--- authorize_net.module.20061010	Sun Oct 01 18:02:02 2006
+++ authorize_net.module	Tue Oct 10 13:41:12 2006
@@ -99,6 +99,14 @@
     '#description' => t('If enabled, the customer will recieve a payment confirmation email from Authorize.Net. Keep in mind the ecommerce package sends it own transaction summary as well. Enabling this option is recommended because it provides the customer with an accurate confirmation of the amount you have charged.'),
   );
 
+  $form['authorize_net_require_https'] = array(
+    '#type' => 'radios',
+    '#title' => t('Require SSL'),
+    '#default_value' => variable_get('authorize_net_require_https', 1),
+    '#options' => array(t('Disabled'), t('Enabled')),
+    '#description' => t('If enabled, the customer is redirected to https://HOST and prevents Authorize.Net form access through http://HOST. Keep in mind that if your website http://HOST can not be access through https://HOST, the checkout will break. Enabling this option is recommended to protect the customer.'),
+  );
+  
   return $form;
 }
 
@@ -148,9 +156,11 @@
  * Redirect the user to the secure server to collect credit card information.
  */
 function authorize_net_goto($txn) {
-
   global $base_url;
-  $payment_url = str_replace('http://', 'https://', url('authorize_net/form/'. $txn->txnid, NULL, NULL, TRUE));
+  
+  $payment_url = url('authorize_net/form/'. $txn->txnid, NULL, NULL, TRUE);
+  if (variable_get('authorize_net_require_https', 1))
+    $payment_url = str_replace('http://', 'https://', $payment_url);
 
   drupal_goto($payment_url);
   exit();
@@ -171,7 +181,7 @@
   }
 
   // Make sure the user is connected via SSL
-  if (!$_SERVER['HTTPS']) {
+  if (variable_get('authorize_net_require_https', 1) && !$_SERVER['HTTPS']) {
     drupal_access_denied();
     return;
   }
@@ -275,7 +285,9 @@
   );
 
   $form['#method'] = 'POST';
-  $form['#action'] = str_replace('http://', 'https://', url("authorize_net/form/$txnid", NULL, NULL, TRUE));
+  $form['#action'] = url("authorize_net/form/$txnid", NULL, NULL, TRUE);
+  if (variable_get('authorize_net_require_https', 1))
+    $form['#action'] = str_replace('http://', 'https://', $form['#action']);
   return drupal_get_form('authorize_net_process', $form);
 }
 
@@ -323,7 +335,7 @@
   }
 
   // Make sure the user is connected via SSL
-  if (!$_SERVER['HTTPS']) {
+  if (variable_get('authorize_net_require_https', 1) && !$_SERVER['HTTPS']) {
     drupal_access_denied();
     return;
   }
@@ -406,7 +418,9 @@
   $uri = preg_replace('/&?x_line_item_\d+=/i', '&x_line_item=', $uri);
 
   global $base_url;
-  $payment_url = str_replace('http://', 'https://', url('authorize_net/form/'. $edit['txnid'], NULL, NULL, TRUE));
+  $payment_url = url('authorize_net/form/'. $edit['txnid'], NULL, NULL, TRUE);
+  if (variable_get('authorize_net_require_https', 1))
+    $payment_url = str_replace('http://', 'https://', $payment_url);
 
   $agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)";