Version Description
- Requires WordPress 3.1+
- Settings now have their own page.
- Fixed an open redirect vulnerability. Props Chris Campbell.
- Added note about WP Engine compatibility to readme.txt
Download this release
Release Info
| Developer | husobj |
| Plugin |  Password Protected |
| Version | 1.5 |
| Comparing to | |
| See all releases | |
Code changes from version 1.4 to 1.5
- admin/admin.php +49 -20
- password-protected.php +28 -7
- readme.txt +20 -9
admin/admin.php
CHANGED
|
@@ -2,34 +2,61 @@
|
|
| 2 |
|
| 3 |
class Password_Protected_Admin {
|
| 4 |
|
| 5 |
-
var $
|
|
|
|
| 6 |
|
| 7 |
/**
|
| 8 |
* Constructor
|
| 9 |
*/
|
| 10 |
function Password_Protected_Admin() {
|
| 11 |
global $wp_version;
|
| 12 |
-
add_action( 'admin_init', array( $this, '
|
| 13 |
-
add_action( '
|
|
|
|
| 14 |
add_action( 'admin_notices', array( $this, 'password_protected_admin_notices' ) );
|
| 15 |
add_filter( 'pre_update_option_password_protected_password', array( $this, 'pre_update_option_password_protected_password' ), 10, 2 );
|
| 16 |
add_filter( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
|
| 17 |
-
|
| 18 |
-
// Pre WordPress 3.5 settings group compatibility
|
| 19 |
-
if ( version_compare( $wp_version, '3.5.dev', '<' ) ) {
|
| 20 |
-
$this->options_group = 'privacy';
|
| 21 |
-
}
|
| 22 |
}
|
| 23 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 24 |
/**
|
| 25 |
-
*
|
| 26 |
*/
|
| 27 |
-
function
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 28 |
global $wp_version;
|
| 29 |
if ( version_compare( $wp_version, '3.3', '<' ) )
|
| 30 |
return;
|
| 31 |
-
get_current_screen()
|
| 32 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33 |
'title' => __( 'Password Protected', 'password-protected' ),
|
| 34 |
'content' => __( '<p><strong>Enabled Checkbox</strong><br />Turn on/off password protection.</p>', 'password-protected' )
|
| 35 |
. __( '<p><strong>Allow RSS Feeds Checkbox</strong><br />RSS Feeds will be able to accessed even when the site is password proteced.</p>', 'password-protected' )
|
|
@@ -42,8 +69,8 @@ class Password_Protected_Admin {
|
|
| 42 |
* Admin Enqueue Scripts
|
| 43 |
*/
|
| 44 |
function admin_enqueue_scripts() {
|
| 45 |
-
|
| 46 |
-
if ( '
|
| 47 |
wp_enqueue_script( 'password_protected_settings', PASSWORD_PROTECTED_URL . '/admin/js/settings.js', array( 'jquery' ) );
|
| 48 |
}
|
| 49 |
}
|
|
@@ -51,10 +78,10 @@ class Password_Protected_Admin {
|
|
| 51 |
/**
|
| 52 |
* Settings API
|
| 53 |
*/
|
| 54 |
-
function
|
| 55 |
add_settings_section(
|
| 56 |
'password_protected',
|
| 57 |
-
|
| 58 |
array( $this, 'password_protected_settings_section' ),
|
| 59 |
$this->options_group
|
| 60 |
);
|
|
@@ -105,7 +132,8 @@ class Password_Protected_Admin {
|
|
| 105 |
* Password Protected Section
|
| 106 |
*/
|
| 107 |
function password_protected_settings_section() {
|
| 108 |
-
echo '<p>' . __( 'Password protect your web site. Users will be asked to enter a password to view the site.', 'password-protected' ) . '
|
|
|
|
| 109 |
}
|
| 110 |
|
| 111 |
/**
|
|
@@ -137,8 +165,9 @@ class Password_Protected_Admin {
|
|
| 137 |
* @return string Filtered new value.
