Password Protected - Version 2.2

Version Description

  • Added admin bar icon to indicate wether password protection is enabled/disabled.
  • Option to show "Remember me" checkbox. Props Christian Gdel.
  • REST API access disabled if password not entered.
  • Admin option to allow REST API access.
  • More robust checking of password hashes.
Download this release

Release Info

Developer husobj
Plugin Icon 128x128 Password Protected
Version 2.2
Comparing to
See all releases

Code changes from version 2.1 to 2.2

Files changed (8) hide show
  1. CHANGELOG.md +13 -1
  2. README.md +3 -0
  3. admin/admin-bar.php +137 -0
  4. admin/admin-caching.php +1 -1
  5. admin/admin.php +40 -2
  6. password-protected.php +58 -15
  7. readme.txt +12 -4
  8. theme/password-protected-login.php +7 -3
CHANGELOG.md CHANGED
@@ -4,6 +4,17 @@ This project adheres to [Semantic Versioning](http://semver.org/).
4
 
5
  ## [Unreleased]
6
 
 
 
 
 
 
 
 
 
 
 
 
7
  ## [2.1] - 2017-07-27
8
 
9
  ### Added
@@ -175,7 +186,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
175
  ### Added
176
  - First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
177
 
178
- [Unreleased]: https://github.com/benhuson/password-protected/compare/2.1...HEAD
 
179
  [2.1]: https://github.com/benhuson/password-protected/compare/2.0.3...2.1
180
  [2.0.3]: https://github.com/benhuson/password-protected/compare/2.0.2...2.0.3
181
  [2.0.2]: https://github.com/benhuson/password-protected/compare/2.0.1...2.0.2
4
 
5
  ## [Unreleased]
6
 
7
+ ## [2.2] - 2018-05-25
8
+
9
+ ### Added
10
+ - Admin bar icon to indicate wether password protection is enabled/disabled.
11
+ - Option to show "Remember me" checkbox. Props [Christian Güdel](https://github.com/cguedel).
12
+ - REST API access disabled if password not entered.
13
+ - Admin option to allow REST API access.
14
+
15
+ ### Security
16
+ - More robust checking of password hashes.
17
+
18
  ## [2.1] - 2017-07-27
19
 
20
  ### Added
186
  ### Added
187
  - First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
188
 
189
+ [Unreleased]: https://github.com/benhuson/password-protected/compare/2.2...HEAD
190
+ [2.2]: https://github.com/benhuson/password-protected/compare/2.1...2.2
191
  [2.1]: https://github.com/benhuson/password-protected/compare/2.0.3...2.1
192
  [2.0.3]: https://github.com/benhuson/password-protected/compare/2.0.2...2.0.3
193
  [2.0.2]: https://github.com/benhuson/password-protected/compare/2.0.1...2.0.2
README.md CHANGED
@@ -71,6 +71,9 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
71
  Upgrade Notice
72
  --------------
73
 
 
 
 
74
  ### 2.1
75
  Update caching notes for WP Engine and W3 Total Cache plugin.
76
 
71
  Upgrade Notice
72
  --------------
73
 
74
+ ### 2.2
75
+ Added admin bar icon to indicate wether password protection is enabled/disabled. Options to enable REST API access and show "Remember me" checkbox.
76
+
77
  ### 2.1
78
  Update caching notes for WP Engine and W3 Total Cache plugin.
79
 
