t("The base URL for secure pages. For example, <code>" . preg_replace('@^http://@', 'https://', $base_url) . "</code>. Note that in order for cookies to work, the hostnames in the secure base URL and the unsecure base URL must be in the same domain as per the appropriate setting in <code>settings.php</code>, which you may need to modify."),
);
$form['securelogin_redirect'] = array(
'#type' => 'checkbox',
'#title' => t("Redirect to original location"),
'#default_value' => variable_get('securelogin_redirect', TRUE),
'#description' => t("Users that log in from an address other than the secure URL specified above will be redirected to the original site after logging in when this option is enabled. Note that an eror will be produced if this is enabled and the hostname above does not match the original hostname."),
);
$form['securelogin_original_baseurl'] = array(
'#type' => 'textfield',
'#title' => t("Base URL for insecure secure pages"),
'#default_value' => variable_get('securelogin_original_baseurl', preg_replace('@^https://@', 'http://', $base_url)),
'#description' => t("The base URL for insecure pages. For example, <code>" . preg_replace('@^https://@', 'http://', $base_url) . "</code>. Note that in order for cookies to work, the hostnames in the secure base URL and the unsecure base URL must be in the same domain as per the appropriate setting in <code>settings.php</code>, which you may need to modify."),
);
$form['securelogin_secure_forms'] = array(
'#type' => 'checkbox',
'#title' => 'Secure form pages',
'#default_value' => variable_get('securelogin_secure_forms', FALSE),
'#description' => t("If enabled, form pages will also be secured. This is mostly for cosmetic effect, to reassure users that the form they are about to submit is secure."),
);
$form['securelogin_loginform'] = array(
'#type' => 'checkbox',
'#title' => t("Secure login form"),
'#default_value' => variable_get('securelogin_loginform', TRUE),
'#description' => t("Whether or not to secure the login forms."),
);
$form['securelogin_editform'] = array(
'#type' => 'checkbox',
'#title' => t("Secure user edit form"),
'#default_value' => variable_get('securelogin_editform', TRUE),
'#description' => t("Whether or not to secure the user edit form."),
);
$form['securelogin_registerform'] = array(
'#type' => 'checkbox',
'#title' => t("Secure user registration form"),
'#default_value' => variable_get('securelogin_registerform', TRUE),
'#description' => t("Whether or not to secure the new user registration form. You may want to turn this off if new users get their passwords by email, but this will mean that creating users as an administrator will be insecure."),
);
return system_settings_form($form);
}
function securelogin_form_alter($form_id, &$form) {
global $base_url;
if ($form_id == 'user_login_block' && variable_get('securelogin_loginform', TRUE) == TRUE || $form_id == 'user_login' && variable_get('securelogin_loginform', TRUE) == TRUE || $form_id == 'user_edit' && variable_get('securelogin_editform', TRUE) == TRUE || $form_id == 'user_register' && variable_get('securelogin_registerform', TRUE) == TRUE) {
$origurl = isset($_REQUEST['securelogin_original_baseurl']) ? $_REQUEST['securelogin_original_baseurl'] : $base_url;
$securl = variable_get('securelogin_baseurl', preg_replace('@^http://@', 'https://', $base_url));
$base = rtrim(base_path(), '/');
if (variable_get('securelogin_secure_forms', FALSE) == TRUE) {
$secformurl = $securl . '/' . $_GET['q'];
if ($_SERVER['SCRIPT_URI'] != $secformurl) {
drupal_goto($secformurl, 'securelogin_original_baseurl=' . urlencode($origurl));
}
}
$form['#action'] = preg_replace('@^' . $base . '@', $securl, $form['#action']);
$form['securelogin_original_baseurl'] = array(
'#type' => 'hidden',
'#value' => $origurl,
);
}
}
function securelogin_init() {
global $base_url;
if (isset($_REQUEST['securelogin_original_baseurl']) && variable_get('securelogin_redirect', TRUE)) {
$base_url = variable_get('securelogin_original_baseurl', $base_url);
}
}