|
| 138 |
*/
|
| 139 |
function pre_update_option_password_protected_password( $newvalue, $oldvalue ) {
|
|
|
|
| 140 |
if ( $newvalue != $oldvalue ) {
|
| 141 |
-
$newvalue =
|
| 142 |
}
|
| 143 |
return $newvalue;
|
| 144 |
}
|
|
@@ -148,7 +177,7 @@ class Password_Protected_Admin {
|
|
| 148 |
* Warns the user if they have enabled password protection but not entered a password
|
| 149 |
*/
|
| 150 |
function password_protected_admin_notices(){
|
| 151 |
-
|
| 152 |
if ( $current_screen->id == 'options-' . $this->options_group ) {
|
| 153 |
$status = get_option( 'password_protected_status' );
|
| 154 |
$pwd = get_option( 'password_protected_password' );
|
| 2 |
|
| 3 |
class Password_Protected_Admin {
|
| 4 |
|
| 5 |
+
var $settings_page_id;
|
| 6 |
+
var $options_group = 'password-protected';
|
| 7 |
|
| 8 |
/**
|
| 9 |
* Constructor
|
| 10 |
*/
|
| 11 |
function Password_Protected_Admin() {
|
| 12 |
global $wp_version;
|
| 13 |
+
add_action( 'admin_init', array( $this, 'password_protected_settings' ), 5 );
|
| 14 |
+
add_action( 'admin_menu', array( $this, 'admin_menu' ) );
|
| 15 |
+
add_action( 'password_protected_help_tabs', array( $this, 'help_tabs' ), 5 );
|
| 16 |
add_action( 'admin_notices', array( $this, 'password_protected_admin_notices' ) );
|
| 17 |
add_filter( 'pre_update_option_password_protected_password', array( $this, 'pre_update_option_password_protected_password' ), 10, 2 );
|
| 18 |
add_filter( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 19 |
}
|
| 20 |
+
|
| 21 |
+
/**
|
| 22 |
+
* Admin Menu
|
| 23 |
+
*/
|
| 24 |
+
function admin_menu() {
|
| 25 |
+
$this->settings_page_id = add_options_page( __( 'Password Protected', 'password-protected' ), __( 'Password Protected', 'password-protected' ), 'manage_options', 'password-protected', array( $this, 'settings_page' ) );
|
| 26 |
+
add_action( 'load-' . $this->settings_page_id, array( $this, 'add_help_tabs' ), 20 );
|
| 27 |
+
}
|
| 28 |
+
|
| 29 |
/**
|
| 30 |
+
* Settings Page
|
| 31 |
*/
|
| 32 |
+
function settings_page() {
|
| 33 |
+
echo '<div class="wrap">
|
| 34 |
+
<div id="icon-options-general" class="icon32"><br /></div>
|
| 35 |
+
<h2>' . __( 'Password Protected Settings', 'password-protected' ) . '</h2>
|
| 36 |
+
<form method="post" action="options.php">';
|
| 37 |
+
settings_fields( 'password-protected' );
|
| 38 |
+
do_settings_sections( 'password-protected' );
|
| 39 |
+
echo '<p class="submit"><input type="submit" name="submit" id="submit" class="button button-primary" value="' . __( 'Save Changes' ) . '"></p>
|
| 40 |
+
</form>
|
| 41 |
+
</div>';
|
| 42 |
+
}
|
| 43 |
+
|
| 44 |
+
/**
|
| 45 |
+
* Add Help Tabs
|
| 46 |
+
*/
|
| 47 |
+
function add_help_tabs() {
|
| 48 |
global $wp_version;
|
| 49 |
if ( version_compare( $wp_version, '3.3', '<' ) )
|
| 50 |
return;
|
| 51 |
+
do_action( 'password_protected_help_tabs', get_current_screen() );
|
| 52 |
+
}
|
| 53 |
+
|
| 54 |
+
/**
|
| 55 |
+
* Help Tabs
|
| 56 |
+
*/
|
| 57 |
