From: csteipp <csteipp@wikimedia.org>
Date: Fri, 25 Jan 2013 02:14:19 +0000 (-0800)
Subject: By default, keep users in HTTPS with wgSecureLogin
X-Git-Tag: 1.31.0-rc.0~20787^2
X-Git-Url: http://git.cyclocoop.org/%22%20.%20generer_url_ecrire%28%22lang_raccourcis%22%2C%22module=%24nom_module%22%29%20.%20%22?a=commitdiff_plain;h=8c27cf63d1b9c67a87fa67d8cda000873c26e7b2;p=lhc%2Fweb%2Fwiklou.git

By default, keep users in HTTPS with wgSecureLogin

Create an option to have the stickHTTPS checkbox set for all users.
When this option, $wgSecureLoginDefaultHTTPS, is true, all logged in
users will be default have their session stay in HTTPS, unless they
uncheck the box to return to the insecure option.

Change-Id: Ie846d2dc3ac5ea43bd76caa2f0eb5dbd65dbf181
---

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index a6d745f446..346aeb2aee 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -3747,6 +3747,13 @@ $wgAllowPrefChange = array();
  */
 $wgSecureLogin = false;
 
+/**
+ * By default, keep users logged in via HTTPS when $wgSecureLogin is also
+ * true. Users opt-out of HTTPS when they login by de-selecting the checkbox.
+ * @since 1.21
+ */
+$wgSecureLoginDefaultHTTPS = true;
+
 /** @} */ # end user accounts }
 
 /************************************************************************//**
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 7817b960a3..9ce8ebdc8d 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -1011,7 +1011,7 @@ class LoginForm extends SpecialPage {
 		global $wgEnableEmail, $wgEnableUserEmail;
 		global $wgHiddenPrefs, $wgLoginLanguageSelector;
 		global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration;
-		global $wgSecureLogin, $wgPasswordResetRoutes;
+		global $wgSecureLogin, $wgSecureLoginDefaultHTTPS, $wgPasswordResetRoutes;
 
 		$titleObj = $this->getTitle();
 		$user = $this->getUser();
@@ -1075,6 +1075,11 @@ class LoginForm extends SpecialPage {
 			$template->set( 'link', '' );
 		}
 
+		// Decide if we default stickHTTPS on
+		if ( $wgSecureLoginDefaultHTTPS && $this->mAction != 'submitlogin' && !$this->mLoginattempt ) {
+			$this->mStickHTTPS = true;
+		}
+
 		$resetLink = $this->mType == 'signup'
 			? null
 			: is_array( $wgPasswordResetRoutes ) && in_array( true, array_values( $wgPasswordResetRoutes ) );