Restricted Site Access - Version 2.0

Version Description

Download this release

Release Info

Developer jakemgold
Plugin Icon 128x128 Restricted Site Access
Version 2.0
Comparing to
See all releases

Code changes from version 1.0.2 to 2.0

Files changed (3) hide show
  1. readme.txt +12 -9
  2. restricted_site_access.php +259 -97
  3. screenshot-1.png +0 -0
readme.txt CHANGED
@@ -1,10 +1,10 @@
1
  === Restricted Site Access ===
2
- Contributors: Jacob M Goldman (C. Murray Consulting)
3
  Donate link: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
4
  Tags: restricted, limited, permissions, security
5
  Requires at least: 2.8
6
- Tested up to: 2.8.4
7
- Stable tag: 1.0.2
8
 
9
  Limit access to your site to visitors who are logged in or accessing the site from a set of specific IP addresses.
10
  Send restricted visitors to the log in page, redirect them, or display a message. Powerful control over
@@ -22,15 +22,17 @@ It includes an easy to use configuration panel inside the WordPress settings men
22
 
23
  1. Enable and disable access restriction at will
24
  2. Change the restriction behavior: send to login, redirect, or display a message.
25
- 3. Add IP addresses not subject to restriction.
26
  4. Quickly add your current IP to the restriction list.
27
  5. Control the redirect location.
28
  6. Choose to redirect visitors to the same path that they entered the current site on
29
  7. Choose the HTTP redirect message for SEO friendliness
30
 
31
- *1.01 is an important update* that improves the fundamental logic pertaining to which areas of the site are restricted.
32
- The old approach had several subtle, but problematic side effects, which could include blocking scheduled (cron)
33
- events, not passing the "entry" permalink correctly, and similar subtle issues.
 
 
34
 
35
 
36
  == Installation ==
@@ -52,6 +54,8 @@ v1.0.1 - Important fundamental change related to handling of what should be rest
52
 
53
  v1.0.2 - Fix login redirect to home; improve redirect handling to take advantage of wp_redirect function
54
 
 
 
55
 
56
  == Coming soon ==
57
 
@@ -59,5 +63,4 @@ Planned enhancements:
59
 
60
  1. Customize restricted access message
61
  2. Restriction based on user level (vs is logged in)
62
- 3. Exclude pages or posts from restrictions
63
- 4. Enter IP ranges
1
  === Restricted Site Access ===
2
+ Contributors: Jacob M Goldman (C. Murray Consulting), Eric Buth
3
  Donate link: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
4
  Tags: restricted, limited, permissions, security
5
  Requires at least: 2.8
6
+ Tested up to: 2.9.1
7
+ Stable tag: 2.0
8
 
9
  Limit access to your site to visitors who are logged in or accessing the site from a set of specific IP addresses.
10
  Send restricted visitors to the log in page, redirect them, or display a message. Powerful control over
22
 
23
  1. Enable and disable access restriction at will
24
  2. Change the restriction behavior: send to login, redirect, or display a message.
25
+ 3. Add IP addresses not subject to restriction, including ranges.
26
  4. Quickly add your current IP to the restriction list.
27
  5. Control the redirect location.
28
  6. Choose to redirect visitors to the same path that they entered the current site on
29
  7. Choose the HTTP redirect message for SEO friendliness
30
 
31
+ Version 2.0 is a major update. In addition to adding IP range support, there are significant UI and usability
32
+ improvements, and many other under the hood improvements to the code base.
33
+
34
+ Requires PHP 5.1+ to support IPv6 ranges. Download version 1.0.2 if IP ranges are not needed and the host is not
35
+ running PHP 5.1 or newer.
36
 
37
 
38
  == Installation ==
54
 
55
  v1.0.2 - Fix login redirect to home; improve redirect handling to take advantage of wp_redirect function
56
 
57
+ v2.0 - Add support for IP ranges courtesy Eric Buth; major UI changes and improvements; major code improvements
58
+
59
 
