You are here

Home » API reference » Secure Login 6

securelogin.module in Secure Login 6

Same filename and directory in other branches
  1. 8 securelogin.module
  2. 5 securelogin.module
  3. 7 securelogin.module

File

securelogin.module
View source 
<?php

/**
* Display help and module information
*/
function securelogin_help($path = '', $arg) {
  $output = '';
  switch ($path) {
    case "admin/help#securelogin":
      $output = '<p>' . t("Enables passwords to be sent over a secure connection.") . '</p>';
      break;
    case "admin/settings/securelogin":
      $output = '<p>' . t("Secure Login redirects any forms with passwords to a secure host address so that the password is not sent in cleartext.  Users can be redirected to the original host address after logging in.") . '</p>';
      break;
  }
  return $output;
}

// function securelogin_help

/**
* Menus
*/
function securelogin_menu() {
  $items = array();
  $items['admin/settings/securelogin'] = array(
    'title' => t("Secure login"),
    'description' => t("Change secure login settings"),
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'securelogin_admin',
    ),
    'access arguments' => array(
      'administer site configuration',
    ),
    'type' => MENU_NORMAL_ITEM,
  );
  return $items;
}

// function securelogin_menu

/**
* Admin form
*/
function securelogin_admin() {
  global $base_url;
  $form['securelogin_baseurl'] = array(
    '#type' => 'textfield',
    '#title' => t("Base URL for secure pages"),
    '#default_value' => variable_get('securelogin_baseurl', preg_replace('@^http://@', 'https://', $base_url)),
    '#description' => t("The base URL for secure pages.  For example, <code>" . preg_replace('@^http://@', 'https://', $base_url) . "</code>.  Note that in order for cookies to work, the hostnames in the secure base URL and the unsecure base URL must be in the same domain as per the appropriate setting in <code>settings.php</code>, which you may need to modify."),
  );
  $form['securelogin_redirect'] = array(
    '#type' => 'checkbox',
    '#title' => t("Redirect to original location"),
    '#default_value' => variable_get('securelogin_redirect', TRUE),
    '#description' => t("Users that log in from an address other than the secure URL specified above will be redirected to the original site after logging in when this option is enabled.  Note that an eror will be produced if this is enabled and the hostname above does not match the original hostname."),
  );
  $form['securelogin_original_baseurl'] = array(
    '#type' => 'textfield',
    '#title' => t("Base URL for insecure secure pages"),
    '#default_value' => variable_get('securelogin_original_baseurl', preg_replace('@^https://@', 'http://', $base_url)),
    '#description' => t("The base URL for insecure pages.  For example, <code>" . preg_replace('@^https://@', 'http://', $base_url) . "</code>.  Note that in order for cookies to work, the hostnames in the secure base URL and the unsecure base URL must be in the same domain as per the appropriate setting in <code>settings.php</code>, which you may need to modify."),
  );
  $form['securelogin_secure_forms'] = array(
    '#type' => 'checkbox',
    '#title' => 'Secure form pages',
    '#default_value' => variable_get('securelogin_secure_forms', FALSE),
    '#description' => t("If enabled, form pages will also be secured.  This is mostly for cosmetic effect, to reassure users that the form they are about to submit is secure."),
  );
  $form['securelogin_loginform'] = array(
    '#type' => 'checkbox',
    '#title' => t("Secure login form"),
    '#default_value' => variable_get('securelogin_loginform', TRUE),
    '#description' => t("Whether or not to secure the login forms."),
  );
  $form['securelogin_profileform'] = array(
    '#type' => 'checkbox',
    '#title' => t("Secure user edit form"),
    '#default_value' => variable_get('securelogin_profileform', TRUE),
    '#description' => t("Whether or not to secure the user profile form."),
  );
  $form['securelogin_registerform'] = array(
    '#type' => 'checkbox',
    '#title' => t("Secure user registration form"),
    '#default_value' => variable_get('securelogin_registerform', TRUE),
    '#description' => t("Whether or not to secure the new user registration form.  You may want to turn this off if new users get their passwords by email, but this will mean that creating users as an administrator will be insecure."),
  );
  return system_settings_form($form);
}

/**
 * Alter address in password forms
 */
function securelogin_form_alter(&$form, $form_state, $form_id) {
  global $base_url;
  if ($form_id == 'user_login_block' && variable_get('securelogin_loginform', TRUE) || $form_id == 'user_login' && variable_get('securelogin_loginform', TRUE) || $form_id == 'user_profile_form' && variable_get('securelogin_profileform', TRUE) || $form_id == 'user_register' && variable_get('securelogin_registerform', TRUE)) {

    // Get original base URL
    $orig_url = isset($_REQUEST['securelogin_original_baseurl']) ? $_REQUEST['securelogin_original_baseurl'] : $base_url;

    // Get secure URL
    $sec_url = variable_get('securelogin_baseurl', preg_replace('@^http://@', 'https://', $base_url));

    // Check if we already have HTTPS.
    if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on') {

      // Redirect form to secure page, if necessary.
      if (variable_get('securelogin_secure_forms', FALSE)) {

        // Build destination URL.
        $sec_form_url = variable_get('clean_url', '0') ? $sec_url . '/' . $_GET['q'] : $sec_url . '/';
        if (empty($_SERVER['SCRIPT_URI']) || $_SERVER['SCRIPT_URI'] != $sec_form_url) {

          // Apply query string to destination URL, excluding $_GET['q'] if
          // clean URLs are enabled.
          $exclude = variable_get('clean_url', '0') ? array(
            'q',
          ) : array();
          $query = drupal_query_string_encode($_GET, $exclude);

          // If redirect to insecure site is enabled, provide the base URL.
          if (variable_get('securelogin_redirect', TRUE)) {
            if ($query) {
              $query .= '&';
            }
            $query .= 'securelogin_original_baseurl=' . urlencode($orig_url);
          }

          // Ignore destination on this redirect. It has been preserved in the
          // destination URL query string.
          unset($_REQUEST['destination']);
          drupal_goto($sec_form_url, $query, NULL, 301);
        }
      }
    }

    // Strip trailing slash from base_path
    $base = rtrim(base_path(), '/');

    // Set form action
    $form['#action'] = preg_replace('@^' . $base . '@', $sec_url, $form['#action']);

    // If redirect to insecure site is enabled, add field to remember original
    // base URL.
    if (variable_get('securelogin_redirect', TRUE)) {
      $form['securelogin_original_baseurl'] = array(
        '#type' => 'hidden',
        '#value' => $orig_url,
      );
    }
  }
}

/**
 * Restore the original base URL if redirection is enabled
 */
function securelogin_boot() {
  global $base_url;
  if (isset($_REQUEST['securelogin_original_baseurl'])) {
    if (variable_get('securelogin_redirect', TRUE)) {
      $base_url = variable_get('securelogin_original_baseurl', $base_url);
    }
  }
}

/**
 * Implements hook_init().
 */
function securelogin_init() {
  if (user_is_logged_in() && arg(0) == 'user' && (arg(1) == 'login' || arg(1) == 'register')) {
    drupal_goto('user');
  }
}

Functions

Namesort descending Description
securelogin_admin Admin form
securelogin_boot Restore the original base URL if redirection is enabled
securelogin_form_alter Alter address in password forms
securelogin_help Display help and module information
securelogin_init Implements hook_init().
securelogin_menu Menus