+
function help_tabs( $current_screen ) {
|
| 58 |
+
$current_screen->add_help_tab( array(
|
| 59 |
+
'id' => 'PASSWORD_PROTECTED_SETTINGS',
|
| 60 |
'title' => __( 'Password Protected', 'password-protected' ),
|
| 61 |
'content' => __( '<p><strong>Enabled Checkbox</strong><br />Turn on/off password protection.</p>', 'password-protected' )
|
| 62 |
. __( '<p><strong>Allow RSS Feeds Checkbox</strong><br />RSS Feeds will be able to accessed even when the site is password proteced.</p>', 'password-protected' )
|
| 69 |
* Admin Enqueue Scripts
|
| 70 |
*/
|
| 71 |
function admin_enqueue_scripts() {
|
| 72 |
+
$current_screen = get_current_screen();
|
| 73 |
+
if ( 'settings_page_' . $this->options_group == $current_screen->id ) {
|
| 74 |
wp_enqueue_script( 'password_protected_settings', PASSWORD_PROTECTED_URL . '/admin/js/settings.js', array( 'jquery' ) );
|
| 75 |
}
|
| 76 |
}
|
| 78 |
/**
|
| 79 |
* Settings API
|
| 80 |
*/
|
| 81 |
+
function password_protected_settings() {
|
| 82 |
add_settings_section(
|
| 83 |
'password_protected',
|
| 84 |
+
'',
|
| 85 |
array( $this, 'password_protected_settings_section' ),
|
| 86 |
$this->options_group
|
| 87 |
);
|
| 132 |
* Password Protected Section
|
| 133 |
*/
|
| 134 |
function password_protected_settings_section() {
|
| 135 |
+
echo '<p>' . __( 'Password protect your web site. Users will be asked to enter a password to view the site.', 'password-protected' ) . '<br />
|
| 136 |
+
' . __( 'For more information about Password Protected settings, view the "Help" tab at the top of this page.', 'password-protected' ) . '</p>';
|
| 137 |
}
|
| 138 |
|
| 139 |
/**
|
| 165 |
* @return string Filtered new value.
|
| 166 |
*/
|
| 167 |
function pre_update_option_password_protected_password( $newvalue, $oldvalue ) {
|
| 168 |
+
global $Password_Protected;
|
| 169 |
if ( $newvalue != $oldvalue ) {
|
| 170 |
+
$newvalue = $Password_Protected->encrypt_password( $newvalue );
|
| 171 |
}
|
| 172 |
return $newvalue;
|
| 173 |
}
|
| 177 |
* Warns the user if they have enabled password protection but not entered a password
|
| 178 |
*/
|
| 179 |
function password_protected_admin_notices(){
|
| 180 |
+
$current_screen = get_current_screen();
|
| 181 |
if ( $current_screen->id == 'options-' . $this->options_group ) {
|
| 182 |
$status = get_option( 'password_protected_status' );
|
| 183 |
$pwd = get_option( 'password_protected_password' );
|
password-protected.php
CHANGED
|
@@ -2,9 +2,9 @@
|
|
| 2 |
|
| 3 |
/*
|
| 4 |
Plugin Name: Password Protected
|
| 5 |
-
Plugin URI: http://
|
| 6 |
Description: A very simple way to quickly password protect your WordPress site with a single password. Integrates seamlessly into your WordPress privacy settings.
|
| 7 |
-
Version: 1.
|
| 8 |
Author: Ben Huson
|
| 9 |
Author URI: http://www.benhuson.co.uk/
|
| 10 |
License: GPLv2
|
|
@@ -29,6 +29,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
| 29 |
|
| 30 |
/**
|
| 31 |
* @todo Use wp_hash_password() ?