60
  == Coming soon ==
61
 
63
 
64
  1. Customize restricted access message
65
  2. Restriction based on user level (vs is logged in)
66
+ 3. Exclude pages or posts from restrictions
 
restricted_site_access.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Restricted Site Access
4
  Plugin URI: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
5
  Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message. <strong>Powerful control over redirection</strong>, with option to send to same path and send <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6
- Version: 1.0.2
7
  Author: Jacob M Goldman (C. Murray Consulting)
8
  Author URI: http://www.cmurrayconsulting.com
9
 
@@ -24,26 +24,75 @@
24
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
25
  */
26
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
27
 
28
- //*********//
29
- //PLUG INIT//
30
- //*********//
 
 
31
  function rsa_admin_init() {
32
- register_setting('rsa-options', 'rsa_is_active');
33
- register_setting('rsa-options', 'rsa_allowed_ips');
34
- register_setting('rsa-options', 'rsa_restrict_approach');
35
- /*
36
- 1: send to login page
37
- 2: redirect to URL
38
- 3: show restricted access message and exit
39
- */
40
- register_setting('rsa-options', 'rsa_redirect_path');
41
- register_setting('rsa-options', 'rsa_redirect_url');
42
- register_setting('rsa-options', 'rsa_redirect_head');
43
  }
 
44
  add_action( 'admin_init', 'rsa_admin_init' );
45
 
46
- function rsa_plugin_actlinks( $links ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
47
  // Add a link to this plugin's settings page
48
  $plugin = plugin_basename(__FILE__);
49
  $settings_link = sprintf( '<a href="options-general.php?page=%s">%s</a>', $plugin, __('Settings') );
@@ -52,19 +101,54 @@ function rsa_plugin_actlinks( $links ) {
52
  }
53
  if(is_admin()) add_filter("plugin_action_links_".$plugin, 'rsa_plugin_actlinks' );
54
 
55
- //*******************//
56
- //***CORE FUNCTION***//
57
- //*******************//
58
-
59
- function restricted_site_access() {
 
 
60
  //logged in users can stay, can stay if plug-in not active
61
- if (is_user_logged_in() || get_option('rsa_is_active') != 1) return false;
62
  //if we're not on a front end page, stay put
63
  if (!is_singular() && !is_archive() && !is_feed() && !is_home()) return false;
64
- //check if the IP is allowed
65
- if (strstr(get_option('rsa_allowed_ips'),$_SERVER['REMOTE_ADDR'])) return false;
66
 
67
- $rsa_restrict_approach = intval(get_option('rsa_restrict_approach'));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
68
  switch ($rsa_restrict_approach) {
69
  case 1:
70
  $new_url = (is_home()) ? get_bloginfo("url") : get_permalink();
@@ -72,19 +156,13 @@ function restricted_site_access() {
72
  exit;
73
  case 2:
74
  // get base url
75
- $rsa_redirect_url = get_option('rsa_redirect_url');
76
  if (!$rsa_redirect_url) return false;
77
 
78
  // if redirecting to same path get info
79
- if(get_option('rsa_redirect_path') == 1) $rsa_redirect_url = $rsa_redirect_url.$_SERVER["REQUEST_URI"];
80
 
81
- $rsa_redirect_head = get_option('rsa_redirect_head');
82
-
83
- //backwards compability for WordPress upgrades from 1.0.1 and earlier
84
- if (strlen($rsa_redirect_head) > 3) {
85
- $rsa_redirect_head = substr($rsa_redirect_head, 0, 3);
86
- update_option("rsa_redirect_head",$rsa_redirect_head);
87
- }
88
  $rsa_redirect_head = (!$rsa_redirect_head) ? 302 : intval($rsa_redirect_head);
89
 
90
  wp_redirect($rsa_redirect_url, $rsa_redirect_head);
@@ -102,15 +180,33 @@ if(!is_admin()) add_action('wp','restricted_site_access');
102
  function rsa_options() {
103
  ?>
104
  <script type="text/javascript" language="javascript">
105
- function add_my_ip() {
106
- var rsa_allowed_ips = jQuery('#rsa_allowed_ips').val() + ' <?php echo $_SERVER['REMOTE_ADDR']; ?>';
107
- jQuery('#rsa_allowed_ips').val(jQuery.trim(rsa_allowed_ips));
108
- return false;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
109
  }
110
 
