Password Protected - Version 2.0.3

Version Description

  • Declare methods as public or private and use PHP5 constructors.
  • Show user's IP address beside "Allow IP Addresses" admin setting.
  • Add CHANGELOG.md and README.md
Download this release

Release Info

Developer husobj
Plugin Icon 128x128 Password Protected
Version 2.0.3
Comparing to
See all releases

Code changes from version 2.0.2 to 2.0.3

Files changed (6) hide show
  1. CHANGELOG.md +192 -0
  2. README.md +125 -0
  3. admin/admin.php +21 -21
  4. languages/password-protected.pot +25 -23
  5. password-protected.php +34 -34
  6. readme.txt +25 -14
CHANGELOG.md ADDED
@@ -0,0 +1,192 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Change Log
2
+ All notable changes to this project will be documented in this file.
3
+ This project adheres to [Semantic Versioning](http://semver.org/).
4
+
5
+ ## [Unreleased]
6
+
7
+ ## [2.0.3] - 2015-03-23
8
+
9
+ ### Added
10
+ - Show user's IP address beside "Allow IP Addresses" admin setting.
11
+ - Add CHANGELOG.md and README.md
12
+
13
+ ### Changed
14
+ - Declare methods as public or private and use PHP5 constructors.
15
+
16
+ ## [2.0.2] - 2015-10-29
17
+
18
+ ### Added
19
+ - Check allowed IP addresses are valid when saving.
20
+
21
+ ### Changed
22
+ - Only redirect to [allowed domain names](https://codex.wordpress.org/Plugin_API/Filter_Reference/allowed_redirect_hosts) when logging out.
23
+
24
+ ## [2.0.1] - 2015-07-24
25
+
26
+ ### Changed
27
+ - Split logout functionality into separate function.
28
+
29
+ ### Security
30
+ - Use a more complex password hash for cookie key. Props Marcin Bury, [Securitum](http://securitum.pl).
31
+
32
+ ## [2.0] - 2015-03-26
33
+
34
+ ### Added
35
+ - Added [password_protected_logout_link](https://github.com/benhuson/password-protected/wiki/password_protected_logout_link-Shortcode) shortcode.
36
+ - Load 'password-protected-login.css' in theme folder if it exists.
37
+ - Added [password_protected_stylesheet_file](https://github.com/benhuson/password-protected/wiki/password_protected_stylesheet_file) filter to specify alternate stylesheet location.
38
+ - Added is_user_logged_in(), login_url(), logout_url() and logout_link() methods.
39
+ - Added Basque, Czech, Greek, Lithuanian and Norwegian translations.
40
+
41
+ ### Changed
42
+ - Better handling of login/out redirects when protection is not active on home page.
43
+
44
+ ## [1.9] - 2014-12-17
45
+
46
+ ### Fixed
47
+ - Fixed "Allow Users" functionality with is_user_logged_in(). Props PatRaven.
48
+
49
+ ### Added
50
+ - Added option for allowed IP addresses which can bypass the password protection.
51
+ - Added 'password_protected_is_active' filter.
52
+
53
+ ## [1.8] - 2014-10-07
54
+
55
+ ### Added
56
+ - Support for adding "password-protected-login.php" in theme directory.
57
+ - Allow filtering of the 'redirect to' URL via the 'password_protected_login_redirect_url' filter.
58
+ - Added 'password_protected_login_messages' action to output errors and messages in template.
59
+ - Updated translations.
60
+
61
+ ### Changed
62
+ - Use current_time( 'timestamp' ) instead of time() to take into account site timezone.
63
+ - Check login earlier in the template_redirect action.
64
+
65
+ ## [1.7.2] - 2014-06-05
66
+
67
+ ### Fixed
68
+ - Fix always allow access to robots.txt.
69
+
70
+ ### Added
71
+ - Added 'password_protected_login_redirect' filter.
72
+ - Updated translations.
73
+
74
+ ## [1.7.1] - 2014-03-17
75
+
76
+ ### Fixed
77
+ - Fix login template compatibility for WordPress 3.9
78
+
79
+ ## [1.7] - 2014-02-27
80
+
81
+ ### Fixed
82
+ - Remove JavaScript that disables admin RSS checkbox.
83
+
84
+ ### Added
85
+ - Added 'password_protected_theme_file' filter to allow custom login templates.
86
+ - It's now really easy to contribute to the translation of this plugin via our [Transifex page](https://www.transifex.com/projects/p/password-protected/resource/password-protected/).
87
+ - Add option to allow logged in users.
88
+
89
+ ## [1.6.2] - 2014-01-10
90
+
91
+ ### Changed
92
+ - Set login page not to index if privacy setting is on.
93
+ - Allow redirection to a different URL when logging out using 'redirect_to' query and full URL.
94
+
95
+ ## [1.6.1] - 2013-11-13
96
+
97
+ ### Added
98
+ - Language updates by wp-translations.org (Arabic, Dutch, French, Persian, Russian).
99
+
100
+ ## [1.6] - 2013-07-04
101
+
102
+ ### Fixed
103
+ - Robots.txt is now always accessible.
104
+
105
+ ### Added
106
+ - Added support for Uber Login Logo plugin.
107
+
108
+ ## [1.5] - 2013-02-21
109
+
110
+ ### Added
111
+ - Added note about WP Engine compatibility to readme.txt
112
+
113
+ ### Changed
114
+ - Requires WordPress 3.1+
115
+ - Settings now have their own page.
116
+
117
+ ### Security
118
+ - Fixed an open redirect vulnerability. Props Chris Campbell.
119
+
120
+ ## [1.4] - 2013-02-10
121
+
122
+ ### Added
123
+ - Add option to allow administrators to use the site without logging in.
124
+ - Use DONOTCACHEPAGE to try to prevent some caching issues.
125
+ - Added a contextual help tab for WordPress 3.3+.
126
+
127
+ ### Changed
128
+ - Updated login screen styling for WordPress 3.5 compatibility.
129
+ - Options are now on the 'Reading' settings page in WordPress 3.5
130
+
131
+ ## [1.3] - 2012-10-01
132
+
133
+ ### Added
134
+ - Added checkbox to allow access to feeds when protection is enabled.
135
+ - Prepare for WordPress 3.5 Settings API changes.
136
+ - Added 'password_protected_before_login_form' and 'password_protected_after_login_form' actions.
137
+ - Added 'password_protected_process_login' filter to make it possible to extend login functionality.
138
+ - Now possible to use 'pre_update_option_password_protected_password' filter to use password before it is encrypted and saved.
139
+ - Ready for [translations](http://codex.wordpress.org/I18n_for_WordPress_Developers).
140
+
141
+ ## [1.2.2] - 2012-07-30
142
+
143
+ ### Added
144
+ - Show login error messages.
145
+
146
+ ### Security
147
+ - Escape 'redirect_to' attribute. Props A. Alagha.
148
+
149
+ ## [1.2.1] - 2012-05-25
150
+
151
+ ### Added
152
+ - Added a "How to log out?" FAQ.
153
+
154
+ ### Changed
155
+ - Only disable feeds when protection is active.
156
+
157
+ ## [1.2] - 2012-04-14
158
+
159
+ ### Changed
160
+ - Use cookies instead of sessions.
161
+
162
+ ## [1.1] - 2012-02-12
163
+
164
+ ### Security
165
+ - Encrypt passwords in database.
166
+
167
+ ## [1.0] - 2012-02-01
168
+
169
+ ### Added
170
+ - First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
171
+
172
+ [Unreleased]: https://github.com/benhuson/password-protected/compare/2.0.3...HEAD
173
+ [2.0.3]: https://github.com/benhuson/password-protected/compare/2.0.2...2.0.3
174
+ [2.0.2]: https://github.com/benhuson/password-protected/compare/2.0.1...2.0.2
175
+ [2.0.1]: https://github.com/benhuson/password-protected/compare/2.0...2.0.1
176
+ [2.0]: https://github.com/benhuson/password-protected/compare/1.9...2.0
177
+ [1.9]: https://github.com/benhuson/password-protected/compare/1.8...1.9
178
+ [1.8]: https://github.com/benhuson/password-protected/compare/1.7.2...1.8
179
+ [1.7.2]: https://github.com/benhuson/password-protected/compare/1.7.1...1.7.2
180
+ [1.7.1]: https://github.com/benhuson/password-protected/compare/1.7...1.7.1