admin/admin-bar.php ADDED
@@ -0,0 +1,137 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /**
4
+ * @package Password Protected
5
+ * @subpackage Admin Bar
6
+ *
7
+ * Adds an indicator in the admin if Password Protection is enabled.
8
+ */
9
+
10
+ namespace Password_Protected;
11
+
12
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
13
+
14
+ add_action( 'plugins_loaded', array( 'Password_Protected\Admin_Bar', 'load' ), 15 );
15
+
16
+ class Admin_Bar {
17
+
18
+ /**
19
+ * Load
20
+ *
21
+ * @internal Private. Called via `plugins_loaded` actions.
22
+ */
23
+ public static function load() {
24
+
25
+ add_action( 'wp_head', array( get_class(), 'styles' ) );
26
+ add_action( 'admin_head', array( get_class(), 'styles' ) );
27
+ add_action( 'wp_before_admin_bar_render', array( get_class(), 'toolbar_item' ) );
28
+
29
+ }
30
+
31
+ /**
32
+ * Toolbar Item
33
+ *
34
+ * @internal Private. Called via `wp_before_admin_bar_render` actions.
35
+ */
36
+ public static function toolbar_item() {
37
+
38
+ global $wp_admin_bar;
39
+
40
+ if ( self::allow_current_user() ) {
41
+
42
+ $wp_admin_bar->add_menu( array(
43
+ 'id' => 'password_protected',
44
+ 'title' => __( '', 'password-protected' ),
45
+ 'href' => self::get_toolbar_item_url(),
46
+ 'meta' => array(
47
+ 'title' => self::get_toolbar_item_title()
48
+ )
49
+ ) );
50
+
51
+ }
52
+
53
+ }
54
+
55
+ /**
56
+ * Get Toolbar Item URL
57
+ *
58
+ * @return string
59
+ */
60
+ private static function get_toolbar_item_url() {
61
+
62
+ if ( current_user_can( 'manage_options' ) ) {
63
+ return admin_url( 'options-general.php?page=password-protected' );
64
+ }
65
+
66
+ return '';
67
+
68
+ }
69
+
70
+ /**
71
+ * Get Toolbar Item Title
72
+ *
73
+ * @return string
74
+ */
75
+ private static function get_toolbar_item_title() {
76
+
77
+ if ( self::is_enabled() ) {
78
+ return __( 'Password Protection is enabled.', 'password-protected' );
79
+ }
80
+
81
+ return __( 'Password Protection is disabled.', 'password-protected' );
82
+
83
+ }
84
+
85
+ /**
86
+ * Styles
87
+ *
88
+ * @internal Private. Called via `wp_head` and `admin_head` actions.
89
+ */
90
+ public static function styles() {
91
+
92
+ if ( self::allow_current_user() ) {
93
+
94
+ if ( self::is_enabled() ) {
95
+ $icon = '\f160'; // Locked
96
+ $background = '#C00';
97
+ } else {
98
+ $icon = '\f528'; // Unlocked
99
+ $background = 'transparent';
100
+ }
101
+
102
+ ?>
103
+ <style type="text/css">
104
+ #wp-admin-bar-password_protected { background-color: <?php echo $background; ?> !important; }
105
+ #wp-admin-bar-password_protected > .ab-item { color: #fff !important; }
106
+ #wp-admin-bar-password_protected > .ab-item:before { content: "<?php echo $icon; ?>"; top: 2px; color: #fff !important; margin-right: 0px; }
107
+ #wp-admin-bar-password_protected:hover > .ab-item { background-color: <?php echo $background; ?> !important; color: #fff; }
108
+ </style>
109
+ <?php
110
+
111
+ }
112
+
113
+ }
114
+
115
+ /**
116
+ * Allow Current User
117
+ *
118
+ * @return boolean
119
+ */
120
+ private static function allow_current_user() {
121
+
122
+ return is_user_logged_in();
123
+
124
+ }
125
+
126
+ /**
127
+ * Is Enabled
128
+ *
129
+ * @return boolean
130
+ */
131
+ private static function is_enabled() {
132
+
133
+ return (bool) get_option( 'password_protected_status' );
134
+
135
+ }
136
+
137
+ }
admin/admin-caching.php CHANGED
@@ -96,7 +96,7 @@ class Password_Protected_Admin_Caching {
96
  public function section_caching() {
97
 
98
  echo '<p>' . __( 'Password Protected does not always work well with sites that use caching.', 'password-protected' ) . '<br />
99
- ' . __( 'If your site uses a caching plugin or yur web hosting uses server-side caching, you may need to configure your setup to disable caching for the Password Protected cookie:', 'password-protected' ) . '</p>';
100
 
101
  }
102
 
96
  public function section_caching() {
97
 
98
  echo '<p>' . __( 'Password Protected does not always work well with sites that use caching.', 'password-protected' ) . '<br />
99
+ ' . __( 'If your site uses a caching plugin or your web hosting uses server-side caching, you may need to configure your setup to disable caching for the Password Protected cookie:', 'password-protected' ) . '</p>';
100
 
101
  }
102
 
admin/admin.php CHANGED
@@ -130,12 +130,31 @@ class Password_Protected_Admin {
130
  'password_protected'
131
  );
132
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
133
  register_setting( $this->options_group, 'password_protected_status', 'intval' );
134
  register_setting( $this->options_group, 'password_protected_feeds', 'intval' );
 
