Version Description
- Customize blocked visitor message
- Stronger security (patched "search" hole)
- Better display / handling of blocked visitor message
Download this release
Release Info
Developer | jakemgold |
Plugin | Restricted Site Access |
Version | 2.1 |
Comparing to | |
See all releases |
Code changes from version 2.0 to 2.1
- readme.txt +69 -66
- restricted_site_access.php +397 -381
readme.txt
CHANGED
@@ -1,66 +1,69 @@
|
|
1 |
-
=== Restricted Site Access ===
|
2 |
-
Contributors: Jacob M Goldman (C. Murray Consulting), Eric Buth
|
3 |
-
Donate link: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
|
4 |
-
Tags: restricted, limited, permissions, security
|
5 |
-
Requires at least: 2.8
|
6 |
-
Tested up to: 2.9.1
|
7 |
-
Stable tag: 2.
|
8 |
-
|
9 |
-
Limit access to
|
10 |
-
|
11 |
-
|
12 |
-
|
13 |
-
|
14 |
-
|
15 |
-
|
16 |
-
|
17 |
-
|
18 |
-
|
19 |
-
|
20 |
-
|
21 |
-
|
22 |
-
|
23 |
-
|
24 |
-
|
25 |
-
|
26 |
-
|
27 |
-
|
28 |
-
|
29 |
-
|
30 |
-
|
31 |
-
|
32 |
-
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
39 |
-
|
40 |
-
|
41 |
-
|
42 |
-
|
43 |
-
|
44 |
-
|
45 |
-
|
46 |
-
|
47 |
-
|
48 |
-
|
49 |
-
|
50 |
-
|
51 |
-
|
52 |
-
|
53 |
-
|
54 |
-
|
55 |
-
|
56 |
-
|
57 |
-
|
58 |
-
|
59 |
-
|
60 |
-
|
61 |
-
|
62 |
-
|
63 |
-
|
64 |
-
|
65 |
-
|
66 |
-
|
|
|
|
|
|
1 |
+
=== Restricted Site Access ===
|
2 |
+
Contributors: Jacob M Goldman (C. Murray Consulting), Eric Buth
|
3 |
+
Donate link: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
|
4 |
+
Tags: restricted, restrict, limited, permissions, security, block
|
5 |
+
Requires at least: 2.8
|
6 |
+
Tested up to: 2.9.1
|
7 |
+
Stable tag: 2.1
|
8 |
+
|
9 |
+
Limit access to visitors who are logged in or at specific IP addresses. Many options for handling blocked visitors.
|
10 |
+
Great for Intranets, dev sites.
|
11 |
+
|
12 |
+
|
13 |
+
== Description ==
|
14 |
+
|
15 |
+
Limit access your site to visitors who are logged in or accessing the site from a set of specific IP addresses.
|
16 |
+
Send restricted visitors to the log in page, redirect them, or display a message. A great solution for
|
17 |
+
Extranets, publicly hosted Intranets, or parallel development sites.
|
18 |
+
|
19 |
+
It includes an easy to use configuration panel inside the WordPress settings menu. From this panel you can:
|
20 |
+
|
21 |
+
1. Enable and disable access restriction at will.
|
22 |
+
1. Change the restriction behavior: send to login, redirect, or display a message.
|
23 |
+
1. Add IP addresses not subject to restriction, including ranges.
|
24 |
+
1. Quickly add your current IP to the restriction list.
|
25 |
+
1. Control the redirect location.
|
26 |
+
1. Choose to redirect visitors to the same path that they entered the current site on.
|
27 |
+
1. Choose the HTTP redirect message for SEO friendliness.
|
28 |
+
1. Customize the blocked visitor message.
|
29 |
+
|
30 |
+
Version 2.0 is a major update. In addition to adding IP range support, there are significant UI and usability
|
31 |
+
improvements, and many other under the hood improvements to the code base.
|
32 |
+
|
33 |
+
Requires PHP 5.1+ to support IPv6 ranges. Download version 1.0.2 if IP ranges are not needed and the host is not
|
34 |
+
running PHP 5.1 or newer.
