From 2fdebb7f25fad84a22634119334ddcf63de90723 Mon Sep 17 00:00:00 2001
From: Andreas <andreas@immerda.ch>
Date: Mon, 4 Jan 2010 14:09:57 +0100
Subject: gallery redirect user logins to https

---
 templates/vhosts/php_gallery2/CentOS.erb | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'templates')

diff --git a/templates/vhosts/php_gallery2/CentOS.erb b/templates/vhosts/php_gallery2/CentOS.erb
index 92d5e05..37fac4b 100644
--- a/templates/vhosts/php_gallery2/CentOS.erb
+++ b/templates/vhosts/php_gallery2/CentOS.erb
@@ -50,6 +50,14 @@
         <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%>
         php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %>
         <%- end -%>
+        # Always rewrite login's
+        RewriteEngine On
+        RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR]
+        RewriteCond %{QUERY_STRING} subView=core\.UserLogin
+        RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
+        # https -> see below
+        # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS):
+        # $gallery->setConfig('baseUri', '');
     </Directory>
     <%- end -%>
 
@@ -123,6 +131,13 @@
         <%- end -%>
         # turn allow_url_fopen on for the extension manager fetch
         php_admin_value allow_url_fopen On
+
+        # Always rewrite login's (see above)
+        RewriteEngine On
+        RewriteCond %{HTTP_COOKIE} =""
+        RewriteCond %{REQUEST_METHOD} =GET
+        RewriteCond %{QUERY_STRING} !subView=core\.UserLogin
+        RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
     </Directory>
 
     <IfModule mod_security2.c>
-- 
cgit v1.2.3