135
  register_setting( $this->options_group, 'password_protected_administrators', 'intval' );
136
  register_setting( $this->options_group, 'password_protected_users', 'intval' );
137
  register_setting( $this->options_group, 'password_protected_password', array( $this, 'sanitize_password_protected_password' ) );
138
  register_setting( $this->options_group, 'password_protected_allowed_ip_addresses', array( $this, 'sanitize_ip_addresses' ) );
 
 
139
 
140
  }
141
 
@@ -228,6 +247,7 @@ class Password_Protected_Admin {
228
  echo '<label><input name="password_protected_administrators" id="password_protected_administrators" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_administrators' ), false ) . ' /> ' . __( 'Allow Administrators', 'password-protected' ) . '</label>';
229
  echo '<label><input name="password_protected_users" id="password_protected_users" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_users' ), false ) . ' style="margin-left: 20px;" /> ' . __( 'Allow Logged In Users', 'password-protected' ) . '</label>';
230
  echo '<label><input name="password_protected_feeds" id="password_protected_feeds" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_feeds' ), false ) . ' style="margin-left: 20px;" /> ' . __( 'Allow RSS Feeds', 'password-protected' ) . '</label>';
 
231
 
232
  }
233
 
@@ -251,6 +271,24 @@ class Password_Protected_Admin {
251
 
252
  }
253
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
254
  /**
255
  * Pre-update 'password_protected_password' Option
256
  *
@@ -289,7 +327,7 @@ class Password_Protected_Admin {
289
 
290
  if ( 'password-protected/password-protected.php' == $plugin_file ) {
291
  $plugin_meta[] = sprintf( '<a href="%s">%s</a>', __( 'http://github.com/benhuson/password-protected', 'password-protected' ), __( 'GitHub', 'password-protected' ) );
292
- $plugin_meta[] = sprintf( '<a href="%s">%s</a>', __( 'https://www.transifex.com/projects/p/password-protected/resource/password-protected/', 'password-protected' ), __( 'Translate', 'password-protected' ) );
293
  }
294
 
295
  return $plugin_meta;
@@ -371,7 +409,7 @@ class Password_Protected_Admin {
371
  * Checks wether the admin is displaying a specific screen.
372
  *
373
  * @param string|array $screen_id Admin screen ID(s).
374
- * @return boolean
375
  */
376
  public function is_current_screen( $screen_id ) {
377
 
130
  'password_protected'
131
  );
132
 
133
+ add_settings_field(
134
+ 'password_protected_remember_me',
135
+ __( 'Allow Remember me', 'password-protected' ),
136
+ array( $this, 'password_protected_remember_me_field' ),
137
+ $this->options_group,
138
+ 'password_protected'
139
+ );
140
+
141
+ add_settings_field(
142
+ 'password_protected_remember_me_lifetime',
143
+ __( 'Remember for this many days', 'password-protected' ),
144
+ array( $this, 'password_protected_remember_me_lifetime_field' ),
145
+ $this->options_group,
146
+ 'password_protected'
147
+ );
148
+
149
  register_setting( $this->options_group, 'password_protected_status', 'intval' );
150
  register_setting( $this->options_group, 'password_protected_feeds', 'intval' );
151
+ register_setting( $this->options_group, 'password_protected_rest', 'intval' );
152
  register_setting( $this->options_group, 'password_protected_administrators', 'intval' );
153
  register_setting( $this->options_group, 'password_protected_users', 'intval' );
154
  register_setting( $this->options_group, 'password_protected_password', array( $this, 'sanitize_password_protected_password' ) );
155
  register_setting( $this->options_group, 'password_protected_allowed_ip_addresses', array( $this, 'sanitize_ip_addresses' ) );
156
+ register_setting( $this->options_group, 'password_protected_remember_me', 'boolval' );
157
+ register_setting( $this->options_group, 'password_protected_remember_me_lifetime', 'intval' );
158
 
