# This patch file was generated by NetBeans IDE
# Following Index: paths are relative to: Joomla root
# This patch can be applied using context Tools: Patch action on respective folder.
# It uses platform neutral UTF-8 encoding and \n newlines.
# Above lines and this line are ignored by the patching process.
--- components/com_comprofiler/comprofiler.php
+++ components/com_comprofiler/comprofiler.php
@@ -815,6 +815,7 @@
 	global $_CB_framework, $_CB_database, $ueConfig, $_PLUGINS, $_POST;
 
 	// simple spoof check security
+	checkCBPostIsHTTPS();
 	cbSpoofCheck( 'lostPassForm' );
 	cbRegAntiSpamCheck();
 
@@ -960,6 +961,7 @@
 	global $_CB_framework, $_CB_database, $ueConfig, $_POST, $_PLUGINS;
 
 	// simple spoof check security
+	checkCBPostIsHTTPS();
 	cbSpoofCheck( 'registerForm' );
 	cbRegAntiSpamCheck();
 
@@ -1202,6 +1204,8 @@
 function login( $username=null, $passwd2=null ) {
     global $_POST, $_CB_framework, $ueConfig;
 
+	checkCBPostIsHTTPS();
+
     if ( count( $_POST ) == 0 ) {
     	HTML_comprofiler::loginForm( 'com_comprofiler', $_POST, null );
     	return;
@@ -1884,4 +1888,37 @@
 	return;
 }
 
+function checkCBPostIsHTTPS( $return = false ) {
+	global $_CB_framework, $_CB_database, $_SERVER;
+
+	$isHttps			=	( isset( $_SERVER['HTTPS'] ) && ( ! empty( $_SERVER['HTTPS'] ) ) && ( $_SERVER['HTTPS'] != 'off' ) );
+
+	if ( file_exists( $_CB_framework->getCfg( 'absolute_path' ) . '/modules/' . ( checkJversion() > 0 ? 'mod_cblogin/' : null ) . 'mod_cblogin.php' ) ) {
+		$query			=	'SELECT ' . $_CB_database->NameQuote( 'params' )
+						.	"\n FROM " . $_CB_database->NameQuote( '#__modules' )
+						.	"\n WHERE " . $_CB_database->NameQuote( 'module' ) . " = " . $_CB_database->Quote( 'mod_cblogin' )
+						.	"\n ORDER BY " . $_CB_database->NameQuote( 'ordering' );
+		$_CB_database->setQuery( $query, 0, 1 );
+		$module			=	$_CB_database->loadResult();
+
+		if ( $module ) {
+			$params		=	new cbParamsBase( $module );
+
+			$https_post	=	(int) $params->get( 'https_post', 0 );
+		} else {
+			$https_post	=	0;
+		}
+	} else {
+		$https_post		=	0;
+	}
+
+	if ( $return ) {
+		return $https_post;
+	} else {
+		if ( $https_post && ( ! $isHttps ) ) {
+			header( 'HTTP/1.0 403 Forbidden' );
+			exit( _UE_NOT_AUTHORIZED );
+		}
+	}
+}
 ?>