[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Librefm-discuss] Editing user profile over HTTPS
From: |
Adam Kazimierczak |
Subject: |
[Librefm-discuss] Editing user profile over HTTPS |
Date: |
Fri, 16 May 2014 00:03:59 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
Hello Mailing List,
Here is my first patch which targets the "feature" #1135 from the redmine:
http://bugs.foocorp.net/issues/1135
Generally, I think that a logged user should always use HTTPS. However,
since it is not yet implemented, there is probably some reason behind. I
made only the edit page using HTTPS.
So, from the start.
I have added to the config.php (and config.php generator code) a new
variable $https_available which takes as an argument a boolean value.
Basing on the value of this variable, the script determines if the edit
page should or not should use HTTPS. Libre.fm has HTTPS configured and
working, but other gnu-fm users having their own installations may not
have HTTPS working or is not available for some reason. So by default
this value is set to false.
To get to the user-edit.php page through the web interface, a user needs
to click "Edit" link which appears on the user-profile.php page. To
generate the link, the code uses getUserURL method from Server class. I
have modified the code responsible for generating the URL for the "edit"
page. If $https_available is set to true, the code modifies $base_url to
contain https:// prefix. It does the replacement by
str_replace(array('http://', '//'), 'https://', $base_url) .
The other way to get to the edit page is the user-connections.php page.
There, using SMARTY, I have set a check if $https_available is true.
When it is, the script uses $base_url_https variable to generate the
URL. $base_url_https is generated in the templating.php file.
$https_available is made available for SMARTY through the same file.
On the edit page, to make the form use HTTPS too, I used the same
approach like with the other SMARTY template files. It checks for
$https_available value and does change of the URL.
The patches are divided into two files. "gnu-fm1135.patch" modifies the
files from the gnu-fm repository (core files and the gnufm theme).
"librefm-1135.patch" modifies the files from the librefm repository
("2014" theme).
I have tested the code on my local installation and everything seems to
work as expected.
I am waiting for your feedback, and thanks for the opportunity to work
on such a great project!
Adam
gnu-fm1135.patch
Description: Text Data
librefm-1135.patch
Description: Text Data
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Librefm-discuss] Editing user profile over HTTPS,
Adam Kazimierczak <=