Differences From:

File src/login.c part of check-in [adefb6c8db] - Provide a "Revert to Default" button for editing CSS. Grammar fix on login page. by eric on 2008-11-26 22:24:45. [view]

To:

File src/login.c part of check-in [3da8a12f48] - Do not do the login-bypass if the HTTPS env var is ON. This might indicate that a remote HTTPS connection is being converted to HTTP locally using stunnel (or the equivalent). by drh on 2009-01-13 18:06:04. [view]

@@ -259,13 +259,17 @@
   if( g.userUid!=0 ) return;
 
 
   /* If the HTTP connection is coming over 127.0.0.1 and if
-  ** local login is disabled, then there is no need to check
-  ** user credentials.
+  ** local login is disabled and if we are using HTTP and not HTTPS,
+  ** then there is no need to check user credentials.
+  **
   */
   zRemoteAddr = PD("REMOTE_ADDR","nil");
-  if( strcmp(zRemoteAddr, "127.0.0.1")==0 && db_get_int("localauth",0)==0 ){
+  if( strcmp(zRemoteAddr, "127.0.0.1")==0
+   && db_get_int("localauth",0)==0
+   && P("HTTPS")==0
+  ){
     uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'");
     g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid);
     zCap = "s";
     g.noPswd = 1;