|
|
|
|
| 32 |
*/
|
| 33 |
|
| 34 |
define( 'PASSWORD_PROTECTED_SUBDIR', '/' . str_replace( basename( __FILE__ ), '', plugin_basename( __FILE__ ) ) );
|
|
@@ -40,7 +41,7 @@ $Password_Protected = new Password_Protected();
|
|
| 40 |
|
| 41 |
class Password_Protected {
|
| 42 |
|
| 43 |
-
var $version = '1.
|
| 44 |
var $admin = null;
|
| 45 |
var $errors = null;
|
| 46 |
|
|
@@ -121,7 +122,14 @@ class Password_Protected {
|
|
| 121 |
return 0;
|
| 122 |
return $bool;
|
| 123 |
}
|
| 124 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 125 |
/**
|
| 126 |
* Maybe Process Login
|
| 127 |
*/
|
|
@@ -130,10 +138,10 @@ class Password_Protected {
|
|
| 130 |
$password_protected_pwd = $_REQUEST['password_protected_pwd'];
|
| 131 |
$pwd = get_option( 'password_protected_password' );
|
| 132 |
// If correct password...
|
| 133 |
-
if ( (
|
| 134 |
$this->set_auth_cookie();
|
| 135 |
if ( ! empty( $_REQUEST['redirect_to'] ) ) {
|
| 136 |
-
|
| 137 |
exit;
|
| 138 |
}
|
| 139 |
} else {
|
|
@@ -320,7 +328,7 @@ class Password_Protected {
|
|
| 320 |
if ( empty( $old_version ) || version_compare( '1.1', $old_version ) ) {
|
| 321 |
$pwd = get_option( 'password_protected_password' );
|
| 322 |
if ( ! empty( $pwd ) ) {
|
| 323 |
-
$new_pwd =
|
| 324 |
update_option( 'password_protected_password', $new_pwd );
|
| 325 |
}
|
| 326 |
}
|
|
@@ -328,6 +336,19 @@ class Password_Protected {
|
|
| 328 |
update_option( 'password_protected_version', $this->version );
|
| 329 |
}
|
| 330 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 331 |
}
|
| 332 |
|
| 333 |
?>
|
| 2 |
|
| 3 |
/*
|
| 4 |
Plugin Name: Password Protected
|
| 5 |
+
Plugin URI: http://wordpress.org/extend/plugins/password-protected/
|
| 6 |
Description: A very simple way to quickly password protect your WordPress site with a single password. Integrates seamlessly into your WordPress privacy settings.
|
| 7 |
+
Version: 1.5
|
| 8 |
Author: Ben Huson
|
| 9 |
Author URI: http://www.benhuson.co.uk/
|
| 10 |
License: GPLv2
|
| 29 |
|
| 30 |
/**
|
| 31 |
* @todo Use wp_hash_password() ?
|
| 32 |
+
* @todo Remember me
|
| 33 |
*/
|
| 34 |
|
| 35 |
define( 'PASSWORD_PROTECTED_SUBDIR', '/' . str_replace( basename( __FILE__ ), '', plugin_basename( __FILE__ ) ) );
|
| 41 |
|
| 42 |
class Password_Protected {
|
| 43 |
|
| 44 |
+
var $version = '1.5';
|
| 45 |
var $admin = null;
|
| 46 |
var $errors = null;
|
| 47 |
|
| 122 |
return 0;
|
| 123 |
return $bool;
|
| 124 |
}
|
| 125 |
+
|
| 126 |
+
/**
|
| 127 |
+
* Encrypt Password
|
| 128 |
+
*/
|
| 129 |
+
function encrypt_password( $password ) {
|
| 130 |
+
return md5( $password );
|
| 131 |
+
}
|
| 132 |
+
|
| 133 |
/**
|
| 134 |
* Maybe Process Login
|
| 135 |
*/
|
| 138 |
$password_protected_pwd = $_REQUEST['password_protected_pwd'];
|
| 139 |
$pwd = get_option( 'password_protected_password' );
|
| 140 |
// If correct password...
