Based on code from Janne - this allows secure logins via https

   $CFG->loginhttps

After logging in via https, Moodle returns to a normal http URL

More info:  http://moodle.org/mod/forum/discuss.php?d=8555

diff --git a/config-dist.php b/config-dist.php
index 851bd7dce632f80acf0c9240ebc523888beb7545..c4dfa56db89158259d5831f5c733349f16bb46e0 100644 (file)
--- a/config-dist.php
+++ b/config-dist.php
@@ -161,6 +161,12 @@ $CFG->admin = 'admin';
 // most likely doesn't work yet.   THIS IS FOR DEVELOPERS ONLY, IT IS
 // NOT RECOMMENDED FOR PRODUCTION SITES
 //      $CFG->unicode = true;
+//
+// Turning this on will make Moodle use a https connection just for the 
+// login page (providing a secure login), and then afterwards revert 
+// back to the normal http URL.  Requires https to be enabled on the 
+// web server.
+//      $CFG->loginhttps = true;
 
 
 

diff --git a/index.php b/index.php
index 4ddf7f75b87aa7b9f1773ec684d82cdab2d1cf8f..44a99b4cf57645bcfae5bbaf4b7eb432e8220a7b 100644 (file)
--- a/index.php
+++ b/index.php
@@ -28,7 +28,12 @@
     }
 
     if (empty($USER->id)) {
-        $loginstring = "<font size=2><a href=\"$CFG->wwwroot/login/index.php\">".get_string("login")."</a></font>";
+        if (empty($CFG->loginhttps)) {
+            $wwwroot = $CFG->wwwroot;
+        } else {
+            $wwwroot = str_replace('http','https',$CFG->wwwroot);
+        }
+        $loginstring = "<font size=2><a href=\"$wwwroot/login/index.php\">".get_string("login")."</a></font>";
     } else {
         $loginstring = "<font size=1>".user_login_string($site)."</font>";
     }

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 9219f2024c3719d17a9061796826fe63f9cf934a..80a78432b5d418324c58221e2db6afd4a6561a67 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -365,7 +365,12 @@ function require_login($courseid=0) {
             $SESSION->fromurl  = $_SERVER["HTTP_REFERER"];
         }
         $USER = NULL;
-        redirect("$CFG->wwwroot/login/index.php");
+        if (empty($CFG->loginhttps)) {
+            redirect("$CFG->wwwroot/login/index.php");
+        } else {
+            $wwwroot = str_replace('http','https',$CFG->wwwroot);
+            redirect("$wwwroot/login/index.php");
+        }
         die;
     }
 

diff --git a/lib/weblib.php b/lib/weblib.php
index 900c4ba11e696c966887da4349eb697d01ec58c5..54f71e265c1732557bb32706116127b05ed71076 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -953,10 +953,15 @@ function print_header ($title="", $heading="", $navigation="", $focus="", $meta=
     }
 
     if (!$menu and $navigation) {
+        if (empty($CFG->loginhttps)) {
+            $wwwroot = $CFG->wwwroot;
+        } else {
+            $wwwroot = str_replace('http','https',$CFG->wwwroot);
+        }
         if (isset($USER->id)) {
-            $menu = "<font size=\"2\"><a target=\"$CFG->framename\" href=\"$CFG->wwwroot/login/logout.php\">".get_string("logout")."</a></font>";
+            $menu = "<font size=\"2\"><a target=\"$CFG->framename\" href=\"$wwwroot/login/logout.php\">".get_string("logout")."</a></font>";
         } else {
-            $menu = "<font size=\"2\"><a target=\"$CFG->framename\" href=\"$CFG->wwwroot/login/index.php\">".get_string("login")."</a></font>";
+            $menu = "<font size=\"2\"><a target=\"$CFG->framename\" href=\"$wwwroot/login/index.php\">".get_string("login")."</a></font>";
         }
     }
 
@@ -1076,18 +1081,23 @@ function user_login_string($course, $user=NULL) {
     }
 
     if (isset($user->id) and $user->id) {
+        if (empty($CFG->loginhttps)) {
+            $wwwroot = $CFG->wwwroot;
+        } else {
+            $wwwroot = str_replace('http','https',$CFG->wwwroot);
+        }
         $fullname = fullname($user, true);
         $username = "<a target=\"{$CFG->framename}\" href=\"$CFG->wwwroot/user/view.php?id=$user->id&amp;course=$course->id\">$fullname</a>";
         if (isguest($user->id)) {
             $loggedinas = $realuserinfo.get_string("loggedinas", "moodle", "$username").
-                      " (<a target=\"{$CFG->framename}\" href=\"$CFG->wwwroot/login/index.php\">".get_string("login")."</a>)";
+                      " (<a target=\"{$CFG->framename}\" href=\"$wwwroot/login/index.php\">".get_string("login")."</a>)";
         } else {
             $loggedinas = $realuserinfo.get_string("loggedinas", "moodle", "$username").
                       " (<a target=\"{$CFG->framename}\" href=\"$CFG->wwwroot/login/logout.php\">".get_string("logout")."</a>)";
         }
     } else {
         $loggedinas = get_string("loggedinnot", "moodle").
-                      " (<a target=\"{$CFG->framename}\" href=\"$CFG->wwwroot/login/index.php\">".get_string("login")."</a>)";
+                      " (<a target=\"{$CFG->framename}\" href=\"$wwwroot/login/index.php\">".get_string("login")."</a>)";
     }
     return $loggedinas;
 }

diff --git a/login/index.php b/login/index.php
index 91150dd08f1542aebee08929724a9b08785c4501..b70e72e31bb20ad7702efeafc331d2a96c5eaa9e 100644 (file)
--- a/login/index.php
+++ b/login/index.php
@@ -125,7 +125,12 @@
     } else {
         $currlang = current_language();
         $langs    = get_list_of_languages();
-        $langmenu = popup_form ("$CFG->wwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true);
+        if (empty($CFG->loginhttps)) {
+            $wwwroot = $CFG->wwwroot;
+        } else {
+            $wwwroot = str_replace('http','https',$CFG->wwwroot);
+        }
+        $langmenu = popup_form ("$wwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true);
     }
 
     $loginsite = get_string("loginsite");