181
+ [1.7]: https://github.com/benhuson/password-protected/compare/1.6.2...1.7
182
+ [1.6.2]: https://github.com/benhuson/password-protected/compare/1.6.1...1.6.2
183
+ [1.6.1]: https://github.com/benhuson/password-protected/compare/1.6...1.6.1
184
+ [1.6]: https://github.com/benhuson/password-protected/compare/1.5...1.6
185
+ [1.5]: https://github.com/benhuson/password-protected/compare/1.4...1.5
186
+ [1.4]: https://github.com/benhuson/password-protected/compare/1.3...1.4
187
+ [1.3]: https://github.com/benhuson/password-protected/compare/1.2.2...1.3
188
+ [1.2.2]: https://github.com/benhuson/password-protected/compare/1.2.1...1.2.2
189
+ [1.2.1]: https://github.com/benhuson/password-protected/compare/1.2...1.2.1
190
+ [1.2]: https://github.com/benhuson/password-protected/compare/1.1...0.7.11.2
191
+ [1.1]: https://github.com/benhuson/password-protected/compare/1.0...1.1
192
+ [1.0]: https://github.com/benhuson/password-protected/tree/1.0
README.md ADDED
@@ -0,0 +1,125 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ Password Protected
2
+ ==================
3
+
4
+ A very simple way to quickly password protect your WordPress site with a single password.
5
+
6
+ This plugin only protects your WordPress content. It **does not protect and images or uploaded files** so if you enter and exact URL to in image file it will still be accessible.
7
+
8
+ Features include:
9
+
10
+ - Password protect your WordPress site with a single password.
11
+ - Option to allow access to feeds.
12
+ - Option to allow administrators access without entering password.
13
+ - Works with Mark Jaquith's [Login Logo](http://wordpress.org/extend/plugins/login-logo/) plugin.
14
+ - Works with the [Uber Login Logo](http://wordpress.org/plugins/uber-login-logo/) plugin.
15
+
16
+ > Please note, this plugin does not currently work with WP Engine hosting due to their page caching implementation.
17
+
18
+ Translations
19
+ ------------
20
+
21
+ If you would like to translate this plugin you can easily contribute via our [Transifex page](https://www.transifex.com/projects/p/password-protected/resource/password-protected/) - just signup for a free account.
22
+ More instructions can be found at [wp-translations.org](http://wp-translations.org/translators-wp-translations/)
23
+
24
+ Installation
25
+ ------------
26
+
27
+ To install and configure this plugin...
28
+
29
+ 1. Upload or install the plugin through your WordPress admin.
30
+ 1. Activate the plugin via the 'Plugins' admin menu.
31
+ 1. Configure the password options in the Password Protected settings.
32
+
33
+ Upgrading
34
+ ---------
35
+
36
+ If you are upgrading manually via FTP rather that through the WordPress automatic upgrade link, please de-activate and re-activate the plugin to ensure the plugin upgrades correctly.
37
+
38
+ Frequently Asked Questions
39
+ --------------------------
40
+
41
+ __How can I change the Wordpress logo to a different image?__
42
+ Install and configure the [Login Logo](http://wordpress.org/extend/plugins/login-logo/) plugin by Mark Jaquith or the [Uber Login Logo](http://wordpress.org/plugins/uber-login-logo/) plugin. This will change the logo on your password entry page AND also your admin login page.
43
+
44
+ __How can I enable feeds while the site is password protected?__
45
+ In the settings, check the 'Allow Feeds' checkbox.
46
+
47
+ __Can I prevent administrators having to enter password?__
48
+ In the settings, check the 'Allow Administrators' checkbox.
49
+
50
+ __I cannot preview my changes in the Theme Customizer__
51
+ You must be an administrator (have the manage_options capability) and in the Password Protected settings, check the 'Allow Administrators' checkbox.
52
+
53
+ __How can I log out?__
54
+ Just add a "password-protected=logout" query to your URL.
55
+ eg. http://www.example.com/?password-protected=logout
56
+
57
+ __How can I redirect to a different domain name when logging out?__
58
+ If passing a redirect URL using 'redirect_to' when logging out you need you may need to use the [allowed domain names](https://codex.wordpress.org/Plugin_API/Filter_Reference/allowed_redirect_hosts) filter to allow redirecting to an external domain.
59
+
60
+ __Where can I report bugs and issues?__
61
+ Please log issues and bugs on the plugin's [GitHub page](https://github.com/benhuson/password-protected/issues).
62
+ You can also submit suggested enhancements if you like.
63
+
64
+ __How can I contribute?__
65
+ If you can, please [fork the code](https://github.com/benhuson/password-protected) and submit a pull request via GitHub. If you're not comfortable using Git, then please just submit it to the issues link above.
66
+
67
+ __How can I translate this plugin?__
68
+ If you would like to translate this plugin you can easily contribute via our [Transifex page](https://www.transifex.com/projects/p/password-protected/resource/password-protected/) - just signup for a free account.
69
+ More instructions can be found at [wp-translations.org](http://wp-translations.org/translators-wp-translations/)
70
+
71
+ Upgrade Notice
72
+ --------------
73
+
74
+ ### 2.0.3
75
+ Show user's IP address beside "Allow IP Addresses" admin setting. Declare methods as public or private and use PHP5 constructors.
76
+
77
+ ### 2.0.2
78
+ Only redirect to [allowed domain names](https://codex.wordpress.org/Plugin_API/Filter_Reference/allowed_redirect_hosts) when logging out.
79
+
80
+ ### 2.0.1
81
+ Security fix: Use a more complex password hash for cookie key.
82
+
83
+ ### 2.0
84
+ Added 'password_protected_logout_link' shortcode and use 'password-protected-login.css' in theme folder if it exists.
85
+
86
+ ### 1.9
87
+ Fixed "Allow Users" functionality and added option to allowed IP addresses which can bypass the password protection.
88
+
89
+ ### 1.8
90
+ Support for adding "password-protected-login.php" in theme directory and allow filtering of the 'redirect to' URL via the 'password_protected_login_redirect_url' filter.
91
+
92
+ ### 1.7.2
93
+ Added 'password_protected_login_redirect' filter.
94
+
95
+ ### 1.7.1
96
+ Fix login template compatibility for WordPress 3.9
97
+
98
+ ### 1.7
99
+ Added 'password_protected_theme_file' filter and option to allow logged in users. Contribute to the translation of this plugin via our [Transifex page](https://www.transifex.com/projects/p/password-protected/resource/password-protected/).
100
+
101
+ ### 1.6.2
102
+ Allow redirection to a different URL when logging out.
103
+
104
+ ### 1.6
105
+ Added support for Uber Login Logo plugin.
106
+
107
+ ### 1.5
108
+ Fixes an open redirect vulnerability. Settings now have own page.
109
+
110
+ ### 1.4
111
+ Administrators can use the site without logging in. WordPress 3.5 compatible.
112
+
113
+ ### 1.3
114
+ Allow access to feeds. Ready for translation.
115
+
116
+ ### 1.2
117
+ Use cookies instead of sessions.
118
+
119
+ ### 1.1
120
+ Passwords saved encrypted.
121
+
122
+ Changelog
123
+ ---------
124
+
125
+ View a list of all plugin changes in [CHANGELOG.md](https://github.com/benhuson/password-protected/blob/master/CHANGELOG.md).
admin/admin.php CHANGED
@@ -8,7 +8,7 @@ class Password_Protected_Admin {
8
  /**
9
  * Constructor
10
  */
11
- function Password_Protected_Admin() {
12
 