|
| 141 |
+
if ( ( $this->encrypt_password( $password_protected_pwd ) == $pwd && $pwd != '' ) || apply_filters( 'password_protected_process_login', false, $password_protected_pwd ) ) {
|
| 142 |
$this->set_auth_cookie();
|
| 143 |
if ( ! empty( $_REQUEST['redirect_to'] ) ) {
|
| 144 |
+
$this->safe_redirect( $_REQUEST['redirect_to'] );
|
| 145 |
exit;
|
| 146 |
}
|
| 147 |
} else {
|
| 328 |
if ( empty( $old_version ) || version_compare( '1.1', $old_version ) ) {
|
| 329 |
$pwd = get_option( 'password_protected_password' );
|
| 330 |
if ( ! empty( $pwd ) ) {
|
| 331 |
+
$new_pwd = $this->encrypt_password( $pwd );
|
| 332 |
update_option( 'password_protected_password', $new_pwd );
|
| 333 |
}
|
| 334 |
}
|
| 336 |
update_option( 'password_protected_version', $this->version );
|
| 337 |
}
|
| 338 |
|
| 339 |
+
/**
|
| 340 |
+
* Safe Redirect
|
| 341 |
+
*
|
| 342 |
+
* Ensure the redirect is to the same site or pluggable list of allowed domains.
|
| 343 |
+
* If invalid will redirect to ...
|
| 344 |
+
* Based on the WordPress wp_safe_redirect() function.
|
| 345 |
+
*/
|
| 346 |
+
function safe_redirect( $location, $status = 302 ) {
|
| 347 |
+
$location = wp_sanitize_redirect( $location );
|
| 348 |
+
$location = wp_validate_redirect( $location, home_url() );
|
| 349 |
+
wp_redirect( $location, $status );
|
| 350 |
+
}
|
| 351 |
+
|
| 352 |
}
|
| 353 |
|
| 354 |
?>
|
readme.txt
CHANGED
|
@@ -2,24 +2,27 @@
|
|
| 2 |
Contributors: husobj
|
| 3 |
Donate link: http://www.benhuson.co.uk/donate/
|
| 4 |
Tags: password, protect, password protect, login
|
| 5 |
-
Requires at least: 3.
|
| 6 |
-
Tested up to: 3.5
|
| 7 |
-
Stable tag: 1.
|
| 8 |
License: GPLv2 or later
|
| 9 |
|
| 10 |
-
A very simple way to quickly password protect your WordPress site with a single password.
|
| 11 |
|
| 12 |
== Description ==
|
| 13 |
|
| 14 |
-
A very simple way to quickly password protect your WordPress site with a single password.
|
|
|
|
|
|
|
| 15 |
|
| 16 |
Features include:
|
| 17 |
|
| 18 |
* Password protect your WordPress site with a single password.
|
| 19 |
* Option to allow access to feeds.
|
| 20 |
* Option to allow administrators access without entering password.
|
| 21 |
-
* Integrates seamlessly into your WordPress reading settings (or privacy settings prior to WordPress 3.5).
|
| 22 |
* Works with Mark Jaquith's [Login Logo](http://wordpress.org/extend/plugins/login-logo/) plugin.
|
|
|
|
|
|
|
| 23 |
|
| 24 |
== Installation ==
|
| 25 |
|
|
@@ -27,7 +30,7 @@ To install and configure this plugin...
|
|
| 27 |
|
| 28 |
1. Upload or install the plugin through your WordPress admin.
|
| 29 |
2. Activate the plugin via the 'Plugins' admin menu.
|
| 30 |
-
3.
|
| 31 |
|
| 32 |
= Upgrading =
|
| 33 |
|
|
@@ -61,11 +64,16 @@ If you can, please [fork the code](https://github.com/benhuson/password-protecte
|
|
| 61 |
== Screenshots ==
|
| 62 |
|
| 63 |
1. Login page perfectly mimicks the WordPress login.
|
| 64 |
-
2.
