admin/quick-n-dirty
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

auth.php: disallow unencrypted logins by default

Browse Source
This commit is contained in:
Zankaria
2024-04-30 11:31:06 +02:00
parent 0c51d46cdf
commit da4842eb7b
5 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
inc/mod/pages.php
View File

@@ -4,8 +4,11 @@
* Copyright (c) 2010-2013 Tinyboard Development Group
*/
use Vichan\Functions\Net;
defined('TINYBOARD') or exit;
function mod_page($title, $template, $args, $subtitle = false) {
global $config, $mod;
@@ -29,9 +32,11 @@ function mod_page($title, $template, $args, $subtitle = false) {
function mod_login($redirect = false) {
global $config;
$args = array();
$args = [];
if (isset($_POST['login'])) {
if ($config['cookies']['secure_login_only'] && !Net\is_connection_secure()) {
$args['error'] = $config['error']['insecure'];
} elseif (isset($_POST['login'])) {
// Check if inputs are set and not empty
if (!isset($_POST['username'], $_POST['password']) || $_POST['username'] == '' || $_POST['password'] == '') {
$args['error'] = $config['error']['invalid'];