13
  global $wp_version;
14
 
@@ -25,7 +25,7 @@ class Password_Protected_Admin {
25
  /**
26
  * Admin Menu
27
  */
28
- function admin_menu() {
29
 
30
  $this->settings_page_id = add_options_page( __( 'Password Protected', 'password-protected' ), __( 'Password Protected', 'password-protected' ), 'manage_options', 'password-protected', array( $this, 'settings_page' ) );
31
  add_action( 'load-' . $this->settings_page_id, array( $this, 'add_help_tabs' ), 20 );
@@ -35,7 +35,7 @@ class Password_Protected_Admin {
35
  /**
36
  * Settings Page
37
  */
38
- function settings_page() {
39
  ?>
40
 
41
  <div class="wrap">
@@ -56,7 +56,7 @@ class Password_Protected_Admin {
56
  /**
57
  * Add Help Tabs
58
  */
59
- function add_help_tabs() {
60
 
61
  global $wp_version;
62
 
@@ -73,7 +73,7 @@ class Password_Protected_Admin {
73
  *
74
  * @param object $current_screen Screen object.
75
  */
76
- function help_tabs( $current_screen ) {
77
 
78
  $current_screen->add_help_tab( array(
79
  'id' => 'PASSWORD_PROTECTED_SETTINGS',
@@ -88,7 +88,7 @@ class Password_Protected_Admin {
88
  /**
89
  * Settings API
90
  */
91
- function password_protected_settings() {
92
 
93
  add_settings_section(
94
  'password_protected',
@@ -144,7 +144,7 @@ class Password_Protected_Admin {
144
  * @param string $val Password.
145
  * @return string Sanitized password.
146
  */
147
- function sanitize_password_protected_password( $val ) {
148
 
149
  $old_val = get_option( 'password_protected_password' );
150
 
@@ -174,7 +174,7 @@ class Password_Protected_Admin {
174
  * @param string $val IP addresses.
175
  * @return string Sanitized IP addresses.
176
  */
177
- function sanitize_ip_addresses( $val ) {
178
 
179
  $ip_addresses = explode( "\n", $val );
180
  $ip_addresses = array_map( 'sanitize_text_field', $ip_addresses );
@@ -203,7 +203,7 @@ class Password_Protected_Admin {
203
  /**
204
  * Password Protected Section
205
  */
206
- function password_protected_settings_section() {
207
 
208
  echo '<p>' . __( 'Password protect your web site. Users will be asked to enter a password to view the site.', 'password-protected' ) . '<br />
209
  ' . __( 'For more information about Password Protected settings, view the "Help" tab at the top of this page.', 'password-protected' ) . '</p>';
@@ -213,7 +213,7 @@ class Password_Protected_Admin {
213
  /**
214
  * Password Protection Status Field
215
  */
216
- function password_protected_status_field() {
217
 
218
  echo '<label><input name="password_protected_status" id="password_protected_status" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_status' ), false ) . ' /> ' . __( 'Enabled', 'password-protected' ) . '</label>';
219
 
@@ -222,7 +222,7 @@ class Password_Protected_Admin {
222
  /**
223
  * Password Protection Permissions Field
224
  */
225
- function password_protected_permissions_field() {
226
 
227
  echo '<label><input name="password_protected_administrators" id="password_protected_administrators" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_administrators' ), false ) . ' /> ' . __( 'Allow Administrators', 'password-protected' ) . '</label>';
228
  echo '<label><input name="password_protected_users" id="password_protected_users" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_users' ), false ) . ' style="margin-left: 20px;" /> ' . __( 'Allow Logged In Users', 'password-protected' ) . '</label>';
@@ -233,7 +233,7 @@ class Password_Protected_Admin {
233
  /**
234
  * Password Field
235
  */
236
- function password_protected_password_field() {
237
 
238
  echo '<input type="password" name="password_protected_password[new]" id="password_protected_password_new" size="16" value="" autocomplete="off"> <span class="description">' . __( 'If you would like to change the password type a new one. Otherwise leave this blank.', 'password-protected' ) . '</span><br>
239
  <input type="password" name="password_protected_password[confirm]" id="password_protected_password_confirm" size="16" value="" autocomplete="off"> <span class="description">' . __( 'Type your new password again.', 'password-protected' ) . '</span>';
@@ -243,10 +243,10 @@ class Password_Protected_Admin {
243
  /**
244
  * Allowed IP Addresses Field
245
  */
246
- function password_protected_allowed_ip_addresses_field() {
247
 
248
  echo '<textarea name="password_protected_allowed_ip_addresses" id="password_protected_allowed_ip_addresses" rows="3" class="large-text" />' . get_option( 'password_protected_allowed_ip_addresses' ) . '</textarea>';
249
- echo '<p class="description">' . __( 'Enter one IP address per line', 'password-protected' ) .'</p>';
250
 
251
  }
252
 
@@ -261,7 +261,7 @@ class Password_Protected_Admin {
261
  * @param string $oldvalue Old Value.
262
  * @return string Filtered new value.
263
  */
264
- function pre_update_option_password_protected_password( $newvalue, $oldvalue ) {
265
 
266
  global $Password_Protected;
267
 
@@ -284,7 +284,7 @@ class Password_Protected_Admin {
284
  * @param string $status Plugin status.
285
  * @return array Plugin meta array.
286
  */
287
- function plugin_row_meta( $plugin_meta, $plugin_file, $plugin_data, $status ) {
288
 
289
  if ( 'password-protected/password-protected.php' == $plugin_file ) {
290
  $plugin_meta[] = sprintf( '<a href="%s">%s</a>', __( 'http://github.com/benhuson/password-protected', 'password-protected' ), __( 'GitHub', 'password-protected' ) );
@@ -303,7 +303,7 @@ class Password_Protected_Admin {
303
  * @param array $actions Plugin action links array.
304
  * @return array Plugin action links array.
305
  */
306
- function plugin_action_links( $actions ) {
307
 
308
  $actions[] = sprintf( '<a href="%s">%s</a>', admin_url( 'options-general.php?page=password-protected' ), __( 'Settings', 'password-protected' ) );
309
  return $actions;
@@ -314,7 +314,7 @@ class Password_Protected_Admin {
314
  * Password Admin Notice
315
  * Warns the user if they have enabled password protection but not entered a password
316
  */
317
- function password_protected_admin_notices() {
318
 
319
  global $Password_Protected;
320
 
@@ -358,7 +358,7 @@ class Password_Protected_Admin {
358
  * @param string $string Error string.
359
  * @return string HTML error.
360
  */
361
- function admin_error_display( $string ) {
362
 
363
  return '<div class="error"><p>' . $string . '</p></div>';
364
 
@@ -372,7 +372,7 @@ class Password_Protected_Admin {
372
  * @param string|array $screen_id Admin screen ID(s).
373
  * @return boolean
374
  */
375
- function is_current_screen( $screen_id ) {
376
 
377
  if ( function_exists( 'get_current_screen' ) ) {
378
  $current_screen = get_current_screen();
@@ -394,7 +394,7 @@ class Password_Protected_Admin {
394
  * @param string|array $screen_id Additional screen IDs to add to the returned array.
395
  * @return array Screen IDs.
396
  */
397
- function plugin_screen_ids( $screen_id = '' ) {
398
 
399
  $screen_ids = array( 'options-' . $this->options_group, 'settings_page_' . $this->options_group );
400
 
8
  /**
9
  * Constructor
10
  */
11
+ public function __construct() {
12
 
13
  global $wp_version;
14
 
25
  /**
26
  * Admin Menu
27
  */
28
+ public function admin_menu() {
29
 
30
  $this->settings_page_id = add_options_page( __( 'Password Protected', 'password-protected' ), __( 'Password Protected', 'password-protected' ), 'manage_options', 'password-protected', array( $this, 'settings_page' ) );
31
  add_action( 'load-' . $this->settings_page_id, array( $this, 'add_help_tabs' ), 20 );
35
  /**
36
  * Settings Page
37
  */
38
+ public function settings_page() {
39
  ?>
40
 
41
  <div class="wrap">
56
  /**
57
  * Add Help Tabs
58
  */
59
+ public function add_help_tabs() {
60
 
61
  global $wp_version;
62
 
73
  *
74
  * @param object $current_screen Screen object.
75
  */
76
+ public function help_tabs( $current_screen ) {
77
 
78
  $current_screen->add_help_tab( array(
79
  'id' => 'PASSWORD_PROTECTED_SETTINGS',
88
  /**
89
  * Settings API
90
  */
91
+ public function password_protected_settings() {
92
 
93
  add_settings_section(
94
  'password_protected',
144
  * @param string $val Password.
145
  * @return string Sanitized password.
146
  */
147
+ public function sanitize_password_protected_password( $val ) {
148
 
149
  $old_val = get_option( 'password_protected_password' );
150
 
174
  * @param string $val IP addresses.
175
  * @return string Sanitized IP addresses.
176
  */
177
+ public function sanitize_ip_addresses( $val ) {
178
 
179
  $ip_addresses = explode( "\n", $val );
180
  $ip_addresses = array_map( 'sanitize_text_field', $ip_addresses );
203
  /**
204
  * Password Protected Section
205
  */
206
+ public function password_protected_settings_section() {
207
 