|
| 65 |
-
3. Integrates into your WordPress privacy settings in earlier versions of WordPress.
|
| 66 |
|
| 67 |
== Changelog ==
|
| 68 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 69 |
= 1.4 =
|
| 70 |
* Add option to allow administrators to use the site without logging in.
|
| 71 |
* Use DONOTCACHEPAGE to try to prevent some caching issues.
|
|
@@ -100,6 +108,9 @@ If you can, please [fork the code](https://github.com/benhuson/password-protecte
|
|
| 100 |
|
| 101 |
== Upgrade Notice ==
|
| 102 |
|
|
|
|
|
|
|
|
|
|
| 103 |
= 1.4 =
|
| 104 |
Administrators can use the site without logging in. WordPress 3.5 compatible.
|
| 105 |
|
| 2 |
Contributors: husobj
|
| 3 |
Donate link: http://www.benhuson.co.uk/donate/
|
| 4 |
Tags: password, protect, password protect, login
|
| 5 |
+
Requires at least: 3.1
|
| 6 |
+
Tested up to: 3.5.1
|
| 7 |
+
Stable tag: 1.5
|
| 8 |
License: GPLv2 or later
|
| 9 |
|
| 10 |
+
A very simple way to quickly password protect your WordPress site with a single password.
|
| 11 |
|
| 12 |
== Description ==
|
| 13 |
|
| 14 |
+
A very simple way to quickly password protect your WordPress site with a single password.
|
| 15 |
+
|
| 16 |
+
This plugin only protects your WordPress content. It **does not protect and images or uploaded files** so if you enter and exact URL to in image file it will still be accessible.
|
| 17 |
|
| 18 |
Features include:
|
| 19 |
|
| 20 |
* Password protect your WordPress site with a single password.
|
| 21 |
* Option to allow access to feeds.
|
| 22 |
* Option to allow administrators access without entering password.
|
|
|
|
| 23 |
* Works with Mark Jaquith's [Login Logo](http://wordpress.org/extend/plugins/login-logo/) plugin.
|
| 24 |
+
|
| 25 |
+
> Please note, this plugin does not currently work with WP Engine hosting due to their page caching implementation.
|
| 26 |
|
| 27 |
== Installation ==
|
| 28 |
|
| 30 |
|
| 31 |
1. Upload or install the plugin through your WordPress admin.
|
| 32 |
2. Activate the plugin via the 'Plugins' admin menu.
|
| 33 |
+
3. Configure the password options in the Password Protected settings.
|
| 34 |
|
| 35 |
= Upgrading =
|
| 36 |
|
| 64 |
== Screenshots ==
|
| 65 |
|
| 66 |
1. Login page perfectly mimicks the WordPress login.
|
| 67 |
+
2. Password Protected settings page.
|
|
|
|
| 68 |
|
| 69 |
== Changelog ==
|
| 70 |
|
| 71 |
+
= 1.5 =
|
| 72 |
+
* Requires WordPress 3.1+
|
| 73 |
+
* Settings now have their own page.
|
| 74 |
+
* Fixed an open redirect vulnerability. Props Chris Campbell.
|
| 75 |
+
* Added note about WP Engine compatibility to readme.txt
|
| 76 |
+
|
| 77 |
= 1.4 =
|
| 78 |
* Add option to allow administrators to use the site without logging in.
|
| 79 |
* Use DONOTCACHEPAGE to try to prevent some caching issues.
|
| 108 |
|
| 109 |
== Upgrade Notice ==
|
| 110 |
|
| 111 |
+
= 1.5 =
|
| 112 |
+
Fixes an open redirect vulnerability. Settings now have own page.
|
| 113 |
+
|
| 114 |
= 1.4 =
|
| 115 |
Administrators can use the site without logging in. WordPress 3.5 compatible.
|
| 116 |
|