|
35 |
+
|
36 |
+
|
37 |
+
== Installation ==
|
38 |
+
|
39 |
+
1. Install easily with the WordPress plugin control panel or manually download the plugin and upload the extracted
|
40 |
+
folder to the `/wp-content/plugins/` directory
|
41 |
+
1. Activate the plugin through the 'Plugins' menu in WordPress
|
42 |
+
1. Configure the plugin by going to the "Restricted Access" menu item under "Settings"
|
43 |
+
|
44 |
+
|
45 |
+
== Screenshots ==
|
46 |
+
|
47 |
+
1. Sceenshot of configuration page.
|
48 |
+
|
49 |
+
|
50 |
+
== Changelog ==
|
51 |
+
|
52 |
+
= 2.1 =
|
53 |
+
* Customize blocked visitor message
|
54 |
+
* Stronger security (patched "search" hole)
|
55 |
+
* Better display / handling of blocked visitor message
|
56 |
+
|
57 |
+
= 2.0 =
|
58 |
+
* Add support for IP ranges courtesy Eric Buth
|
59 |
+
* Major UI changes and improvements; major code improvements
|
60 |
+
|
61 |
+
= 1.0.2 =
|
62 |
+
* Fix login redirect to home; improve redirect handling to take advantage of wp_redirect function
|
63 |
+
|
64 |
+
= 1.0.1 =
|
65 |
+
* Important fundamental change related to handling of what should be restricted
|
66 |
+
|
67 |
+
= Planned enhancements =
|
68 |
+
* Restriction based on user level (vs is logged in)
|
69 |
+
* Exclude pages or posts from restrictions
|
restricted_site_access.php
CHANGED
@@ -1,382 +1,398 @@
|
|
1 |
-
<?php
|
2 |
-
/**
|
3 |
-
Plugin Name: Restricted Site Access
|
4 |
-
Plugin URI: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
|
5 |
-
Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message. <strong>Powerful control over redirection</strong>, with option to send to same path and send <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
|
6 |
-
Version: 2.
|
7 |
-
Author: Jacob M Goldman (C. Murray Consulting)
|
8 |
-
Author URI: http://www.cmurrayconsulting.com
|
9 |
-
|
10 |
-
Plugin: Copyright 2009 C. Murray Consulting (email : jake@cmurrayconsulting.com)
|
11 |
-
|
12 |
-
This program is free software; you can redistribute it and/or modify
|
13 |
-
it under the terms of the GNU General Public License as published by
|
14 |
-
the Free Software Foundation; either version 2 of the License, or
|
15 |
-
(at your option) any later version.
|
16 |
-
|
17 |
-
This program is distributed in the hope that it will be useful,
|
18 |
-
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
19 |
-
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
20 |
-
GNU General Public License for more details.
|
21 |
-
|
22 |
-
You should have received a copy of the GNU General Public License
|
23 |
-
along with this program; if not, write to the Free Software
|
24 |
-
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
25 |
-
*/
|
26 |
-
|
27 |
-
/**
|
28 |
-
* rsa_activation() handles plugin activation and conversion of pre 1.1 config options
|
29 |
-
*/
|
30 |
-
function rsa_activation()
|
31 |
-
{
|
32 |
-
if (get_option('rsa_restrict_approach'))
|
33 |
-
{
|
34 |
-
//convert textarea ips to array
|
35 |
-
$allowed = get_option('rsa_allowed_ips');
|
36 |
-
|
37 |
-
|
38 |
-
|
39 |
-
|
40 |
-
|
41 |
-
|
42 |
-
|
43 |
-
'
|
44 |
-
'
|
45 |
-
|
46 |
-
|
47 |
-
|
48 |
-
|
49 |
-
|
50 |
-
|
51 |
-
'
|
52 |
-
'
|
53 |
-
|
54 |
-
);
|
55 |
-
|
56 |
-
|
57 |
-
delete_option('
|
58 |
-
delete_option('
|
59 |
-
delete_option('
|
60 |
-
delete_option('
|
61 |
-
delete_option('
|
62 |
-
|
63 |
-
|
64 |
-
|
65 |
-
|
66 |
-
|
67 |
-
|
68 |
-
|
69 |
-
|
70 |
-
|
71 |
-
|
72 |
-
|
73 |
-
|
74 |
-
|
75 |
-
|
76 |
-
|
77 |
-
|
78 |
-
|
79 |
-
|
80 |
-
|
81 |
-
|
82 |
