From 0bc10a30e84520ac84e8822ef2c3cf1baf533e27 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Thu, 21 Sep 2023 12:00:46 -0400
Subject: [PATCH] Fix issue with login being restricted if HTTPS_ONLY is True
 and SSL is terminated at a proxy and then forwarded to ITFlow App as HTTP

---
 login.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/login.php b/login.php
index 26628eeb..3e525097 100644
--- a/login.php
+++ b/login.php
@@ -11,12 +11,11 @@ if (!file_exists('config.php')) {
 require_once("config.php");
 
 // Check if the application is configured for HTTPS-only access
-if ($config_https_only && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on')) {
+if ($config_https_only && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') && (!isset($_SERVER['HTTP_X_FORWARDED_PROTO']) || $_SERVER['HTTP_X_FORWARDED_PROTO'] !== 'https')) {
     echo "Login is restricted as ITFlow defaults to HTTPS-only for enhanced security. To login using HTTP, modify the config.php file by setting config_https_only to false. However, this is strongly discouraged, especially when accessing from potentially unsafe networks like the internet.";
     exit;
 }
 
-
 require_once("functions.php");
 require_once("rfc6238.php");