From 5eefb730ae4751d4764aa47167bbcec070591a9a Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Mon, 4 Nov 2013 14:26:21 +0100
Subject: [PATCH] [FIX] Re-location via HTTPS on login

---
 public/include/classes/user.class.php | 2 +-
 public/include/pages/login.inc.php    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index df8969c1..6a8bd7cd 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -438,7 +438,7 @@ class User {
     // Enforce generation of a new Session ID and delete the old
     session_regenerate_id(true);
     // Enforce a page reload and point towards login with referrer included, if supplied
-    $location = @$_SERVER['HTTPS'] ? 'https' . '://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] : 'http' . '://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
+    $location = @$_SERVER['HTTPS'] ? 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] : 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
     if (!empty($from)) $location .= '?page=login&to=' . urlencode($from);
     // if (!headers_sent()) header('Location: ' . $location);
     exit('<meta http-equiv="refresh" content="0; url=' . $location . '"/>');
diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php
index 0dcf6774..ee643bff 100644
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@@ -7,7 +7,7 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
   $_SESSION['POPUP'][] = array('CONTENT' => 'You are not allowed to login during maintenace.', 'TYPE' => 'info');
 } else if ($user->checkLogin(@$_POST['username'], @$_POST['password']) ) {
   empty($_POST['to']) ? $to = $_SERVER['PHP_SELF'] : $to = $_POST['to'];
-  $location = @$_SERVER['HTTPS'] === true ? 'https' : 'http' . '://' . $_SERVER['SERVER_NAME'] . $to;
+  $location = @$_SERVER['HTTPS'] === true ? 'https://' . $_SERVER['SERVER_NAME'] . $to : 'http://' . $_SERVER['SERVER_NAME'] . $to;
   if (!headers_sent()) header('Location: ' . $location);
   exit('<meta http-equiv="refresh" content="0; url=' . $location . '"/>');
 } else if (@$_POST['username'] && @$_POST['password']) {