111
  function change_approach(approach_choice) {
112
- if (approach_choice == 2) jQuery("tr.redirect_field").fadeIn(500);
113
- else jQuery("tr.redirect_field").fadeOut(500);
114
  }
115
 
116
  function check_redirect() {
@@ -130,11 +226,19 @@ function rsa_options() {
130
  }
131
  </script>
132
  <div class="wrap">
 
133
  <h2>Restricted Site Access Configuration</h2>
 
 
 
 
 
 
 
134
 
135
  <div id="poststuff" style="margin-top: 20px;">
136
 
137
- <div class="postbox" style="width: 215px; min-width: 215px; float: right;">
138
  <h3 class="hndle">Support us</h3>
139
  <div class="inside">
140
  <p>Help support continued development of Restricted Site Access and our other plugins.</p>
@@ -150,63 +254,91 @@ function rsa_options() {
150
  </div>
151
 
152
  <form method="post" action="options.php" onsubmit="return check_redirect();">
153
- <?php settings_fields('rsa-options'); ?>
154
- <div class="postbox" style="width: 350px;">
155
- <h3 class="hndle">Options</h3>
156
- <div class="inside">
157
- <table class="form-table" style="clear: none;">
158
- <tr valign="top">
159
- <th scope="row" valign="top">Restrict access [<a href="#" onclick="alert('Activates the plug-in and restriction rules.'); return false;" style="cursor: help;">?</a>]</th>
160
- <td style="padding: 10px;"><input type="checkbox" name="rsa_is_active" value="1" id="rsa_is_active"<?php if (get_option('rsa_is_active')) { echo ' checked="true"'; } ?> /></td>
161
- </tr>
162
- <tr valign="top">
163
- <th scope="row" style="vertical-align: middle;">Restriction Handling [<a href="#" onclick="alert('Choose the method for handling visitors who do not have access. You may send them to the login page for the current site, redirect them, or simply output a message indicating that the site is restricted.'); return false;" style="cursor: help;">?</a>]</th>
164
- <td style="padding: 10px;">
165
- <select name="rsa_restrict_approach" id="rsa_restrict_approach" onchange="change_approach(selectedIndex);">
166
- <?php $rsa_restrict_approach = intval(get_option('rsa_restrict_approach')); ?>
167
- <option value="0"<?php if (!$rsa_restrict_approach) echo ' selected="selected"'; ?>>Select handling</option>
168
- <option value="1"<?php if ($rsa_restrict_approach == 1) echo ' selected="selected"'; ?>>Send to login page</option>
169
- <option value="2"<?php if ($rsa_restrict_approach == 2) echo ' selected="selected"'; ?>>Redirect visitor</option>
170
- <option value="3"<?php if ($rsa_restrict_approach == 3) echo ' selected="selected"'; ?>>Display message</option>
171
- </select>
172
- </td>
173
- </tr>
174
- <tr valign="top">
175
- <th scope="row" style="padding-top: 15px;">Allowed IPs [<a href="#" onclick="alert('Enter WAN IP addresses that are allowed access without logging in into this field. Best practice is to seperate IPs with a space, line break, comma, or semicolon. You may leave this field blank to restrict all IPs.'); return false;" style="cursor: help;">?</a>]</th>
