From 338ed57a1a2c4383dabc59698683d146e3e0dd2a Mon Sep 17 00:00:00 2001
From: rmurray <>
Date: Thu, 13 Mar 2003 03:25:56 +0000
Subject: [PATCH] remove non-https logins

---
 web/Util.pm           | 2 +-
 web/login.cgi         | 6 +++---
 web/login.wml         | 2 +-
 web/searchform.wml    | 4 ++--
 web/searchresults.wml | 4 ++--
 web/update.cgi        | 4 ++--
 6 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/web/Util.pm b/web/Util.pm
index 08a5f07..8efabfb 100644
--- a/web/Util.pm
+++ b/web/Util.pm
@@ -119,7 +119,7 @@ sub ReadPasswordFromFile {
   # check to make sure the time is positive, and that the auth token
   # has not expired
   my $tdiff = (time - $time);
-  &HTMLError("Your authentication token has expired. Please <a href=\"$config{webloginhtml}\">relogin</a>") if (($tdiff < 0) || ($tdiff > $config{authexpires}));
+  &HTMLError("Your authentication token has expired. Please <a href=\"https://$ENV{SERVER_NAME}/$config{webloginhtml}\">relogin</a>") if (($tdiff < 0) || ($tdiff > $config{authexpires}));
   
   return Decrypt($cipher, $passwd);
 }
diff --git a/web/login.cgi b/web/login.cgi
index 55d4d31..0058aa9 100755
--- a/web/login.cgi
+++ b/web/login.cgi
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 
-# $Id: login.cgi,v 1.7 2000/05/10 05:01:55 tausq Exp $
+# $Id: login.cgi,v 1.8 2003/03/13 04:25:56 rmurray Exp $
 # (c) 1999 Randolph Chung. Licensed under the GPL. <tausq@debian.org>
 
 use lib '.';
@@ -17,8 +17,8 @@ my %config = &Util::ReadConfigFile;
 my $query = new CGI;
 my $proto = ($ENV{HTTPS} ? "https" : "http");
 
-if (!($query->param('username')) || !($query->param('password'))) {
-  print "Location: $proto://$ENV{SERVER_NAME}/$config{webloginurl}\n\n";
+if ($proto eq "http" || !($query->param('username')) || !($query->param('password'))) {
+  print "Location: https://$ENV{SERVER_NAME}/$config{webloginurl}\n\n";
   exit;
 }
 
diff --git a/web/login.wml b/web/login.wml
index 118bcbf..b3f5f5a 100644
--- a/web/login.wml
+++ b/web/login.wml
@@ -1,7 +1,7 @@
 #use wml::db.d.o title="debian.org Developers LDAP Login"
 
 <br><br><center>
-<form method=post action="login.cgi">
+<form method=post action="https://db.debian.org/login.cgi">
 <table border=5 cellspacing=0 cellpadding=3 width="70%" bgcolor=#DDDDDD> 
 <tr><th colspan=2 bgcolor="#44CCCC" align=center><font size="+2">Authentication Required</font></th></tr>
 <tr><td colspan=2 align=center><br><br>If you are not a developer, please <a href="search.cgi">return to the main search page</a>, otherwise, enter your Debian user ID and password below<br>
diff --git a/web/searchform.wml b/web/searchform.wml
index 109fd90..c455892 100644
--- a/web/searchform.wml
+++ b/web/searchform.wml
@@ -272,8 +272,8 @@
 <tr><td colspan=2 align="center">
 <input type=submit name=dosearch value="Search...">
 </td></tr></table>
-<p>Debian developers can <a href="http://db.debian.org/login.html">login</a>
-(<a href="https://db.debian.org/login.html">securely</a>) to update their
+<p>Debian developers can <a href="https://db.debian.org/login.html">login</a>
+to update their
 settings</p>
 </center>
 </form>
diff --git a/web/searchresults.wml b/web/searchresults.wml
index 4af139b..7d70fff 100644
--- a/web/searchresults.wml
+++ b/web/searchresults.wml
@@ -5,7 +5,7 @@
 <p align=center>
 
 <?ifauth <a href="logout.cgi">Logout</a> | ?>
-<?ifnoauth <a href="http://db.debian.org/login.html">Login</a> (<a href="https://db.debian.org/login.html">SSL version</a>) | ?>
+<?ifnoauth <a href="https://db.debian.org/login.html">Login</a> | ?>
 <a href="search.cgi?id=~id~&authtoken=~authtoken~">Search again</a></p><br><br>
 <p align=center>Number of entries matched: <b>~count~</b></p>
 <center>
@@ -33,6 +33,6 @@ searchresults?>
 <br><br>
 <p align=center>
 <?ifauth <a href="logout.cgi">Logout</a> | ?>
-<?ifnoauth <a href="http://db.debian.org/login.html">Login</a> (<a href="https://db.debian.org/login.html">SSL version</a>) | ?>
+<?ifnoauth <a href="https://db.debian.org/login.html">Login</a> | ?>
 <a href="search.cgi?id=~id~&authtoken=~authtoken~">Search again</a></p><br><br>
 </p>
diff --git a/web/update.cgi b/web/update.cgi
index 9aabb33..4ad5b88 100755
--- a/web/update.cgi
+++ b/web/update.cgi
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 
-# $Id: update.cgi,v 1.8 2000/05/13 18:39:05 tausq Exp $
+# $Id: update.cgi,v 1.9 2003/03/13 04:25:56 rmurray Exp $
 # (c) 1999 Randolph Chung. Licensed under the GPL. <tausq@debian.org>
 
 use lib '.';
@@ -43,7 +43,7 @@ $auth = ($mesg->code == LDAP_SUCCESS);
 
 if (!$auth) {
   $ldap->unbind;
-  &Util::HTMLError("You have not been authenticated. Please <a href=\"$proto://$ENV{SERVER_NAME}/$config{webloginurl}\">Login</a>");
+  &Util::HTMLError("You have not been authenticated. Please <a href=\"https://$ENV{SERVER_NAME}/$config{webloginurl}\">Login</a>");
 }
 
 # Authenticated....
-- 
2.20.1


Authentication Required
If you are not a developer, please return to the main search page, otherwise, enter your Debian user ID and password below diff --git a/web/searchform.wml b/web/searchform.wml index 109fd90..c455892 100644 --- a/web/searchform.wml +++ b/web/searchform.wml @@ -272,8 +272,8 @@