208
  echo '<p>' . __( 'Password protect your web site. Users will be asked to enter a password to view the site.', 'password-protected' ) . '<br />
209
  ' . __( 'For more information about Password Protected settings, view the "Help" tab at the top of this page.', 'password-protected' ) . '</p>';
213
  /**
214
  * Password Protection Status Field
215
  */
216
+ public function password_protected_status_field() {
217
 
218
  echo '<label><input name="password_protected_status" id="password_protected_status" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_status' ), false ) . ' /> ' . __( 'Enabled', 'password-protected' ) . '</label>';
219
 
222
  /**
223
  * Password Protection Permissions Field
224
  */
225
+ public function password_protected_permissions_field() {
226
 
227
  echo '<label><input name="password_protected_administrators" id="password_protected_administrators" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_administrators' ), false ) . ' /> ' . __( 'Allow Administrators', 'password-protected' ) . '</label>';
228
  echo '<label><input name="password_protected_users" id="password_protected_users" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_users' ), false ) . ' style="margin-left: 20px;" /> ' . __( 'Allow Logged In Users', 'password-protected' ) . '</label>';
233
  /**
234
  * Password Field
235
  */
236
+ public function password_protected_password_field() {
237
 
238
  echo '<input type="password" name="password_protected_password[new]" id="password_protected_password_new" size="16" value="" autocomplete="off"> <span class="description">' . __( 'If you would like to change the password type a new one. Otherwise leave this blank.', 'password-protected' ) . '</span><br>
239
  <input type="password" name="password_protected_password[confirm]" id="password_protected_password_confirm" size="16" value="" autocomplete="off"> <span class="description">' . __( 'Type your new password again.', 'password-protected' ) . '</span>';
243
  /**
244
  * Allowed IP Addresses Field
245
  */
246
+ public function password_protected_allowed_ip_addresses_field() {
247
 
248
  echo '<textarea name="password_protected_allowed_ip_addresses" id="password_protected_allowed_ip_addresses" rows="3" class="large-text" />' . get_option( 'password_protected_allowed_ip_addresses' ) . '</textarea>';
249
+ echo '<p class="description">' . esc_html__( 'Enter one IP address per line.', 'password-protected' ) . ' ' . esc_html( sprintf( __( 'Your IP is address %s.', 'password-protected' ), $_SERVER['REMOTE_ADDR'] ) ) . '</p>';
250
 
251
  }
252
 
261
  * @param string $oldvalue Old Value.
262
  * @return string Filtered new value.
263
  */
264
+ public function pre_update_option_password_protected_password( $newvalue, $oldvalue ) {
265
 
266
  global $Password_Protected;
267
 
284
  * @param string $status Plugin status.
285
  * @return array Plugin meta array.
286
  */
287
+ public function plugin_row_meta( $plugin_meta, $plugin_file, $plugin_data, $status ) {
288
 
289
  if ( 'password-protected/password-protected.php' == $plugin_file ) {
290
  $plugin_meta[] = sprintf( '<a href="%s">%s</a>', __( 'http://github.com/benhuson/password-protected', 'password-protected' ), __( 'GitHub', 'password-protected' ) );
303
  * @param array $actions Plugin action links array.
304
  * @return array Plugin action links array.
305
  */
306
+ public function plugin_action_links( $actions ) {
307
 
308
  $actions[] = sprintf( '<a href="%s">%s</a>', admin_url( 'options-general.php?page=password-protected' ), __( 'Settings', 'password-protected' ) );
309
  return $actions;
314
  * Password Admin Notice
315
  * Warns the user if they have enabled password protection but not entered a password
316
  */
317
+ public function password_protected_admin_notices() {
318
 
319
  global $Password_Protected;
320
 
358
  * @param string $string Error string.
359
  * @return string HTML error.
360
  */
361
+ private function admin_error_display( $string ) {
362
 
363
  return '<div class="error"><p>' . $string . '</p></div>';
364
 
372
  * @param string|array $screen_id Admin screen ID(s).
373
  * @return boolean
374
  */
375
+ public function is_current_screen( $screen_id ) {
376
 
377
  if ( function_exists( 'get_current_screen' ) ) {
378
  $current_screen = get_current_screen();
394
  * @param string|array $screen_id Additional screen IDs to add to the returned array.
395
  * @return array Screen IDs.
396
  */
397
+ public function plugin_screen_ids( $screen_id = '' ) {
398
 
399
  $screen_ids = array( 'options-' . $this->options_group, 'settings_page_' . $this->options_group );
400
 
languages/password-protected.pot CHANGED
@@ -1,10 +1,11 @@
1
  # Copyright (C) 2013 Password Protected
2
  # This file is distributed under the same license as the Password Protected package.
 
3
  msgid ""
4
  msgstr ""
5
  "Project-Id-Version: Password Protected\n"
6
  "Report-Msgid-Bugs-To: http://wordpress.org/tag/password-protected\n"
7
- "POT-Creation-Date: 2015-05-14 23:14-0000\n"
8
  "PO-Revision-Date: 2015-05-14 23:15-0000\n"
9
  "Last-Translator: Ben Huson <ben@thewhiteroom.net>\n"
10
  "Language-Team: LANGUAGE\n"
@@ -12,9 +13,9 @@ msgstr ""
12
  "MIME-Version: 1.0\n"
13
  "Content-Type: text/plain; charset=UTF-8\n"
14
  "Content-Transfer-Encoding: 8bit\n"
15
- "X-Generator: Poedit 1.7.5\n"
16
  "X-Poedit-KeywordsList: __;_e;_ex;_x\n"
17
- "X-Poedit-Basepath: ./\n"
18
  "Plural-Forms: nplurals=2; plural=(n != 1);\n"
19
  "X-Poedit-SearchPath-0: ..\n"
20
 
@@ -82,89 +83,90 @@ msgstr ""
82
  msgid "New password saved."
83
  msgstr ""
84
 
85
- #: ../admin/admin.php:195
86
  msgid ""
87
  "Password protect your web site. Users will be asked to enter a password to view "
88
  "the site."
89
  msgstr ""
90
 
91
- #: ../admin/admin.php:196
92
  msgid ""
93
  "For more information about Password Protected settings, view the \"Help\" tab at "
94
  "the top of this page."
95
  msgstr ""
96
 
97
- #: ../admin/admin.php:205
98
  msgid "Enabled"
99
  msgstr ""
100
 
101
- #: ../admin/admin.php:214
102
  msgid "Allow Administrators"
103
  msgstr ""
104
 
105
- #: ../admin/admin.php:215
106
  msgid "Allow Logged In Users"
107
  msgstr ""
108
 
109
- #: ../admin/admin.php:216
110
  msgid "Allow RSS Feeds"
111
  msgstr ""
112
 
113
- #: ../admin/admin.php:225
114
  msgid ""
115
  "If you would like to change the password type a new one. Otherwise leave this "
116
  "blank."
117
  msgstr ""
118
 
119
- #: ../admin/admin.php:226
120
  msgid "Type your new password again."
121
  msgstr ""
122
 
123
- #: ../admin/admin.php:236
124
- msgid "Enter one IP address per line"
 
125
  msgstr ""
126
 
127
- #: ../admin/admin.php:277
128
  msgid "http://github.com/benhuson/password-protected"
129
  msgstr ""
130
 
131
- #: ../admin/admin.php:277
132
  msgid "GitHub"
133
  msgstr ""
134
 
135
- #: ../admin/admin.php:278
136
  msgid ""
137
  "https://www.transifex.com/projects/p/password-protected/resource/password-"
138
  "protected/"
139
  msgstr ""
140
 
141
- #: ../admin/admin.php:278
142
  msgid "Translate"
143
  msgstr ""
144
 
145
- #: ../admin/admin.php:295
146
  msgid "Settings"
147
  msgstr ""
148
 
149
- #: ../admin/admin.php:323
150
  msgid ""
151
  "You have enabled password protection but not yet set a password. Please set one "
152
  "below."
153
  msgstr ""
154
 
155
- #: ../admin/admin.php:328
156
  msgid ""
157
  "You have enabled password protection and allowed administrators and logged in "
158
  "users - other users will still need to enter a password to view the site."
159
  msgstr ""
160
 
