Hello Mailing List,
Here is my first patch which targets the "feature" #1135 from the redmine:
http://bugs.foocorp.net/issues/1135
Generally, I think that a logged user should always use HTTPS. However,
since it is not yet implemented, there is probably some reason behind. I
made only the edit page using HTTPS.
So, from the start.
I have added to the config.php (and config.php generator code) a new
variable $https_available which takes as an argument a boolean value.
Basing on the value of this variable, the script determines if the edit
page should or not should use HTTPS. Libre.fm has HTTPS configured and
working, but other gnu-fm users having their own installations may not
have HTTPS working or is not available for some reason. So by default
this value is set to false.
To get to the user-edit.php page through the web interface, a user needs
to click "Edit" link which appears on the user-profile.php page. To
generate the link, the code uses getUserURL method from Server class. I
have modified the code responsible for generating the URL for the "edit"
page. If $https_available is set to true, the code modifies $base_url to
contain https:// prefix. It does the replacement by
str_replace(array('http://', '//'), 'https://', $base_url) .
The other way to get to the edit page is the user-connections.php page.
There, using SMARTY, I have set a check if $https_available is true.
When it is, the script uses $base_url_https variable to generate the
URL. $base_url_https is generated in the templating.php file.
$https_available is made available for SMARTY through the same file.
On the edit page, to make the form use HTTPS too, I used the same
approach like with the other SMARTY template files. It checks for
$https_available value and does change of the URL.
The patches are divided into two files. "gnu-fm1135.patch" modifies the
files from the gnu-fm repository (core files and the gnufm theme).
"librefm-1135.patch" modifies the files from the librefm repository
("2014" theme).
I have tested the code on my local installation and everything seems to
work as expected.
I am waiting for your feedback, and thanks for the opportunity to work
on such a great project!
Adam
diff --git a/nixtape/data/Server.php b/nixtape/data/Server.php
index bfa3b5c..d2f758f 100644
--- a/nixtape/data/Server.php
+++ b/nixtape/data/Server.php
@@ -603,9 +603,14 @@ class Server {
* @return string URL to the user's profile
*/
static function getUserURL ($username, $component = 'profile', $params = false) {
- global $friendly_urls, $base_url;
+ global $friendly_urls, $base_url, $https_available;
if ($component == 'edit') {
- return $base_url . '/user-edit.php';
+ if($https_available == true) {
+ $base_url_https = str_replace(array('http://', '//'), 'https://', $base_url);
+ return $base_url_https . '/user-edit.php';
+ } else {
+ return $base_url . '/user-edit.php';
+ }
} else if ($component == 'delete') {
return $base_url . '/delete-profile.php';
} else if ($friendly_urls) {
diff --git a/nixtape/install.php b/nixtape/install.php
index a1cda31..1556e48 100644
--- a/nixtape/install.php
+++ b/nixtape/install.php
@@ -62,7 +62,7 @@ if (isset($_POST['install'])) {
$submissions_server = $_POST['submissions_server'];
//Write out the configuration
- $config = "<?php\n \$config_version = " . $version .";\n \$connect_string = '" . $connect_string . "';\n \$default_theme = '" . $default_theme . "';\n \$site_name = '" . $site_name . "';\n \$base_url = '" . $base_url . "';\n \$submissions_server = '" . $submissions_server . "';\n \$install_path = '" . $install_path . "';\n \$adodb_connect_string = '" . $adodb_connect_string . "';\n \$gnufm_key = 'default_gnufm_32_char_identifier'; ";