159
  }
160
 
247
  echo '<label><input name="password_protected_administrators" id="password_protected_administrators" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_administrators' ), false ) . ' /> ' . __( 'Allow Administrators', 'password-protected' ) . '</label>';
248
  echo '<label><input name="password_protected_users" id="password_protected_users" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_users' ), false ) . ' style="margin-left: 20px;" /> ' . __( 'Allow Logged In Users', 'password-protected' ) . '</label>';
249
  echo '<label><input name="password_protected_feeds" id="password_protected_feeds" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_feeds' ), false ) . ' style="margin-left: 20px;" /> ' . __( 'Allow RSS Feeds', 'password-protected' ) . '</label>';
250
+ echo '<label><input name="password_protected_rest" id="password_protected_rest" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_rest' ), false ) . ' style="margin-left: 20px;" /> ' . __( 'Allow REST API Access', 'password-protected' ) . '</label>';
251
 
252
  }
253
 
271
 
272
  }
273
 
274
+ /**
275
+ * Remember Me Field
276
+ */
277
+ public function password_protected_remember_me_field() {
278
+
279
+ echo '<label><input name="password_protected_remember_me" id="password_protected_remember_me" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_remember_me' ), false ) . ' /></label>';
280
+
281
+ }
282
+
283
+ /**
284
+ * Remember Me lifetime field
285
+ */
286
+ public function password_protected_remember_me_lifetime_field() {
287
+
288
+ echo '<label><input name="password_protected_remember_me_lifetime" id="password_protected_remember_me_lifetime" type="number" value="' . get_option( 'password_protected_remember_me_lifetime', 14 ) . '" /></label>';
289
+
290
+ }
291
+
292
  /**
293
  * Pre-update 'password_protected_password' Option
294
  *
327
 
328
  if ( 'password-protected/password-protected.php' == $plugin_file ) {
329
  $plugin_meta[] = sprintf( '<a href="%s">%s</a>', __( 'http://github.com/benhuson/password-protected', 'password-protected' ), __( 'GitHub', 'password-protected' ) );
330
+ $plugin_meta[] = sprintf( '<a href="%s">%s</a>', __( 'https://translate.wordpress.org/projects/wp-plugins/password-protected', 'password-protected' ), __( 'Translate', 'password-protected' ) );
331
  }
332
 
333
  return $plugin_meta;
409
  * Checks wether the admin is displaying a specific screen.
410
  *
411
  * @param string|array $screen_id Admin screen ID(s).
412
+ * @return boolean
413
  */
414
  public function is_current_screen( $screen_id ) {
415
 
password-protected.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin Name: Password Protected
5
  Plugin URI: https://wordpress.org/plugins/password-protected/
6
  Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work with some caching setups.
7
- Version: 2.1
8
  Author: Ben Huson
9
  Text Domain: password-protected
10
  Author URI: http://github.com/benhuson/password-protected/
@@ -15,7 +15,7 @@ License: GPLv2
15
  Copyright 2012 Ben Huson (email : ben@thewhiteroom.net)
16
 
17
  This program is free software; you can redistribute it and/or modify
18
- it under the terms of the GNU General Public License, version 2, as
19
  published by the Free Software Foundation.
20
 
21
  This program is distributed in the hope that it will be useful,
@@ -42,7 +42,7 @@ $Password_Protected = new Password_Protected();
42
 
43
  class Password_Protected {
44
 
45
- var $version = '2.1';
46
  var $admin = null;
47
  var $errors = null;
48
 
@@ -67,12 +67,15 @@ class Password_Protected {
67
  add_filter( 'pre_option_password_protected_status', array( $this, 'allow_feeds' ) );
68
  add_filter( 'pre_option_password_protected_status', array( $this, 'allow_administrators' ) );
69
  add_filter( 'pre_option_password_protected_status', array( $this, 'allow_users' ) );
 
70
  add_action( 'init', array( $this, 'compat' ) );
71
  add_action( 'password_protected_login_messages', array( $this, 'login_messages' ) );
72
  add_action( 'login_enqueue_scripts', array( $this, 'load_theme_stylesheet' ), 5 );
73
 
74
  add_shortcode( 'password_protected_logout_link', array( $this, 'logout_link_shortcode' ) );
75
 
 
 
76
  if ( is_admin() ) {
77
 
78
  include_once( dirname( __FILE__ ) . '/admin/admin-caching.php' );
@@ -101,7 +104,7 @@ class Password_Protected {
101
 
102
  if ( $this->is_active() && ! defined( 'DONOTCACHEPAGE' ) ) {
103
  define( 'DONOTCACHEPAGE', true );
104
- }
105
 