161
- #: ../admin/admin.php:330
162
  msgid ""
163
  "You have enabled password protection and allowed administrators - other users "
164
  "will still need to enter a password to view the site."
165
  msgstr ""
166
 
167
- #: ../admin/admin.php:332
168
  msgid ""
169
  "You have enabled password protection and allowed logged in users - other users "
170
  "will still need to enter a password to view the site."
@@ -185,7 +187,7 @@ msgstr ""
185
  msgid "Logout"
186
  msgstr ""
187
 
188
- #: ../password-protected.php:755
189
  msgid ""
190
  "The Password Protected plugin does not work with WP Engine hosting. Please "
191
  "disable it."
1
  # Copyright (C) 2013 Password Protected
2
  # This file is distributed under the same license as the Password Protected package.
3
+ #, fuzzy
4
  msgid ""
5
  msgstr ""
6
  "Project-Id-Version: Password Protected\n"
7
  "Report-Msgid-Bugs-To: http://wordpress.org/tag/password-protected\n"
8
+ "POT-Creation-Date: 2016-03-23 00:25+0000\n"
9
  "PO-Revision-Date: 2015-05-14 23:15-0000\n"
10
  "Last-Translator: Ben Huson <ben@thewhiteroom.net>\n"
11
  "Language-Team: LANGUAGE\n"
13
  "MIME-Version: 1.0\n"
14
  "Content-Type: text/plain; charset=UTF-8\n"
15
  "Content-Transfer-Encoding: 8bit\n"
16
+ "X-Generator: Poedit 1.8.7\n"
17
  "X-Poedit-KeywordsList: __;_e;_ex;_x\n"
18
+ "X-Poedit-Basepath: .\n"
19
  "Plural-Forms: nplurals=2; plural=(n != 1);\n"
20
  "X-Poedit-SearchPath-0: ..\n"
21
 
83
  msgid "New password saved."
84
  msgstr ""
85
 
86
+ #: ../admin/admin.php:208
87
  msgid ""
88
  "Password protect your web site. Users will be asked to enter a password to view "
89
  "the site."
90
  msgstr ""
91
 
92
+ #: ../admin/admin.php:209
93
  msgid ""
94
  "For more information about Password Protected settings, view the \"Help\" tab at "
95
  "the top of this page."
96
  msgstr ""
97
 
98
+ #: ../admin/admin.php:218
99
  msgid "Enabled"
100
  msgstr ""
101
 
102
+ #: ../admin/admin.php:227
103
  msgid "Allow Administrators"
104
  msgstr ""
105
 
106
+ #: ../admin/admin.php:228
107
  msgid "Allow Logged In Users"
108
  msgstr ""
109
 
110
+ #: ../admin/admin.php:229
111
  msgid "Allow RSS Feeds"
112
  msgstr ""
113
 
114
+ #: ../admin/admin.php:238
115
  msgid ""
116
  "If you would like to change the password type a new one. Otherwise leave this "
117
  "blank."
118
  msgstr ""
119
 
120
+ #: ../admin/admin.php:239
121
  msgid "Type your new password again."
122
  msgstr ""
123
 
124
+ #: ../admin/admin.php:249
125
+ #, php-format
126
+ msgid "Your IP is address %s."
127
  msgstr ""
128
 
129
+ #: ../admin/admin.php:290
130
  msgid "http://github.com/benhuson/password-protected"
131
  msgstr ""
132
 
133
+ #: ../admin/admin.php:290
134
  msgid "GitHub"
135
  msgstr ""
136
 
137
+ #: ../admin/admin.php:291
138
  msgid ""
139
  "https://www.transifex.com/projects/p/password-protected/resource/password-"
140
  "protected/"
141
  msgstr ""
142
 
143
+ #: ../admin/admin.php:291
144
  msgid "Translate"
145
  msgstr ""
146
 
147
+ #: ../admin/admin.php:308
148
  msgid "Settings"
149
  msgstr ""
150
 
151
+ #: ../admin/admin.php:336
152
  msgid ""
153
  "You have enabled password protection but not yet set a password. Please set one "
154
  "below."
155
  msgstr ""
156
 
157
+ #: ../admin/admin.php:341
158
  msgid ""
159
  "You have enabled password protection and allowed administrators and logged in "
160
  "users - other users will still need to enter a password to view the site."
161
  msgstr ""
162
 
163
+ #: ../admin/admin.php:343
164
  msgid ""
165
  "You have enabled password protection and allowed administrators - other users "
166
  "will still need to enter a password to view the site."
167
  msgstr ""
168
 
169
+ #: ../admin/admin.php:345
170
  msgid ""
171
  "You have enabled password protection and allowed logged in users - other users "
172
  "will still need to enter a password to view the site."
187
  msgid "Logout"
188
  msgstr ""
189
 
190
+ #: ../password-protected.php:760
191
  msgid ""
192
  "The Password Protected plugin does not work with WP Engine hosting. Please "
193
  "disable it."
password-protected.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin Name: Password Protected
5
  Plugin URI: https://wordpress.org/plugins/password-protected/
6
  Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work on WP Engine or with some caching setups.
7
- Version: 2.0.2
8
  Author: Ben Huson
9
  Text Domain: password-protected
10
  Author URI: http://github.com/benhuson/password-protected/
@@ -42,14 +42,14 @@ $Password_Protected = new Password_Protected();
42
 
43
  class Password_Protected {
44
 
45
- var $version = '2.0.2';
46
  var $admin = null;
47
  var $errors = null;
48
 
49
  /**
50
  * Constructor
51
  */
52
- function Password_Protected() {
53
 
54
  $this->errors = new WP_Error();
55
 
@@ -83,7 +83,7 @@ class Password_Protected {
83
  /**
84
  * I18n
85
  */
86
- function load_plugin_textdomain() {
87
 
88
  load_plugin_textdomain( 'password-protected', false, basename( dirname( __FILE__ ) ) . '/languages' );
89
 
@@ -92,7 +92,7 @@ class Password_Protected {
92
  /**
93
  * Disable Page Caching
94
  */
95
- function disable_caching() {
96
 
97
  if ( $this->is_active() && ! defined( 'DONOTCACHEPAGE' ) ) {
98
  define( 'DONOTCACHEPAGE', true );
@@ -105,7 +105,7 @@ class Password_Protected {
105
  *
106
  * @return boolean Is password protection active?
107
  */
108
- function is_active() {
109
 
110
  global $wp_query;
111
 
@@ -135,7 +135,7 @@ class Password_Protected {
135
  *
136
  * @todo An option/filter to prevent disabling of feeds.
137
  */
138
- function disable_feeds() {
139
 
140
  if ( $this->is_active() ) {
141
  add_action( 'do_feed', array( $this, 'disable_feed' ), 1 );
@@ -152,7 +152,7 @@ class Password_Protected {
152
  *
153
  * @todo Make Translatable
154
  */
155
- function disable_feed() {
156
 
157
  wp_die( sprintf( __( 'Feeds are not available for this site. Please visit the <a href="%s">website</a>.', 'password-protected' ), get_bloginfo( 'url' ) ) );
158
 
@@ -164,7 +164,7 @@ class Password_Protected {
164
  * @param boolean $bool Allow feeds.
165
  * @return boolean True/false.
166
  */
167
- function allow_feeds( $bool ) {
168
 
169
  if ( is_feed() && (bool) get_option( 'password_protected_feeds' ) ) {
170
  return 0;
@@ -180,7 +180,7 @@ class Password_Protected {
180
  * @param boolean $bool Allow administrators.
181
  * @return boolean True/false.
182
  */
183
- function allow_administrators( $bool ) {
184
 
185
  if ( ! is_admin() && current_user_can( 'manage_options' ) && (bool) get_option( 'password_protected_administrators' ) ) {
186
  return 0;
@@ -196,7 +196,7 @@ class Password_Protected {
196
  * @param boolean $bool Allow administrators.
197
  * @return boolean True/false.
198
  */
199
- function allow_users( $bool ) {
200
 
201
  if ( ! is_admin() && is_user_logged_in() && (bool) get_option( 'password_protected_users' ) ) {
202
  return 0;
@@ -214,7 +214,7 @@ class Password_Protected {
214
  * @param boolean $bool Allow IP addresses.
215
  * @return boolean True/false.
216
  */
217
- function allow_ip_addresses( $bool ) {
218
 
