From 6716a24b6844ab2ec1ee7588f1cf024070c395ed Mon Sep 17 00:00:00 2001
From: Chen-Pang He <jdh8@ms63.hinet.net>
Date: Thu, 5 Jun 2014 18:07:29 +0800
Subject: [PATCH] Send cookie only via HTTPS if a mod logs in via HTTPS, which
 is the case on this site

---
 inc/mod/auth.php  | 4 ++--
 inc/mod/pages.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index f2003dfe..697d06a1 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -69,13 +69,13 @@ function setCookies() {
 			$mod['hash'][0] . // password
 			':' .
 			$mod['hash'][1], // salt
-		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, $config['cookies']['httponly']);
+		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, $_SERVER['HTTPS'], $config['cookies']['httponly']);
 }
 
 function destroyCookies() {
 	global $config;
 	// Delete the cookies
-	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, false, true);
+	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, $_SERVER['HTTPS'], true);
 }
 
 function modLog($action, $_board=null) {
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index a247e35c..5cb98085 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -150,7 +150,7 @@ function mod_dashboard() {
 				$latest = false;
 			}
 	
-			setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
+			setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, $_SERVER['HTTPS'], true);
 		}
 		
 		if ($latest)