176
- <td style="padding: 10px;">
177
- <textarea name="rsa_allowed_ips" id="rsa_allowed_ips" rows="5" style="width: 100%;"><?php echo get_option('rsa_allowed_ips'); ?></textarea>
178
- <small>&nbsp; <a href="#" onclick="return add_my_ip();">add my current IP</a></small>
179
- </td>
180
- </tr>
181
-
182
- <tr valign="top" class="redirect_field"<?php if ($rsa_restrict_approach != 2) echo ' style="display: none;"'; ?>>
183
- <th scope="row" style="vertical-align: middle;">Redirect to [<a href="#" onclick="alert('Enter the URL that the visitor should be redirected to.'); return false;" style="cursor: help;">?</a>]</th>
184
- <td style="padding: 10px;"><input type="text" name="rsa_redirect_url" id="rsa_redirect_url" value="<?php echo get_option('rsa_redirect_url'); ?>" style="width: 100%;" /></td>
185
- </tr>
186
- <tr valign="top" class="redirect_field"<?php if ($rsa_restrict_approach != 2) echo ' style="display: none;"'; ?>>
187
- <th scope="row" valign="top" style="padding-top: 0;"><em>...with same path</em> [<a href="#" onclick="alert('If you would like to redirect the visitor to the same path (URI) he or she entered this site at (the rest of the URL after the base URL), check this option. This is typically used when there are two, very similar sites at different public web addresses; for instance, a development server open to the Internet but not intended for the public.'); return false;" style="cursor: help;">?</a>]</th>
188
- <td style="padding-top: 0;"><input type="checkbox" name="rsa_redirect_path" value="1" id="rsa_redirect_path"<?php if (get_option('rsa_redirect_path')) { echo ' checked="true"'; } ?> /></td>
189
- </tr>
190
- <tr valign="top" class="redirect_field"<?php if ($rsa_restrict_approach != 2) echo ' style="display: none;"'; ?>>
191
- <th scope="row" style="vertical-align: middle; padding-top: 0;">Redirect type header [<a href="#" onclick="alert('Redirect type headers can provide certain visitors, particularly search engines, more information about the nature of the redirect. A 301 redirect tells search engines that the page has moved permanently to the new location. 307 indicates a temporary redirect. 302 is an undefined redirect.'); return false;" style="cursor: help;">?</a>]</th>
192
- <td style="padding-top: 0;">
193
- <select name="rsa_redirect_head" id="rsa_redirect_head">
194
- <?php $rsa_redirect_head = get_option('rsa_redirect_head'); ?>
195
- <option value="301"<?php if ($rsa_redirect_head == "301") echo ' selected="selected"'; ?>>301 Permanent</option>
196
- <option value="302"<?php if ($rsa_redirect_head == "302" || !$rsa_redirect_head) echo ' selected="selected"'; ?>>302 Undefined</option>
197
- <option value="307"<?php if ($rsa_redirect_head == "307") echo ' selected="selected"'; ?>>307 Temporary</option>
198
- </select>
199
- </td>
200
- </tr>
201
- </table>
202
- </div>
203
- </div>
204
 
