AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added an error if accessing ITFlow by HTTP:// and is set to true

This commit is contained in:
johnnyq 2023-09-20 14:51:29 -04:00
parent 150defe815
commit 5938925a35
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
login.php
View File

@ -1,5 +1,6 @@
<?php <?php
// Enforce a Content Security Policy for security against cross-site scripting
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com"); header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
if (!file_exists('config.php')) { if (!file_exists('config.php')) {
@ -8,6 +9,14 @@ if (!file_exists('config.php')) {
} }
require_once("config.php"); require_once("config.php");
// Check if the application is configured for HTTPS-only access
if ($config_https_only && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on')) {
echo "Login is restricted as ITFlow defaults to HTTPS-only for enhanced security. To login using HTTP, modify the config.php file by setting config_https_only to false. However, this is strongly discouraged, especially when accessing from potentially unsafe networks like the internet.";
exit;
}
require_once("functions.php"); require_once("functions.php");
require_once("rfc6238.php"); require_once("rfc6238.php");