219
  $ip_addresses = $this->get_allowed_ip_addresses();
220
 
@@ -231,7 +231,7 @@ class Password_Protected {
231
  *
232
  * @return array IP addresses.
233
  */
234
- function get_allowed_ip_addresses() {
235
 
236
  return explode( "\n", get_option( 'password_protected_allowed_ip_addresses' ) );
237
 
@@ -243,7 +243,7 @@ class Password_Protected {
243
  * @param string $password Password.
244
  * @return string Encrypted password.
245
  */
246
- function encrypt_password( $password ) {
247
 
248
  return md5( $password );
249
 
@@ -252,7 +252,7 @@ class Password_Protected {
252
  /**
253
  * Maybe Process Logout
254
  */
255
- function maybe_process_logout() {
256
 
257
  if ( isset( $_REQUEST['password-protected'] ) && $_REQUEST['password-protected'] == 'logout' ) {
258
 
@@ -274,7 +274,7 @@ class Password_Protected {
274
  /**
275
  * Maybe Process Login
276
  */
277
- function maybe_process_login() {
278
 
279
  if ( $this->is_active() && isset( $_REQUEST['password_protected_pwd'] ) ) {
280
  $password_protected_pwd = $_REQUEST['password_protected_pwd'];
@@ -309,7 +309,7 @@ class Password_Protected {
309
  *
310
  * @return boolean
311
  */
312
- function is_user_logged_in() {
313
 
314
  return $this->is_active() && $this->validate_auth_cookie();
315
 
@@ -318,7 +318,7 @@ class Password_Protected {
318
  /**
319
  * Maybe Show Login
320
  */
321
- function maybe_show_login() {
322
 
323
  // Don't show login if not enabled
324
  if ( ! $this->is_active() ) {
@@ -368,7 +368,7 @@ class Password_Protected {
368
  *
369
  * @return string Site ID.
370
  */
371
- function get_site_id() {
372
 
373
  global $blog_id;
374
  return 'bid_' . apply_filters( 'password_protected_blog_id', $blog_id );
@@ -380,7 +380,7 @@ class Password_Protected {
380
  *
381
  * @return string Login URL.
382
  */
383
- function login_url() {
384
 
385
  return add_query_arg( 'password-protected', 'login', home_url( '/' ) );
386
 
@@ -389,7 +389,7 @@ class Password_Protected {
389
  /**
390
  * Logout
391
  */
392
- function logout() {
393
 
394
  $this->clear_auth_cookie();
395
  do_action( 'password_protected_logout' );
@@ -402,7 +402,7 @@ class Password_Protected {
402
  * @param string $redirect_to Optional. Redirect URL.
403
  * @return string Logout URL.
404
  */
405
- function logout_url( $redirect_to = '' ) {
406
 
407
  $query = array(
408
  'password-protected' => 'logout',
@@ -423,7 +423,7 @@ class Password_Protected {
423
  * @param array $args Link args.
424
  * @return string HTML link tag.
425
  */
426
- function logout_link( $args = null ) {
427
 
428
  // Only show if user is logged in
429
  if ( ! $this->is_user_logged_in() ) {
@@ -449,7 +449,7 @@ class Password_Protected {
449
  * @param array $args Link args.
450
  * @return string HTML link tag.
451
  */
452
- function logout_link_shortcode( $atts, $content = null ) {
453
 
454
  $atts = shortcode_atts( array(
455
  'redirect_to' => '',
@@ -465,7 +465,7 @@ class Password_Protected {
465
  *
466
  * @return string Hashed password.
467
  */
468
- function get_hashed_password() {
469
 
470
  return md5( get_option( 'password_protected_password' ) . wp_salt() );
471
 
@@ -478,7 +478,7 @@ class Password_Protected {
478
  * @param string $scheme Cookie scheme.
479
  * @return boolean Validation successful?
480
  */
481
- function validate_auth_cookie( $cookie = '', $scheme = '' ) {
482
 
483
  if ( ! $cookie_elements = $this->parse_auth_cookie( $cookie, $scheme ) ) {
484
  do_action( 'password_protected_auth_cookie_malformed', $cookie, $scheme );
@@ -523,7 +523,7 @@ class Password_Protected {
523
  * @param string $scheme Cookie scheme.
524
  * @return string Cookie.
525
  */
526
- function generate_auth_cookie( $expiration, $scheme = 'auth' ) {
527
 
528
  $key = md5( $this->get_site_id() . $this->get_hashed_password() . '|' . $expiration );
529
  $hash = hash_hmac( 'md5', $this->get_site_id() . '|' . $expiration, $key );
@@ -540,7 +540,7 @@ class Password_Protected {
540
  * @param string $scheme Cookie scheme.
541
  * @return string Cookie string.
542
  */
543
- function parse_auth_cookie( $cookie = '', $scheme = '' ) {
544
 
545
  if ( empty( $cookie ) ) {
546
  $cookie_name = $this->cookie_name();
@@ -570,7 +570,7 @@ class Password_Protected {
570
  * @param boolean $remember Remember logged in.
571
  * @param string $secure Secure cookie.
572
  */
573
- function set_auth_cookie( $remember = false, $secure = '') {
574
 
575
  if ( $remember ) {
576
  $expiration = $expire = current_time( 'timestamp' ) + apply_filters( 'password_protected_auth_cookie_expiration', 1209600, $remember );
@@ -596,7 +596,7 @@ class Password_Protected {
596
  /**
597
  * Clear Auth Cookie
598
  */
599
- function clear_auth_cookie() {
600
 
601
  setcookie( $this->cookie_name(), ' ', current_time( 'timestamp' ) - 31536000, COOKIEPATH, COOKIE_DOMAIN );
602
  setcookie( $this->cookie_name(), ' ', current_time( 'timestamp' ) - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN );
@@ -608,7 +608,7 @@ class Password_Protected {
608
  *
609
  * @return string Cookie name.
610
  */
611
- function cookie_name() {
612
 
613
  return $this->get_site_id() . '_password_protected_auth';
614
 
@@ -617,7 +617,7 @@ class Password_Protected {
617
  /**
618
  * Install
619
  */
620
- function install() {
621
 
622
  $old_version = get_option( 'password_protected_version' );
623
 
@@ -708,7 +708,7 @@ class Password_Protected {
708
  * Possible to specify a different file in the theme folder via the
709
  * 'password_protected_stylesheet_file' filter (allows for theme subfolders).
710
  */
711
- function load_theme_stylesheet() {
712
 
713
  $filename = apply_filters( 'password_protected_stylesheet_file', 'password-protected-login.css' );
714
 
@@ -736,7 +736,7 @@ class Password_Protected {
736
  * If invalid will redirect to ...
737
  * Based on the WordPress wp_safe_redirect() function.
738
  */
739
- function safe_redirect( $location, $status = 302 ) {
740
 
741
  $location = wp_sanitize_redirect( $location );
742
  $location = wp_validate_redirect( $location, home_url() );
4
  Plugin Name: Password Protected
5
  Plugin URI: https://wordpress.org/plugins/password-protected/
6
  Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work on WP Engine or with some caching setups.
7
+ Version: 2.0.3
8
  Author: Ben Huson
9
  Text Domain: password-protected
10
  Author URI: http://github.com/benhuson/password-protected/
42
 
43
  class Password_Protected {
44
 
45
+ var $version = '2.0.3';
46
  var $admin = null;
47
  var $errors = null;
48
 
49
  /**
50
  * Constructor
51
  */
52
+ public function __construct() {
53
 
54
  $this->errors = new WP_Error();
55
 
83
  /**
84
  * I18n
85
  */
86
+ public function load_plugin_textdomain() {
87
 
88
  load_plugin_textdomain( 'password-protected', false, basename( dirname( __FILE__ ) ) . '/languages' );
89
 
92
  /**
93
  * Disable Page Caching
94
  */
95
+ public function disable_caching() {
96
 
97
  if ( $this->is_active() && ! defined( 'DONOTCACHEPAGE' ) ) {
98
  define( 'DONOTCACHEPAGE', true );
105
  *
106
  * @return boolean Is password protection active?
107
  */
108
+ public function is_active() {
109
 
110
  global $wp_query;
111
 
135
  *
136
  * @todo An option/filter to prevent disabling of feeds.
137
  */
138
+ public function disable_feeds() {
139
 
