Secure Login v0.2
gnorbury@bondcar.com

Description
-----------
A simple Squirrelmail plugin to automatically turn on SSL security during
login if it hasn't already been requested by the referring hyperlink or bookmark.

Implementation
--------------
During the early phases of processing login.php, this plugin checks for the
presence of a server variable called "HTTPS".  If found, it indicates SSL
security has already been enabled for this session and the login is allowed
to proceed.

If SSL has not been enabled, the browser will be redirected to the same page,
but this time using https: instead of the regular http: protocol.

Known Bugs
----------
Your web server is assumed to be running Apache 1.3.x with OpenSSL support!

The plugin code is extremely simple, should be a trivial task to modify it
to support other web servers or ssl implementations.  If anyone wishes to
suggest a more standard method of checking whether ssl has been enabled,
please let me know!

Enabling this plugin if you don't have SSL support will most probably cause
a brower error as there will not be a server listening for queries on port 443.

Change History
--------------

v0.2, 1/4/2002 : Eliminated use of SCRIPT_URI server variable which (apparently)
                 is only available when Apache mod_rewrite has been enabled 

                 Added loop counter to prevent endless redirects if for some
                 reason we end up back at the same page without HTTPS being set.

v0.1, 1/3/2002 : Initial version

Graham Norbury
gnorbury@bondcar.com