+ $config = "<?php\n \$config_version = " . $version .";\n \$connect_string = '" . $connect_string . "';\n \$default_theme = '" . $default_theme . "';\n \$site_name = '" . $site_name . "';\n \$base_url = '" . $base_url . "';\n \$submissions_server = '" . $submissions_server . "';\n \$install_path = '" . $install_path . "';\n \$adodb_connect_string = '" . $adodb_connect_string . "';\n \$gnufm_key = 'default_gnufm_32_char_identifier';\n \$https_available = false";
$conf_file = fopen('config.php', 'w');
$result = fwrite($conf_file, $config);
diff --git a/nixtape/templating.php b/nixtape/templating.php
index 8a57080..f647d17 100644
--- a/nixtape/templating.php
+++ b/nixtape/templating.php
@@ -82,6 +82,8 @@ $smarty->setConfigDir(array($install_path . '/themes/' . $theme . '/config/', $i
$current_lang = preg_replace('/.UTF-8/', '', $current_lang);
$smarty->assign('lang_selector_array', array(($current_lang) => 1));
$smarty->assign('base_url', $base_url);
+$smarty->assign('base_url_https', str_replace(array('http://','//'),'https://',$base_url));
+$smarty->assign('https_available', $https_available);
$smarty->assign('gnufm_key', $gnufm_key);
$smarty->assign('default_theme', $default_theme);
$smarty->assign('site_name', $site_name);
diff --git a/nixtape/themes/gnufm/templates/user-connections.tpl b/nixtape/themes/gnufm/templates/user-connections.tpl
index db1de92..0be7e67 100644
--- a/nixtape/themes/gnufm/templates/user-connections.tpl
+++ b/nixtape/themes/gnufm/templates/user-connections.tpl
@@ -1,6 +1,10 @@
{include file='header.tpl' subheader='user-header.tpl'}
-<center><h3><a href='{$base_url}/user-edit.php'>{t}Edit your profile{/t}</a> | {t}Connections to other services{/t}</h3></center>
+{if $https_available}
+ <center><h3><a href='{$base_url_https}/user-edit.php'>{t}Edit your profile{/t}</a> | {t}Connections to other services{/t}</h3></center>
+{else}
+ <center><h3><a href='{$base_url}/user-edit.php'>{t}Edit your profile{/t}</a> | {t}Connections to other services{/t}</h3></center>
+{/if}
{if isset($errors)}
<div id="errors">
diff --git a/nixtape/themes/gnufm/templates/user-edit.tpl b/nixtape/themes/gnufm/templates/user-edit.tpl
index 6715c42..29d9dcf 100644
--- a/nixtape/themes/gnufm/templates/user-edit.tpl
+++ b/nixtape/themes/gnufm/templates/user-edit.tpl
@@ -11,7 +11,11 @@
{/if}
<div id='user-edit'>
- <form action='{$base_url}/user-edit.php' method='post'>
+ {if $https_available}
+ <form action='{$base_url_https}/user-edit.php' method='post'>
+ {else}
+ <form action='{$base_url}/user-edit.php' method='post'>
+ {/if}
<div><h3><label for='fullname'>{t}Full name:{/t}</h3>
diff --git a/nixtape/themes/2014/templates/user-connections.tpl b/nixtape/themes/2014/templates/user-connections.tpl
index 065994e..aabb2b5 100644
--- a/nixtape/themes/2014/templates/user-connections.tpl
+++ b/nixtape/themes/2014/templates/user-connections.tpl
@@ -1,6 +1,10 @@
{include file='header.tpl' subheader='user-header.tpl'}
-<h3><a href='{$base_url}/user-edit.php'>{t}Edit your profile{/t}</a> | {t}Connections to other services{/t}</h3>
+{if $https_available}
+ <h3><a href='{$base_url_https}/user-edit.php'>{t}Edit your profile{/t}</a> | {t}Connections to other services{/t}</h3>
+{else}
+ <h3><a href='{$base_url}/user-edit.php'>{t}Edit your profile{/t}</a> | {t}Connections to other services{/t}</h3>
+{/if}
{if isset($errors)}
<div id="errors">
diff --git a/nixtape/themes/2014/templates/user-edit.tpl b/nixtape/themes/2014/templates/user-edit.tpl
index e3710cb..752b7c1 100644
--- a/nixtape/themes/2014/templates/user-edit.tpl
+++ b/nixtape/themes/2014/templates/user-edit.tpl
@@ -23,7 +23,11 @@
</div>
{/if}
-<form class="form-signin" action='{$base_url}/user-edit.php' method='post'>
+{if $https_available}
+ <form class="form-signin" action='{$base_url_https}/user-edit.php' method='post'>
+{else}
+ <form class="form-signin" action='{$base_url}/user-edit.php' method='post'>
+{/if}
<div class="form-group">
<label for='fullname'>{t}Full name:{/t}</label>