106
  }
107
 
@@ -242,6 +245,17 @@ class Password_Protected {
242
 
243
  }
244
 
 
 
 
 
 
 
 
 
 
 
 
245
  /**
246
  * Encrypt Password
247
  *
@@ -286,9 +300,15 @@ class Password_Protected {
286
  $pwd = get_option( 'password_protected_password' );
287
 
288
  // If correct password...
289
- if ( ( $this->encrypt_password( $password_protected_pwd ) == $pwd && $pwd != '' ) || apply_filters( 'password_protected_process_login', false, $password_protected_pwd ) ) {
290
 
291
- $this->set_auth_cookie();
 
 
 
 
 
 
292
  $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
293
  $redirect_to = apply_filters( 'password_protected_login_redirect', $redirect_to );
294
 
@@ -548,15 +568,19 @@ class Password_Protected {
548
  public function parse_auth_cookie( $cookie = '', $scheme = '' ) {
549
 
550
  if ( empty( $cookie ) ) {
 
551
  $cookie_name = $this->cookie_name();
552
-
553
- if ( empty( $_COOKIE[$cookie_name] ) ) {
554
  return false;
555
  }
556
- $cookie = $_COOKIE[$cookie_name];
 
 
557
  }
558
 
559
  $cookie_elements = explode( '|', $cookie );
 
560
  if ( count( $cookie_elements ) != 3 ) {
561
  return false;
562
  }
@@ -578,9 +602,11 @@ class Password_Protected {
578
  public function set_auth_cookie( $remember = false, $secure = '') {
579
 
580
  if ( $remember ) {
581
- $expiration = $expire = current_time( 'timestamp' ) + apply_filters( 'password_protected_auth_cookie_expiration', 1209600, $remember );
 
582
  } else {
583
- $expiration = current_time( 'timestamp' ) + apply_filters( 'password_protected_auth_cookie_expiration', 172800, $remember );
 
584
  $expire = 0;
585
  }
586
 
@@ -632,7 +658,7 @@ class Password_Protected {
632
  if ( ! empty( $pwd ) ) {
633
  $new_pwd = $this->encrypt_password( $pwd );
634
  update_option( 'password_protected_password', $new_pwd );
635
- }
636
  }
637
 
638
  update_option( 'password_protected_version', $this->version );
@@ -684,9 +710,9 @@ class Password_Protected {
684
  $severity = $this->errors->get_error_data( $code );
685
  foreach ( $this->errors->get_error_messages( $code ) as $error ) {
686
  if ( 'message' == $severity ) {
687
- $messages .= ' ' . $error . "<br />\n";
688
  } else {
689
- $errors .= ' ' . $error . "<br />\n";
690
  }
691
  }
692
  }
@@ -707,7 +733,7 @@ class Password_Protected {
707
  *
708
  * Check wether a 'password-protected-login.css' stylesheet exists in your theme
709
  * and if so loads it.
710
- *
711
  * Works with child themes.
712
  *
713
  * Possible to specify a different file in the theme folder via the
@@ -764,4 +790,21 @@ class Password_Protected {
764
 
765
  }
766
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
767
  }
4
  Plugin Name: Password Protected
5
  Plugin URI: https://wordpress.org/plugins/password-protected/
6
  Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work with some caching setups.
7
+ Version: 2.2
8
  Author: Ben Huson
9
  Text Domain: password-protected
10
  Author URI: http://github.com/benhuson/password-protected/
15
  Copyright 2012 Ben Huson (email : ben@thewhiteroom.net)
16
 
17
  This program is free software; you can redistribute it and/or modify
18
+ it under the terms of the GNU General Public License, version 2, as
19
  published by the Free Software Foundation.
20
 
21
  This program is distributed in the hope that it will be useful,
42
 
43
  class Password_Protected {
44
 
45
+ var $version = '2.2';
46
  var $admin = null;
47
  var $errors = null;
48
 
67
  add_filter( 'pre_option_password_protected_status', array( $this, 'allow_feeds' ) );
68
  add_filter( 'pre_option_password_protected_status', array( $this, 'allow_administrators' ) );
69
  add_filter( 'pre_option_password_protected_status', array( $this, 'allow_users' ) );
70
+ add_filter( 'rest_authentication_errors', array( $this, 'only_allow_logged_in_rest_access' ) );
71
  add_action( 'init', array( $this, 'compat' ) );
72
  add_action( 'password_protected_login_messages', array( $this, 'login_messages' ) );
73
  add_action( 'login_enqueue_scripts', array( $this, 'load_theme_stylesheet' ), 5 );
74
 
