[Librefm-discuss] Editing user profile over HTTPS

librefm-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Librefm-discuss] Editing user profile over HTTPS

From:	Adam Kazimierczak
Subject:	[Librefm-discuss] Editing user profile over HTTPS
Date:	Fri, 16 May 2014 00:03:59 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

Hello Mailing List,

Here is my first patch which targets the "feature" #1135 from the redmine:
http://bugs.foocorp.net/issues/1135

Generally, I think that a logged user should always use HTTPS. However,since it is not yet implemented, there is probably some reason behind. Imade only the edit page using HTTPS.


So, from the start.

I have added to the config.php (and config.php generator code) a newvariable $https_available which takes as an argument a boolean value.Basing on the value of this variable, the script determines if the editpage should or not should use HTTPS. Libre.fm has HTTPS configured andworking, but other gnu-fm users having their own installations may nothave HTTPS working or is not available for some reason. So by defaultthis value is set to false.

To get to the user-edit.php page through the web interface, a user needsto click "Edit" link which appears on the user-profile.php page. Togenerate the link, the code uses getUserURL method from Server class. Ihave modified the code responsible for generating the URL for the "edit"page. If $https_available is set to true, the code modifies $base_url tocontain https:// prefix. It does the replacement bystr_replace(array('http://', '//'), 'https://', $base_url) .

The other way to get to the edit page is the user-connections.php page.There, using SMARTY, I have set a check if $https_available is true.When it is, the script uses $base_url_https variable to generate theURL. $base_url_https is generated in the templating.php file.$https_available is made available for SMARTY through the same file.

On the edit page, to make the form use HTTPS too, I used the sameapproach like with the other SMARTY template files. It checks for$https_available value and does change of the URL.

The patches are divided into two files. "gnu-fm1135.patch" modifies thefiles from the gnu-fm repository (core files and the gnufm theme)."librefm-1135.patch" modifies the files from the librefm repository("2014" theme).

I have tested the code on my local installation and everything seems towork as expected.

I am waiting for your feedback, and thanks for the opportunity to workon such a great project!


Adam

gnu-fm1135.patch
Description: Text Data

librefm-1135.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[Librefm-discuss] Editing user profile over HTTPS, Adam Kazimierczak <=

Prev by Date: Re: [Librefm-discuss] Help with development
Next by Date: Re: [Librefm-discuss] Help with development
Previous by thread: [Librefm-discuss] Help with development
Index(es):
- Date
- Thread