enasni
commented
11 years ago I've modified: header.php albumview.php signup.php signin.php index.php imageview.php global.inc
to utilize a variable $protocol which dynamically sets itself based on the $_SERVER['HTTPS'] server variable. All links should utilize the standard php code segment. For example the following will create the link pointing to the calling script: <?php echo $protocol . $_SERVER['SERVER_NAME'] . '/' . $_SERVER['PHP_SELF'] ?>
If the page was initially accessed via https then it will continue access links via encrypted comms. The signin.php and signout.php have been hard coded to allow https to be toggled on and off.
The code base does not currently support SSL in any fashion between the web browser and the server. At a minimum any authentication needs to take place over an encrypted link. Also any static content that is not earmarked public should not be sent in the clear.