[development] Re: [drupal-devel] Securing Login: MD5 password
hashing using javascript
Darrel O'Pry
dopry at thing.net
Wed Nov 9 22:26:26 UTC 2005
On Wed, 2005-11-09 at 22:02 +0200, Adrian Rossouw wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On 09 Nov 2005, at 9:43 PM, Adrian Rossouw wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 09 Nov 2005, at 9:04 PM, Darrel O'Pry wrote:
> >> There is already a way to replace urls? Does Url Alias / path.module
> >> handle rewriting to absolute Urls?
> > If people would stop nitpicking and let us commit this :
> > http://drupal.org/node/10888
> I should clarify that I don't like the final patch that was delivered.
>
> I feel that url() should be smart enough to not break url's, without
> having to explicitly tell it what to do.
I agree with you wholly on that. I want my helper functions to make life
easy for me with minimum fuss. I don't even like adding the $ssl flag
that much.
I'd rather have a mechanism for setting the protocol to be http or https
per session.
function get_protocol() {
if (isset($_SESSION['protocol'])) {
return $_SESSION['protocol'];
} else {
return variable_get('default_protocol','http');
}
}
//returns true on success, false on failure
function set_protocol($protocol) {
if (in_array($protcol, array('http','https)) {
return $_SESSION['protocol'] = $protocol;
}
return false;
}
It means changing base_url to just a hostname, and updating url to
accept a hostname which would replace the absolute variable and default
to the hostname set in settings.php, and making it aware of
get_protocol.
More information about the development
mailing list