summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config/main.inc.php.dist5
-rw-r--r--index.php9
-rw-r--r--plugins/force_https/force_https.php38
3 files changed, 14 insertions, 38 deletions
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index 7fbf97132..efa45957c 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -49,6 +49,11 @@ $rcmail_config['enable_caching'] = FALSE;
// possible units: s, m, h, d, w
$rcmail_config['message_cache_lifetime'] = '10d';
+// enforce connections over https
+// with this option enabled, all non-secure connections will be redirected.
+// set the port for the ssl connection as value of this option if it differs from the default 443
+$rcmail_config['force_https'] = FALSE;
+
// automatically create a new RoundCube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service
diff --git a/index.php b/index.php
index 4ae71e1cf..e0956b4ff 100644
--- a/index.php
+++ b/index.php
@@ -63,6 +63,15 @@ if ($RCMAIL->action=='error' && !empty($_GET['_code'])) {
raise_error(array('code' => hexdec($_GET['_code'])), FALSE, TRUE);
}
+// check if https is required (for login) and redirect if necessary
+if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
+ $https_port = is_bool($force_https) ? 443 : $force_https;
+ if (!(isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == $use_https || $RCMAIL->config->get('use_https'))) {
+ header('Location: https://' . $_SERVER['HTTP_HOST'] . ($https_port != 443 ? ':' . $https_port : '') . $_SERVER['REQUEST_URI']);
+ exit;
+ }
+}
+
// trigger startup plugin hook
$startup = $RCMAIL->plugins->exec_hook('startup', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
$RCMAIL->set_task($startup['task']);
diff --git a/plugins/force_https/force_https.php b/plugins/force_https/force_https.php
deleted file mode 100644
index 67552570e..000000000
--- a/plugins/force_https/force_https.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-
-/**
- * Enforce secure HTTPs connection for login
- *
- * Configuration:
- * // Port for https connection
- * $rcmail_config['force_https_port'] = 443;
- *
- * @version 1.0
- * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
- */
-class force_https extends rcube_plugin
-{
- function init()
- {
- $this->add_hook('startup', array($this, 'redirect'));
- }
-
- function redirect($args)
- {
- $config = rcmail::get_instance()->config;
-
- $port = (int) $config->get('force_https_port', 443);
-
- // check if https is required (for login) and redirect if necessary
- if (empty($_SESSION['user_id']) && !$config->get('use_https')
- && (!isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] != $port))
- {
- header('Location: https://' . $_SERVER['HTTP_HOST'] . ($port != 443 ? ":$port" : '') . $_SERVER['REQUEST_URI']);
- exit;
- }
-
- return $args;
- }
-}
-
-?>