diff options
-rw-r--r-- | config/main.inc.php.dist | 5 | ||||
-rw-r--r-- | index.php | 9 | ||||
-rw-r--r-- | plugins/force_https/force_https.php | 38 |
3 files changed, 14 insertions, 38 deletions
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index 7fbf97132..efa45957c 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -49,6 +49,11 @@ $rcmail_config['enable_caching'] = FALSE; // possible units: s, m, h, d, w $rcmail_config['message_cache_lifetime'] = '10d'; +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = FALSE; + // automatically create a new RoundCube user when log-in the first time. // a new user will be created once the IMAP login succeeds. // set to false if only registered users can use this service @@ -63,6 +63,15 @@ if ($RCMAIL->action=='error' && !empty($_GET['_code'])) { raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE); } +// check if https is required (for login) and redirect if necessary +if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) { + $https_port = is_bool($force_https) ? 443 : $force_https; + if (!(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == $use_https || $RCMAIL->config->get('use_https'))) { + header('Location: https://' . $_SERVER['HTTP_HOST'] . ($https_port != 443 ? ':' . $https_port : '') . $_SERVER['REQUEST_URI']); + exit; + } +} + // trigger startup plugin hook $startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action)); $RCMAIL->set_task($startup['task']); diff --git a/plugins/force_https/force_https.php b/plugins/force_https/force_https.php deleted file mode 100644 index 67552570e..000000000 --- a/plugins/force_https/force_https.php +++ /dev/null @@ -1,38 +0,0 @@ -<?php - -/** - * Enforce secure HTTPs connection for login - * - * Configuration: - * // Port for https connection - * $rcmail_config['force_https_port'] = 443; - * - * @version 1.0 - * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl> - */ -class force_https extends rcube_plugin -{ - function init() - { - $this->add_hook('startup', array($this, 'redirect')); - } - - function redirect($args) - { - $config = rcmail::get_instance()->config; - - $port = (int) $config->get('force_https_port', 443); - - // check if https is required (for login) and redirect if necessary - if (empty($_SESSION['user_id']) && !$config->get('use_https') - && (!isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] != $port)) - { - header('Location: https://' . $_SERVER['HTTP_HOST'] . ($port != 443 ? ":$port" : '') . $_SERVER['REQUEST_URI']); - exit; - } - - return $args; - } -} - -?> |