205
- <input type="hidden" name="action" value="update" />
206
- <input type="hidden" name="page_options" value="rsa_is_active,rsa_restrict_approach,rsa_allowed_ips,rsa_redirect_path,rsa_redirect_head" />
207
 
208
- <p><input type="submit" class="button-primary" value="<?php _e('Save Changes') ?>" /></p>
209
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
210
  </form>
211
  </div>
212
  </div>
@@ -214,7 +346,37 @@ function rsa_options() {
214
  }
215
 
216
  function rsa_admin_menu() {
217
- add_options_page('Restricted Site Access Configuration', 'Restricted Access', 8, __FILE__, 'rsa_options');
 
218
  }
219
  add_action('admin_menu', 'rsa_admin_menu');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
220
  ?>
3
  Plugin Name: Restricted Site Access
4
  Plugin URI: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
5
  Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message. <strong>Powerful control over redirection</strong>, with option to send to same path and send <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6
+ Version: 2.0
7
  Author: Jacob M Goldman (C. Murray Consulting)
8
  Author URI: http://www.cmurrayconsulting.com
9
 
24
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
25
  */
26
 
27
+ /**
28
+ * rsa_activation() handles plugin activation and conversion of pre 1.1 config options
29
+ */
30
+ function rsa_activation()
31
+ {
32
+ if (get_option('rsa_restrict_approach'))
33
+ {
34
+ //convert textarea ips to array
35
+ $allowed = get_option('rsa_allowed_ips');
36
+ $arrAllowed = array();
37
+ if (!empty($allowed)) {
38
+ foreach(preg_split('/\s+/', $$allowed) as $ip) $arrAllowed[] = $ip;
39
+ if (empty($arrAllowed)) $arrAllowed[] = $allowed;
40
+ }
41
+
42
+ $rsa_options = array(
43
+ 'active' => (get_option('rsa_is_active')),
44
+ 'allowed' => $arrAllowed,
45
+ 'approach' => (get_option('rsa_restrict_approach')),
46
+ /*
47
+ 1: send to login page
48
+ 2: redirect to URL
49
+ 3: show restricted access message and exit
50
+ */
51
+ 'redirect_path' => (get_option('rsa_redirect_path')),
52
+ 'redirect_url' => (get_option('rsa_redirect_url')),
53
+ 'head_code' => (get_option('rsa_redirect_head'))
54
+ );
55
+ update_option('rsa_options',$rsa_options);
56
+
57
+ delete_option('rsa_is_active');
58
+ delete_option('rsa_allowed_ips');
59
+ delete_option('rsa_restrict_approach');
60
+ delete_option('rsa_redirect_path');
61
+ delete_option('rsa_redirect_url');
62
+ delete_option('rsa_redirect_head');
63
+ }
64
+ }
65
 
66
+ register_activation_hook(__FILE__,'rsa_activation');
67
+
68
+ /**
69
+ * rsa_admin_init() initializes plugin settings
70
+ */
71
  function rsa_admin_init() {
72
+ register_setting('restricted_site_access_options','rsa_options','rsa_validate'); //array of fundamental options including ID and caching info
 
 
 
 
 
 
 
 
 
 
73
  }
74
+
75
  add_action( 'admin_init', 'rsa_admin_init' );
76
 
77
+ /**
78
+ * rsa_validate() handles validation of settings
79
+ */
80
+ function rsa_validate($input)
81
+ {
82
+ $input['active'] = ($input['active'] == 1) ? 1 : 0;
83
+ $input['approach'] = intval($input['approach']);
84
+ if ($input['approach'] > 3 || $input['approach'] < 0) $input['approach'] = 0;
85
+ $input['redirect_path'] = ($input['redirect_path'] == 1) ? 1 : 0;
86
+ if ($input['head_code'] != '301' && $input['head_code'] != '302' && $input['head_code'] != '307') $input['head_code'] = '302';
87
+
88
+ return $input;
89
+ }
90
+
91
+ /**
92
+ * rsa_plugin_actlinks() adds direct settings link to plug-in page
93
+ */
94
+ function rsa_plugin_actlinks( $links )
95
+ {
96
  // Add a link to this plugin's settings page
97
  $plugin = plugin_basename(__FILE__);
98
  $settings_link = sprintf( '<a href="options-general.php?page=%s">%s</a>', $plugin, __('Settings') );
101
  }
102
  if(is_admin()) add_filter("plugin_action_links_".$plugin, 'rsa_plugin_actlinks' );
103
 
104
+ /**
105
+ * restricted_site_access() is the core function that blocks a page if appropriate
106
+ */
107
+ function restricted_site_access()
108
+ {
109
+ $rsa_options = get_option('rsa_options');
110
+
111
  //logged in users can stay, can stay if plug-in not active
112
+ if (is_user_logged_in() || !$rsa_options['active']) return false;
113
  //if we're not on a front end page, stay put
114
  if (!is_singular() && !is_archive() && !is_feed() && !is_home()) return false;
 