-
$input['
|
83 |
-
$input['approach']
|
84 |
-
|
85 |
-
$input['
|
86 |
-
|
87 |
-
|
88 |
-
return $input;
|
89 |
-
}
|
90 |
-
|
91 |
-
/**
|
92 |
-
* rsa_plugin_actlinks() adds direct settings link to plug-in page
|
93 |
-
*/
|
94 |
-
function rsa_plugin_actlinks( $links )
|
95 |
-
{
|
96 |
-
// Add a link to this plugin's settings page
|
97 |
-
$plugin = plugin_basename(__FILE__);
|
98 |
-
$settings_link = sprintf( '<a href="options-general.php?page=%s">%s</a>', $plugin, __('Settings') );
|
99 |
-
array_unshift( $links, $settings_link );
|
100 |
-
return $links;
|
101 |
-
}
|
102 |
-
if(is_admin()) add_filter("plugin_action_links_".$plugin, 'rsa_plugin_actlinks' );
|
103 |
-
|
104 |
-
/**
|
105 |
-
* restricted_site_access() is the core function that blocks a page if appropriate
|
106 |
-
*/
|
107 |
-
function restricted_site_access()
|
108 |
-
{
|
109 |
-
$rsa_options = get_option('rsa_options');
|
110 |
-
|
111 |
-
//logged in users can stay, can stay if plug-in not active
|
112 |
-
if (is_user_logged_in() || !$rsa_options['active']) return false;
|
113 |
-
//if we're not on a front end page, stay put
|
114 |
-
if (!is_singular() && !is_archive() && !is_feed() && !is_home()) return false;
|
115 |
-
|
116 |
-
// check for the allow list, if its empty block everything
|
117 |
-
if(($list = $rsa_options['allowed']) && function_exists('inet_pton'))
|
118 |
-
{
|
119 |
-
$remote_ip = $_SERVER['REMOTE_ADDR']; //save the remote ip
|
120 |
-
if(strpos($remote_ip, '.')) $remote_ip = str_replace('::ffff:', '', $remote_ip); //handle dual-stack addresses
|
121 |
-
$remote_ip = inet_pton($remote_ip); //parse the remote ip
|
122 |
-
|
123 |
-
//var_dump($list);
|
124 |
-
|
125 |
-
// iterate through the allow list
|
126 |
-
foreach($list as $line)
|
127 |
-
{
|
128 |
-
list($ip, $mask) = explode('/', $line . '/128'); // get the ip and mask from the list
|
129 |
-
|
130 |
-
$mask = str_repeat('f', $mask >> 2); //render the mask as bits, similar to info on the php.net man page discussion for inet_pton
|
131 |
-
|
132 |
-
switch($mask % 4){
|
133 |
-
case 1:
|
134 |
-
$mask .= '8';
|
135 |
-
break;
|
136 |
-
case 2:
|
137 |
-
$mask .= 'c';
|
138 |
-
break;
|
139 |
-
case 3:
|
140 |
-
$mask .= 'e';
|
141 |
-
break;
|
142 |
-
}
|
143 |
-
|
144 |
-
$mask = pack('H*', $mask);
|
145 |
-
|
146 |
-
// check if the masked versions match
|
147 |
-
if((inet_pton($ip) & $mask) == ($remote_ip & $mask)) return false;
|
148 |
-
}
|
149 |
-
}
|
150 |
-
|
151 |
-
$rsa_restrict_approach = intval($rsa_options['approach']);
|
152 |
-
switch ($rsa_restrict_approach) {
|
153 |
-
case 1:
|
154 |
-
$new_url = (is_home()) ? get_bloginfo("url") : get_permalink();
|
155 |
-
wp_redirect(wp_login_url($new_url));
|
156 |
-
exit;
|
157 |
-
case 2:
|
158 |
-
// get base url
|
159 |
-
$rsa_redirect_url = $rsa_options['redirect_url'];
|
160 |
-
if (!$rsa_redirect_url) return false;
|
161 |
-
|
162 |
-
// if redirecting to same path get info
|
163 |
-
if($rsa_options['redirect_path']) $rsa_redirect_url .= $_SERVER["REQUEST_URI"];
|
164 |
-
|
165 |
-
$rsa_redirect_head = $rsa_options['head_code'];
|
166 |
-
$rsa_redirect_head = (!$rsa_redirect_head) ? 302 : intval($rsa_redirect_head);
|
167 |
-
|
168 |
-
wp_redirect($rsa_redirect_url, $rsa_redirect_head);
|
169 |
-
exit;
|
170 |
-
case 3:
|
171 |
-
|
172 |
-
|
173 |
-
}
|
174 |
-
|
175 |
-
|
176 |
-
|
177 |
-
|
178 |
-
|
179 |
-
|
180 |
-
|
181 |
-
|
182 |
-
|
183 |
-
|
184 |
-
|
185 |
-
|
186 |
-
|
187 |
-
|
188 |
-
|
189 |
-
|
190 |
-
|
191 |
-
|
192 |
-
|
193 |
-
|
194 |
-