75
  add_shortcode( 'password_protected_logout_link', array( $this, 'logout_link_shortcode' ) );
76
 
77
+ include_once( dirname( __FILE__ ) . '/admin/admin-bar.php' );
78
+
79
  if ( is_admin() ) {
80
 
81
  include_once( dirname( __FILE__ ) . '/admin/admin-caching.php' );
104
 
105
  if ( $this->is_active() && ! defined( 'DONOTCACHEPAGE' ) ) {
106
  define( 'DONOTCACHEPAGE', true );
107
+ }
108
 
109
  }
110
 
245
 
246
  }
247
 
248
+ /**
249
+ * Allow the remember me function
250
+ *
251
+ * @return. boolean
252
+ */
253
+ public function allow_remember_me() {
254
+
255
+ return (bool) get_option( 'password_protected_remember_me' );
256
+
257
+ }
258
+
259
  /**
260
  * Encrypt Password
261
  *
300
  $pwd = get_option( 'password_protected_password' );
301
 
302
  // If correct password...
303
+ if ( ( hash_equals( $pwd, $this->encrypt_password( $password_protected_pwd ) ) && $pwd != '' ) || apply_filters( 'password_protected_process_login', false, $password_protected_pwd ) ) {
304
 
305
+ $remember = isset( $_REQUEST['password_protected_rememberme'] ) ? boolval( $_REQUEST['password_protected_rememberme'] ) : false;
306
+
307
+ if ( ! $this->allow_remember_me() ) {
308
+ $remember = false;
309
+ }
310
+
311
+ $this->set_auth_cookie( $remember );
312
  $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
313
  $redirect_to = apply_filters( 'password_protected_login_redirect', $redirect_to );
314
 
568
  public function parse_auth_cookie( $cookie = '', $scheme = '' ) {
569
 
570
  if ( empty( $cookie ) ) {
571
+
572
  $cookie_name = $this->cookie_name();
573
+
574
+ if ( empty( $_COOKIE[ $cookie_name ] ) ) {
575
  return false;
576
  }
577
+
578
+ $cookie = $_COOKIE[ $cookie_name ];
579
+
580
  }
581
 
582
  $cookie_elements = explode( '|', $cookie );
583
+
584
  if ( count( $cookie_elements ) != 3 ) {
585
  return false;
586
  }
602
  public function set_auth_cookie( $remember = false, $secure = '') {
603
 
604
  if ( $remember ) {
605
+ $expiration_time = apply_filters( 'password_protected_auth_cookie_expiration', get_option( 'password_protected_remember_me_lifetime', 14 ) * DAY_IN_SECONDS, $remember );
606
+ $expiration = $expire = current_time( 'timestamp' ) + $expiration_time;
607
  } else {
608
+ $expiration_time + apply_filters( 'password_protected_auth_cookie_expiration', DAY_IN_SECONDS * 20, $remember );
609
+ $expiration = current_time( 'timestamp' ) + $expiration_time;
610
  $expire = 0;
611
  }
612
 
658
  if ( ! empty( $pwd ) ) {
659
  $new_pwd = $this->encrypt_password( $pwd );
660
  update_option( 'password_protected_password', $new_pwd );
661
+ }
662
  }
663
 
664
  update_option( 'password_protected_version', $this->version );
710
  $severity = $this->errors->get_error_data( $code );
711
  foreach ( $this->errors->get_error_messages( $code ) as $error ) {
712
  if ( 'message' == $severity ) {
713
+ $messages .= $error . '<br />';
714
  } else {
715
+ $errors .= $error . '<br />';
716
  }
717
  }
718
  }
733
  *
734
  * Check wether a 'password-protected-login.css' stylesheet exists in your theme
735
  * and if so loads it.
736
+ *
737
  * Works with child themes.
738
  *
739
  * Possible to specify a different file in the theme folder via the
790
 