 
115
 
116
+ // check for the allow list, if its empty block everything
117
+ if(($list = $rsa_options['allowed']) && function_exists('inet_pton'))
118
+ {
119
+ $remote_ip = $_SERVER['REMOTE_ADDR']; //save the remote ip
120
+ if(strpos($remote_ip, '.')) $remote_ip = str_replace('::ffff:', '', $remote_ip); //handle dual-stack addresses
121
+ $remote_ip = inet_pton($remote_ip); //parse the remote ip
122
+
123
+ //var_dump($list);
124
+
125
+ // iterate through the allow list
126
+ foreach($list as $line)
127
+ {
128
+ list($ip, $mask) = explode('/', $line . '/128'); // get the ip and mask from the list
129
+
130
+ $mask = str_repeat('f', $mask >> 2); //render the mask as bits, similar to info on the php.net man page discussion for inet_pton
131
+
132
+ switch($mask % 4){
133
+ case 1:
134
+ $mask .= '8';
135
+ break;
136
+ case 2:
137
+ $mask .= 'c';
138
+ break;
139
+ case 3:
140
+ $mask .= 'e';
141
+ break;
142
+ }
143
+
144
+ $mask = pack('H*', $mask);
145
+
146
+ // check if the masked versions match
147
+ if((inet_pton($ip) & $mask) == ($remote_ip & $mask)) return false;
148
+ }
149
+ }
150
+
151
+ $rsa_restrict_approach = intval($rsa_options['approach']);
152
  switch ($rsa_restrict_approach) {
153
  case 1:
154
  $new_url = (is_home()) ? get_bloginfo("url") : get_permalink();
156
  exit;
157
  case 2:
158
  // get base url
159
+ $rsa_redirect_url = $rsa_options['redirect_url'];
160
  if (!$rsa_redirect_url) return false;
161
 
162
  // if redirecting to same path get info
163
+ if($rsa_options['redirect_path']) $rsa_redirect_url .= $_SERVER["REQUEST_URI"];
164
 
165
+ $rsa_redirect_head = $rsa_options['head_code'];
 
 
 
 
 
 
166
  $rsa_redirect_head = (!$rsa_redirect_head) ? 302 : intval($rsa_redirect_head);
167
 
168
  wp_redirect($rsa_redirect_url, $rsa_redirect_head);
180
  function rsa_options() {
181
  ?>
182
  <script type="text/javascript" language="javascript">
183
+ function add_ip(ip) {
184
+ if (!jQuery.trim(ip)) return false;
185
+
186
+ jQuery('#message').remove();
187
+
188
+ var ip_used = false;
189
+ jQuery('#ip_list input').each(function(){
190
+ if (jQuery(this).val() == ip) {
191
+ jQuery('h2').after('<div id="message" class="error"><p><strong>IP address already in list.</strong></p></div>');
192
+ ip_used = true;
193
+ return false;
194
+ }
195
+ });
196
+ if (ip_used) return false;
197
+
198
+ jQuery('#ip_list').append('<span><input type="text" name="rsa_options[allowed][]" value="'+ip+'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /><br /></span>');
199
+ jQuery('h2').after('<div id="message" class="updated"><p><strong>IP added to exception list.</strong></p></div>');
200
+ }
201
+
202
+ function remove_ip(btnObj) {
203
+ if (!confirm('Are you certain you want to remove this IP?')) return false;
204
+ jQuery(btnObj).parent().remove();
205
  }
206
 
207
  function change_approach(approach_choice) {
208
+ if (approach_choice == 2) jQuery(".redirect_field").fadeIn(500);
209
+ else jQuery(".redirect_field").fadeOut(500);
210
  }
211
 
212
  function check_redirect() {
226
  }
227
  </script>
228
  <div class="wrap">
229
+ <div class="icon32" id="icon-options-general"><br/></div>
230
  <h2>Restricted Site Access Configuration</h2>
231
+
232
+ <?php
233
+ if (!function_exists('inet_pton')) {
234
+ echo '<p>Version 2.0 of this plug-in requires a server running PHP 5.1 or newer in order to support IPv6 (as well as IPv4) ranges. If you are using an older version of PHP and your host cannot be upgraded, and you do not need IP range support, you can always manually <a href="http://downloads.wordpress.org/plugin/restricted-site-access.1.0.2.zip">download and install version 1.0.2</a>.</p>';
235
+ return false;
236
+ }
237
+ ?>
238
 
239
  <div id="poststuff" style="margin-top: 20px;">
240
 
241
+ <div class="postbox" style="width: 200px; min-width: 200px; float: right;">
242
  <h3 class="hndle">Support us</h3>
243
  <div class="inside">
244
  <p>Help support continued development of Restricted Site Access and our other plugins.</p>
254
  </div>
255
 