140
  if ( $this->is_active() ) {
141
  add_action( 'do_feed', array( $this, 'disable_feed' ), 1 );
152
  *
153
  * @todo Make Translatable
154
  */
155
+ public function disable_feed() {
156
 
157
  wp_die( sprintf( __( 'Feeds are not available for this site. Please visit the <a href="%s">website</a>.', 'password-protected' ), get_bloginfo( 'url' ) ) );
158
 
164
  * @param boolean $bool Allow feeds.
165
  * @return boolean True/false.
166
  */
167
+ public function allow_feeds( $bool ) {
168
 
169
  if ( is_feed() && (bool) get_option( 'password_protected_feeds' ) ) {
170
  return 0;
180
  * @param boolean $bool Allow administrators.
181
  * @return boolean True/false.
182
  */
183
+ public function allow_administrators( $bool ) {
184
 
185
  if ( ! is_admin() && current_user_can( 'manage_options' ) && (bool) get_option( 'password_protected_administrators' ) ) {
186
  return 0;
196
  * @param boolean $bool Allow administrators.
197
  * @return boolean True/false.
198
  */
199
+ public function allow_users( $bool ) {
200
 
201
  if ( ! is_admin() && is_user_logged_in() && (bool) get_option( 'password_protected_users' ) ) {
202
  return 0;
214
  * @param boolean $bool Allow IP addresses.
215
  * @return boolean True/false.
216
  */
217
+ public function allow_ip_addresses( $bool ) {
218
 
219
  $ip_addresses = $this->get_allowed_ip_addresses();
220
 
231
  *
232
  * @return array IP addresses.
233
  */
234
+ public function get_allowed_ip_addresses() {
235
 
236
  return explode( "\n", get_option( 'password_protected_allowed_ip_addresses' ) );
237
 
243
  * @param string $password Password.
244
  * @return string Encrypted password.
245
  */
246
+ public function encrypt_password( $password ) {
247
 
248
  return md5( $password );
249
 
252
  /**
253
  * Maybe Process Logout
254
  */
255
+ public function maybe_process_logout() {
256
 
257
  if ( isset( $_REQUEST['password-protected'] ) && $_REQUEST['password-protected'] == 'logout' ) {
258
 
274
  /**
275
  * Maybe Process Login
276
  */
277
+ public function maybe_process_login() {
278
 
279
  if ( $this->is_active() && isset( $_REQUEST['password_protected_pwd'] ) ) {
280
  $password_protected_pwd = $_REQUEST['password_protected_pwd'];
309
  *
310
  * @return boolean
311
  */
312
+ public function is_user_logged_in() {
313
 
314
  return $this->is_active() && $this->validate_auth_cookie();
315
 
318
  /**
319
  * Maybe Show Login
320
  */
321
+ public function maybe_show_login() {
322
 
323
  // Don't show login if not enabled
324
  if ( ! $this->is_active() ) {
368
  *
369
  * @return string Site ID.
370
  */
371
+ public function get_site_id() {
372
 
373
  global $blog_id;
374
  return 'bid_' . apply_filters( 'password_protected_blog_id', $blog_id );
380
  *
381
  * @return string Login URL.
382
  */
383
+ public function login_url() {
384
 
385
  return add_query_arg( 'password-protected', 'login', home_url( '/' ) );
386
 
389
  /**
390
  * Logout
391
  */
392
+ public function logout() {
393
 
394
  $this->clear_auth_cookie();
395
  do_action( 'password_protected_logout' );
402
  * @param string $redirect_to Optional. Redirect URL.
403
  * @return string Logout URL.
404
  */
405
+ public function logout_url( $redirect_to = '' ) {
406
 
407
  $query = array(
408
  'password-protected' => 'logout',
423
  * @param array $args Link args.
424
  * @return string HTML link tag.
425
  */
426
+ public function logout_link( $args = null ) {
427
 
428
  // Only show if user is logged in
429
  if ( ! $this->is_user_logged_in() ) {
449
  * @param array $args Link args.
450
  * @return string HTML link tag.
451
  */
452
+ public function logout_link_shortcode( $atts, $content = null ) {
453
 
454
  $atts = shortcode_atts( array(
455
  'redirect_to' => '',
465
  *
466
  * @return string Hashed password.
467
  */
468
+ public function get_hashed_password() {
469
 
470
  return md5( get_option( 'password_protected_password' ) . wp_salt() );
471
 
478
  * @param string $scheme Cookie scheme.
479
  * @return boolean Validation successful?
480
  */
481
+ public function validate_auth_cookie( $cookie = '', $scheme = '' ) {
482
 
483
  if ( ! $cookie_elements = $this->parse_auth_cookie( $cookie, $scheme ) ) {
484
  do_action( 'password_protected_auth_cookie_malformed', $cookie, $scheme );
523
  * @param string $scheme Cookie scheme.
524
  * @return string Cookie.
525
  */
526
+ public function generate_auth_cookie( $expiration, $scheme = 'auth' ) {
527
 
528
  $key = md5( $this->get_site_id() . $this->get_hashed_password() . '|' . $expiration );
529
  $hash = hash_hmac( 'md5', $this->get_site_id() . '|' . $expiration, $key );
540
  * @param string $scheme Cookie scheme.
541
  * @return string Cookie string.
542
  */
543
+ public function parse_auth_cookie( $cookie = '', $scheme = '' ) {
544
 
545
  if ( empty( $cookie ) ) {
546
  $cookie_name = $this->cookie_name();
570
  * @param boolean $remember Remember logged in.
571
  * @param string $secure Secure cookie.
572
  */
573
+ public function set_auth_cookie( $remember = false, $secure = '') {
574
 
575
  if ( $remember ) {
576
  $expiration = $expire = current_time( 'timestamp' ) + apply_filters( 'password_protected_auth_cookie_expiration', 1209600, $remember );
596
  /**
597
  * Clear Auth Cookie
598
  */
599
+ public function clear_auth_cookie() {
600
 
601
  setcookie( $this->cookie_name(), ' ', current_time( 'timestamp' ) - 31536000, COOKIEPATH, COOKIE_DOMAIN );
602
  setcookie( $this->cookie_name(), ' ', current_time( 'timestamp' ) - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN );
608
  *
609
  * @return string Cookie name.
610
  */
611
+ public function cookie_name() {
612
 
613
  return $this->get_site_id() . '_password_protected_auth';
614
 
617
  /**
618
  * Install
619
  */
620
+ public function install() {
621
 
622
  $old_version = get_option( 'password_protected_version' );
623
 
708
  * Possible to specify a different file in the theme folder via the
709
  * 'password_protected_stylesheet_file' filter (allows for theme subfolders).
710
  */
711
+ public function load_theme_stylesheet() {
712
 
713
  $filename = apply_filters( 'password_protected_stylesheet_file', 'password-protected-login.css' );
714
 
736
  * If invalid will redirect to ...
737
  * Based on the WordPress wp_safe_redirect() function.
738
  */
739
+ public function safe_redirect( $location, $status = 302 ) {
740
 
741
  $location = wp_sanitize_redirect( $location );
742
  $location = wp_validate_redirect( $location, home_url() );
readme.txt CHANGED
@@ -1,9 +1,10 @@
1
  === Password Protected ===
2
  Contributors: husobj
 
3
  Tags: password, protect, password protect, login
4
  Requires at least: 3.5
5
- Tested up to: 4.3.1
6
- Stable tag: 2.0.2
7
  License: GPLv2 or later
8
 
9
  A very simple way to quickly password protect your WordPress site with a single password.
@@ -80,21 +81,28 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
80
 
81
  == Changelog ==
82
 
 
 
 
 
 
 
 
83
  = 2.0.2 =
84
- * Only redirect to [allowed domain names](https://codex.wordpress.org/Plugin_API/Filter_Reference/allowed_redirect_hosts) when logging out.
85
  * Check allowed IP addresses are valid when saving.
 
86
 
87
  = 2.0.1 =
88
- * Security fix: Use a more complex password hash for cookie key. Props Marcin Bury, [Securitum](http://securitum.pl).
89
  * Split logout functionality into separate function.
 
90
 
91
  = 2.0 =
92
  * Added [password_protected_logout_link](https://github.com/benhuson/password-protected/wiki/password_protected_logout_link-Shortcode) shortcode.
93
  * Load 'password-protected-login.css' in theme folder if it exists.
94
  * Added [password_protected_stylesheet_file](https://github.com/benhuson/password-protected/wiki/password_protected_stylesheet_file) filter to specify alternate stylesheet location.
95
  * Added is_user_logged_in(), login_url(), logout_url() and logout_link() methods.
96
- * Better handling of login/out redirects when protection is not active on home page.
97
  * Added Basque, Czech, Greek, Lithuanian and Norwegian translations.
 