791
  }
792
 
793
+ /**
794
+ * Check whether a given request has permissions
795
+ *
796
+ * @param WP_REST_Request $access Full details about the request.
797
+ * @return WP_Error|boolean
798
+ */
799
+ public function only_allow_logged_in_rest_access( $access ) {
800
+
801
+ // If user is not logged in
802
+ if ( ! $this->is_user_logged_in() && ! (bool) get_option( 'password_protected_rest' ) ) {die();
803
+ return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the REST API.', 'password-protected' ), array( 'status' => rest_authorization_required_code() ) );
804
+ }
805
+
806
+ return $access;
807
+
808
+ }
809
+
810
  }
readme.txt CHANGED
@@ -2,10 +2,10 @@
2
  Contributors: husobj
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DXRJDNCMK9U3N
4
  Tags: password, protect, password protect, login
5
- Requires at least: 3.5
6
- Tested up to: 4.8
7
  Requires PHP: 5.6
8
- Stable tag: 2.1
9
  License: GPLv2 or later
10
 
11
  A very simple way to quickly password protect your WordPress site with a single password.
@@ -82,7 +82,12 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
82
 
83
  == Changelog ==
84
 
85
- = Unreleased =
 
 
 
 
 
86
 
87
  = 2.1 =
88
  * Update caching notes for WP Engine and W3 Total Cache plugin.
@@ -187,6 +192,9 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
187
 
188
  == Upgrade Notice ==
189
 
 
 
 
190
  = 2.1 =
191
  Update caching notes for WP Engine and W3 Total Cache plugin.
192
 
2
  Contributors: husobj
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DXRJDNCMK9U3N
4
  Tags: password, protect, password protect, login
5
+ Requires at least: 3.9
6
+ Tested up to: 4.9.6
7
  Requires PHP: 5.6
8
+ Stable tag: 2.2
9
  License: GPLv2 or later
10
 
11
  A very simple way to quickly password protect your WordPress site with a single password.
82
 
83
  == Changelog ==
84
 
85
+ = 2.2 =
86
+ * Added admin bar icon to indicate wether password protection is enabled/disabled.
87
+ * Option to show "Remember me" checkbox. Props [Christian Güdel](https://github.com/cguedel).
88
+ * REST API access disabled if password not entered.
89
+ * Admin option to allow REST API access.
90
+ * More robust checking of password hashes.
91
 
92
  = 2.1 =
93
  * Update caching notes for WP Engine and W3 Total Cache plugin.
192
 
193
  == Upgrade Notice ==
194
 
195
+ = 2.2 =
196
+ Added admin bar icon to indicate wether password protection is enabled/disabled and disable REST API access (admin option to allow).
197
+
198
  = 2.1 =
199
  Update caching notes for WP Engine and W3 Total Cache plugin.
200
 
theme/password-protected-login.php CHANGED
@@ -107,9 +107,13 @@ do_action( 'password_protected_login_head' );
107
  <label for="password_protected_pass"><?php _e( 'Password', 'password-protected' ) ?><br />
108
  <input type="password" name="password_protected_pwd" id="password_protected_pass" class="input" value="" size="20" tabindex="20" /></label>
109
  </p>
110
- <!--
111
- <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90"<?php checked( ! empty( $_POST['rememberme'] ) ); ?> /> <?php esc_attr_e( 'Remember Me', 'password-protected' ); ?></label></p>
112
- -->
 
 
 
 
113
  <p class="submit">
114
  <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In', 'password-protected' ); ?>" tabindex="100" />
115
  <input type="hidden" name="testcookie" value="1" />
107
  <label for="password_protected_pass"><?php _e( 'Password', 'password-protected' ) ?><br />
108
  <input type="password" name="password_protected_pwd" id="password_protected_pass" class="input" value="" size="20" tabindex="20" /></label>
109
  </p>
110
+
111
+ <?php if ( $Password_Protected->allow_remember_me() ) : ?>
112
+ <p class="forgetmenot">
113
+ <label for="password_protected_rememberme"><input name="password_protected_rememberme" type="checkbox" id="password_protected_rememberme" value="1" tabindex="90" /> <?php esc_attr_e( 'Remember Me', 'password-protected' ); ?></label>
114
+ </p>
115
+ <?php endif; ?>
116
+
117
  <p class="submit">
118
  <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In', 'password-protected' ); ?>" tabindex="100" />
119
  <input type="hidden" name="testcookie" value="1" />