256
  <form method="post" action="options.php" onsubmit="return check_redirect();">
257
+ <?php
258
+ settings_fields('restricted_site_access_options');
259
+ $rsa_options = get_option('rsa_options');
260
+ ?>
261
+ <h3 class="hndle">Restriction Options</h3>
262
+
263
+ <table class="form-table" style="clear: none; width: auto;">
264
+ <tr valign="top">
265
+ <th scope="row"><label for="rsa_options[active]">Restrict access</label></th>
266
+ <td>
267
+ <input type="checkbox" name="rsa_options[active]" value="1" id="rsa_is_active"<?php if ($rsa_options['active']) echo ' checked="true"'; ?> />
268
+ Activates the plug-in and restriction rules.
269
+ </td>
270
+ </tr>
271
+ <tr valign="top">
272
+ <th scope="row"><label for="rsa_options[approach]">Handling</label></th>
273
+ <td>
274
+ <select name="rsa_options[approach]" id="rsa_restrict_approach" onchange="change_approach(selectedIndex);">
275
+ <?php
276
+ $rsa_restrict_approach = intval($rsa_options['approach']);
277
+ $restrict_choices = array('Select handling','Send to login page','Redirect visitor','Display message');
278
+ foreach($restrict_choices as $key=>$value) {
279
+ echo '<option value="'.$key.'"';
280
+ if ($rsa_restrict_approach == $key) echo ' selected="selected"';
281
+ echo '>'.$value."</option>\n";
282
+ }
283
+ ?>
284
+ </select>
285
+ <span class="description">Method for handling visitors who do not have access.</span>
286
+ </td>
287
+ </tr>
288
+ <tr valign="top">
289
+ <th scope="row"><label for="newip">Allowed IPs</label></th>
290
+ <td>
291
+ <div id="ip_list">
292
+ <?php
293
+ $ips = $rsa_options['allowed'];
294
+ if (!empty($ips)) {
295
+ foreach ($ips as $key => $ip) {
296
+ if (empty($ip)) continue;
297
+ echo '<span><input type="text" name="rsa_options[allowed][]" value="'.$ip.'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /><br /></span>';
298
+ }
299
+ }
300
+ ?>
301
+ </div>
302
+ <input type="text" name="newip" id="newip" value="" /><input class="button" type="button" onclick="add_ip(jQuery('#newip').val());" value="add" /><br />
303
+ <input class="button" type="button" onclick="add_ip('<?php echo $_SERVER['REMOTE_ADDR']; ?>');" value="add my current IP" style="margin: 5px 0;" /><br />
304
+ <span class="description">May enter ranges using subnet prefix or single IPs. Open help tab for details.</span>
305
+ </td>
306
+ </tr>
307
+ </table>
308
 
309
+ <h3 class="redirect_field"<?php if ($rsa_restrict_approach != 2) echo ' style="display: none;"'; ?>>Redirection Options</h3>
 
310
 
311
+ <table class="form-table redirect_field" style="clear: none; width: auto;<?php if ($rsa_restrict_approach != 2) echo ' display: none;'; ?>">
312
+ <tr valign="top">
313
+ <th scope="row"><label for="rsa_options[redirect_url]">Redirect visitor to</label></th>
314
+ <td>
315
+ <input type="text" name="rsa_options[redirect_url]" id="rsa_redirect_url" value="<?php echo $rsa_options['redirect_url']; ?>" class="regular-text" />
316
+ </td>
317
+ </tr>
318
+
319
+ <tr valign="top">
320
+ <th scope="row"><label for="rsa_options[redirect_path]"><em>...with same path</em></label></th>
321
+ <td>
322
+ <input type="checkbox" name="rsa_options[redirect_path]" value="1" id="rsa_redirect_path"<?php if ($rsa_options['redirect_path']) echo ' checked="true"'; ?> />
323
+ Redirect to same path entered at this site (help tab for more)
324
+ </td>
325
+ </tr>
326
+
327
+ <tr valign="top">
328
+ <th scope="row"><label for="rsa_options[head_code]">Redirect type</label></th>
329
+ <td>
330
+ <select name="rsa_options[head_code]" id="rsa_redirect_head">
331
+ <?php $rsa_redirect_head = $rsa_options['head_code']; ?>
332
+ <option value="301"<?php if ($rsa_redirect_head == "301") echo ' selected="selected"'; ?>>301 Permanent</option>
333
+ <option value="302"<?php if ($rsa_redirect_head == "302" || !$rsa_redirect_head) echo ' selected="selected"'; ?>>302 Undefined</option>
334
+ <option value="307"<?php if ($rsa_redirect_head == "307") echo ' selected="selected"'; ?>>307 Temporary</option>
335
+ </select>
336
+ <span class="description">Open help tab for more explanation.</span>
337
+ </td>
338
+ </tr>
339
+ </table>
340
+
341
+ <p class="submit"><input type="submit" class="button-primary" value="<?php _e('Save Changes') ?>" /></p>
342
  </form>
343
  </div>
344
  </div>
346
  }
347
 