98
 
99
  = 1.9 =
100
  * Fixed "Allow Users" functionality with is_user_logged_in(). Props PatRaven.
@@ -105,23 +113,23 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
105
  * Support for adding "password-protected-login.php" in theme directory.
106
  * Allow filtering of the 'redirect to' URL via the 'password_protected_login_redirect_url' filter.
107
  * Added 'password_protected_login_messages' action to output errors and messages in template.
 
108
  * Use current_time( 'timestamp' ) instead of time() to take into account site timezone.
109
  * Check login earlier in the template_redirect action.
110
- * Updated translations.
111
 
112
  = 1.7.2 =
113
- * Added 'password_protected_login_redirect' filter.
114
  * Fix always allow access to robots.txt.
 
115
  * Updated translations.
116
 
117
  = 1.7.1 =
118
  * Fix login template compatibility for WordPress 3.9
119
 
120
  = 1.7 =
 
121
  * Added 'password_protected_theme_file' filter to allow custom login templates.
122
  * It's now really easy to contribute to the translation of this plugin via our [Transifex page](https://www.transifex.com/projects/p/password-protected/resource/password-protected/).
123
  * Add option to allow logged in users.
124
- * Remove JavaScript that disables admin RSS checkbox.
125
 
126
  = 1.6.2 =
127
  * Set login page not to index if privacy setting is on.
@@ -135,17 +143,17 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
135
  * Added support for Uber Login Logo plugin.
136
 
137
  = 1.5 =
 
138
  * Requires WordPress 3.1+
139
  * Settings now have their own page.
140
  * Fixed an open redirect vulnerability. Props Chris Campbell.
141
- * Added note about WP Engine compatibility to readme.txt
142
 
143
  = 1.4 =
144
  * Add option to allow administrators to use the site without logging in.
145
  * Use DONOTCACHEPAGE to try to prevent some caching issues.
 
146
  * Updated login screen styling for WordPress 3.5 compatibility.
147
  * Options are now on the 'Reading' settings page in WordPress 3.5
148
- * Added a contextual help tab for WordPress 3.3+.
149
 
150
  = 1.3 =
151
  * Added checkbox to allow access to feeds when protection is enabled.
@@ -156,24 +164,27 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
156
  * Ready for [translations](http://codex.wordpress.org/I18n_for_WordPress_Developers).
157
 
158
  = 1.2.2 =
159
- * Escape 'redirect_to' attribute. Props A. Alagha.
160
  * Show login error messages.
 
161
 
162
  = 1.2.1 =
163
- * Only disable feeds when protection is active.
164
  * Added a "How to log out?" FAQ.
 
165
 
166
  = 1.2 =
167
  * Use cookies instead of sessions.
168
- = 1.1 =
169
 
 
170
  * Encrypt passwords in database.
171
- = 1.0 =
172
 
 
173
  * First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
174
 
175
  == Upgrade Notice ==
176
 
 
 
 
177
  = 2.0.2 =
178
  Only redirect to [allowed domain names](https://codex.wordpress.org/Plugin_API/Filter_Reference/allowed_redirect_hosts) when logging out.
179
 
1
  === Password Protected ===
2
  Contributors: husobj
3
+ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DXRJDNCMK9U3N
4
  Tags: password, protect, password protect, login
5
  Requires at least: 3.5
6
+ Tested up to: 4.4.2
7
+ Stable tag: 2.0.3
8
  License: GPLv2 or later
9
 
10
  A very simple way to quickly password protect your WordPress site with a single password.
81
 
82
  == Changelog ==
83
 
84
+ = Unreleased =
85
+
86
+ = 2.0.3 =
87
+ * Declare methods as public or private and use PHP5 constructors.
88
+ * Show user's IP address beside "Allow IP Addresses" admin setting.
89
+ * Add CHANGELOG.md and README.md
90
+
91
  = 2.0.2 =
 
92
  * Check allowed IP addresses are valid when saving.
93
+ * Only redirect to [allowed domain names](https://codex.wordpress.org/Plugin_API/Filter_Reference/allowed_redirect_hosts) when logging out.
94
 
95
  = 2.0.1 =
 
96
  * Split logout functionality into separate function.
97
+ * Security fix: Use a more complex password hash for cookie key. Props Marcin Bury, [Securitum](http://securitum.pl).
98
 
99
  = 2.0 =
100
  * Added [password_protected_logout_link](https://github.com/benhuson/password-protected/wiki/password_protected_logout_link-Shortcode) shortcode.
101
  * Load 'password-protected-login.css' in theme folder if it exists.
102
  * Added [password_protected_stylesheet_file](https://github.com/benhuson/password-protected/wiki/password_protected_stylesheet_file) filter to specify alternate stylesheet location.
103
  * Added is_user_logged_in(), login_url(), logout_url() and logout_link() methods.
 
104
  * Added Basque, Czech, Greek, Lithuanian and Norwegian translations.
105
+ * Better handling of login/out redirects when protection is not active on home page.
106
 
107
  = 1.9 =
108
  * Fixed "Allow Users" functionality with is_user_logged_in(). Props PatRaven.
113
  * Support for adding "password-protected-login.php" in theme directory.
114
  * Allow filtering of the 'redirect to' URL via the 'password_protected_login_redirect_url' filter.
115
  * Added 'password_protected_login_messages' action to output errors and messages in template.
116
+ * Updated translations.
117
  * Use current_time( 'timestamp' ) instead of time() to take into account site timezone.
118
  * Check login earlier in the template_redirect action.
 
119
 
120
  = 1.7.2 =
 
121
  * Fix always allow access to robots.txt.
122
+ * Added 'password_protected_login_redirect' filter.
123
  * Updated translations.
124
 
125
  = 1.7.1 =
126
  * Fix login template compatibility for WordPress 3.9
127
 
128
  = 1.7 =
129
+ * Remove JavaScript that disables admin RSS checkbox.
130
  * Added 'password_protected_theme_file' filter to allow custom login templates.
131
  * It's now really easy to contribute to the translation of this plugin via our [Transifex page](https://www.transifex.com/projects/p/password-protected/resource/password-protected/).
132
  * Add option to allow logged in users.
 
133
 
134
  = 1.6.2 =
135
  * Set login page not to index if privacy setting is on.
143
  * Added support for Uber Login Logo plugin.
144
 
145
  = 1.5 =
146
+ * Added note about WP Engine compatibility to readme.txt
147
  * Requires WordPress 3.1+
148
  * Settings now have their own page.
149
  * Fixed an open redirect vulnerability. Props Chris Campbell.
 
150
 
151
  = 1.4 =
152
  * Add option to allow administrators to use the site without logging in.
153
  * Use DONOTCACHEPAGE to try to prevent some caching issues.
154
+ * Added a contextual help tab for WordPress 3.3+.
155
  * Updated login screen styling for WordPress 3.5 compatibility.
156
  * Options are now on the 'Reading' settings page in WordPress 3.5
 
157
 
158
  = 1.3 =
159
  * Added checkbox to allow access to feeds when protection is enabled.
164
  * Ready for [translations](http://codex.wordpress.org/I18n_for_WordPress_Developers).
165
 
166
  = 1.2.2 =
 
167
  * Show login error messages.
168
+ * Escape 'redirect_to' attribute. Props A. Alagha.
169
 
170
  = 1.2.1 =
 
171
  * Added a "How to log out?" FAQ.
172
+ * Only disable feeds when protection is active.
173
 
174
  = 1.2 =
175
  * Use cookies instead of sessions.
 
176
 
177
+ = 1.1 =
178
  * Encrypt passwords in database.
 
179
 
180
+ = 1.0 =
181
  * First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
182
 
183
  == Upgrade Notice ==
184
 
185
+ = 2.0.3 =
186
+ Show user's IP address beside "Allow IP Addresses" admin setting. Declare methods as public or private and use PHP5 constructors.
187
+
188
  = 2.0.2 =
189
  Only redirect to [allowed domain names](https://codex.wordpress.org/Plugin_API/Filter_Reference/allowed_redirect_hosts) when logging out.
190