348
  function rsa_admin_menu() {
349
+ $plugin_page = add_options_page('Restricted Site Access Configuration', 'Restricted Access', 8, __FILE__, 'rsa_options');
350
+ add_action('admin_head-'.$plugin_page,'rsa_header');
351
  }
352
  add_action('admin_menu', 'rsa_admin_menu');
353
+
354
+ function rsa_header() {
355
+ add_filter('contextual_help','rsa_context_help');
356
+ }
357
+
358
+ function rsa_context_help()
359
+ {
360
+ echo '
361
+ <h5>Restricted Site Access</h5>
362
+ <p>Restricted Site Access is a plug-in by Jake Goldman (C. Murray Consulting) that allows you to restrict access to logged in users and a set of IP addresses with flexible restricted access behavior.</p>
363
+
364
+ <h5>Restriction Options</h5>
365
+ <p><strong>Restrict access</strong> - you can enable and disable restriction at will without deactivating the plug-in.</p>
366
+ <p><strong>Handling</strong> - send the visitor the WordPress login screen, redirect the visitor (choosing this will offer some new options), or display a message indicating that the site is restricted.</p>
367
+ <p><strong>Allowed IPs</strong> - enter a single IP address (such as 192.168.1.105) or an IP range using a network prefix (such as 10.0.0.1/24). In the current version, no validation is completed on these free form fields intended to hold IP addresses or IP ranges. A future version may check for valid entries. Here\'s a <a href="http://www.csgnetwork.com/ipinfocalc.html" target="_blank">handy calculator</a> to check your prefix.</p>
368
+
369
+ <h5>Redirection Options</h5>
370
+ <p>This field set will only appear if you are using the "redirect visitor" handler.</p>
371
+ <p><strong>Redirect visitor to</strong> - the web site address of the site you want the visitor redirected to.</p>
372
+ <p><strong>...with same path</strong> - if you would like to redirect the visitor to the same path (URI) he or she entered this site at (the rest of the URL after the base URL), check this option. This is typically used when there are two, very similar sites at different public web addresses; for instance, a parallel development server open to the Internet but not intended for the public.</p>
373
+ <p><strong>Redirect type</strong> - redirect type headers can provide certain visitors, particularly search engines, more information about the nature of the redirect. A 301 redirect tells search engines that the page has moved permanently to the new location. 307 indicates a temporary redirect. 302 is an undefined redirect.</p>
374
+
375
+ <h5>Support</h5>
376
+ <div class="metabox-prefs">
377
+ <p><a href="http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/" target="_blank">Restricted Site Access support</a></p>
378
+ <p>This plug-in was developed by <a href="http://www.cmurrayconsulting.com" target="_blank">C. Muray Consulting</a>, Web Development &amp; Strategy Experts located in Providence, Rhode Island in the United States. We develop plug-ins because we love working with WordPress, and to generate interest in our business. If you like our plug-in, and know someone who needs web development work, be in touch!</p>
379
+ </div>
380
+ ';
381
+ }
382
  ?>
screenshot-1.png CHANGED
Binary file