|
195 |
-
|
196 |
-
|
197 |
-
|
198 |
-
|
199 |
-
|
200 |
-
|
201 |
-
|
202 |
-
|
203 |
-
|
204 |
-
|
205 |
-
|
206 |
-
|
207 |
-
|
208 |
-
|
209 |
-
|
210 |
-
|
211 |
-
|
212 |
-
|
213 |
-
|
214 |
-
|
215 |
-
|
216 |
-
|
217 |
-
|
218 |
-
|
219 |
-
|
220 |
-
|
221 |
-
|
222 |
-
|
223 |
-
|
224 |
-
|
225 |
-
|
226 |
-
|
227 |
-
|
228 |
-
|
229 |
-
|
230 |
-
|
231 |
-
|
232 |
-
|
233 |
-
|
234 |
-
|
235 |
-
|
236 |
-
|
237 |
-
|
238 |
-
|
239 |
-
|
240 |
-
|
241 |
-
|
242 |
-
|
243 |
-
|
244 |
-
|
245 |
-
|
246 |
-
|
247 |
-
|
248 |
-
<
|
249 |
-
<
|
250 |
-
<
|
251 |
-
|
252 |
-
<
|
253 |
-
|
254 |
-
|
255 |
-
|
256 |
-
|
257 |
-
|
258 |
-
|
259 |
-
|
260 |
-
|
261 |
-
|
262 |
-
|
263 |
-
|
264 |
-
|
265 |
-
|
266 |
-
|
267 |
-
|
268 |
-
|
269 |
-
</
|
270 |
-
|
271 |
-
|
272 |
-
|
273 |
-
|
274 |
-
|
275 |
-
|
276 |
-
|
277 |
-
|
278 |
-
|
279 |
-
|
280 |
-
|
281 |
-
|
282 |
-
|
283 |
-
|
284 |
-
|
285 |
-
|
286 |
-
|
287 |
-
|
288 |
-
|
289 |
-
|
290 |
-
|
291 |
-
|
292 |
-
|
293 |
-
|
294 |
-
|
295 |
-
|
296 |
-
|
297 |
-
|
298 |
-
|
299 |
-
|
300 |
-
|
301 |
-
|
302 |
-
|
303 |
-
|
304 |
-
|
305 |
-
|
306 |
-
|
307 |
-
|
308 |
-
|
309 |
-
|
310 |
-
|
311 |
-
|
312 |
-
|
313 |
-
|
314 |
-
|
315 |
-
|
316 |
-
|
317 |
-
|
318 |
-
|
319 |
-
|
320 |
-
|
321 |
-
|
322 |
-
|
323 |
-
|
324 |
-
</
|
325 |
-
|
326 |
-
|
327 |
-
|
328 |
-
|
329 |
-
|
330 |
-
|
331 |
-
|
332 |
-
|
333 |
-
|
334 |
-
|
335 |
-
|
336 |
-
|
337 |
-
|
338 |
-
|
339 |
-
|
340 |
-
|
341 |
-
|
342 |
-
|
343 |
-
|
344 |
-
|
345 |
-
<?php
|
346 |
-
|
347 |
-
|
348 |
-
|
349 |
-
|
350 |
-
|
351 |
-
|
352 |
-
|
353 |
-
|
354 |
-
|
355 |
-
|
356 |
-
|
357 |
-
|
358 |
-
|
359 |
-
|
360 |
-
|
361 |
-
|
362 |
-
|
363 |
-
|
364 |
-
|
365 |
-
|
366 |
-
|
367 |
-
|
368 |
-
|
369 |
-
|
370 |
-
|
371 |
-
|
372 |
-
|
373 |
-
|
374 |
-
|
375 |
-
|
376 |
-
|
377 |
-
|
378 |
-
|
379 |
-
|
380 |
-
|
381 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
382 |
?>
|
1 |
+
<?php
|
2 |
+
/**
|
3 |
+
Plugin Name: Restricted Site Access
|
4 |
+
Plugin URI: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
|
5 |
+
Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message. <strong>Powerful control over redirection</strong>, with option to send to same path and send <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
|
6 |
+
Version: 2.1
|
7 |
+
Author: Jacob M Goldman (C. Murray Consulting)
|
8 |
+
Author URI: http://www.cmurrayconsulting.com
|
9 |
+
|
10 |
+
Plugin: Copyright 2009 C. Murray Consulting (email : jake@cmurrayconsulting.com)
|
11 |
+
|
12 |
+
This program is free software; you can redistribute it and/or modify
|
13 |
+
it under the terms of the GNU General Public License as published by
|
14 |
+
the Free Software Foundation; either version 2 of the License, or
|
15 |
+
(at your option) any later version.
|
16 |
+
|
17 |
+
This program is distributed in the hope that it will be useful,
|
18 |
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
19 |
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
20 |
+
GNU General Public License for more details.
|
21 |
+
|
22 |
+
You should have received a copy of the GNU General Public License
|
23 |
+
along with this program; if not, write to the Free Software
|
24 |
+
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
25 |
+
*/
|
26 |
+
|
27 |
+
/**
|
28 |
+
* rsa_activation() handles plugin activation and conversion of pre 1.1 config options
|
29 |
+
*/
|
30 |
+
function rsa_activation()
|
31 |
+
{
|
32 |
+
if (get_option('rsa_restrict_approach'))
|
33 |
+
{
|
34 |
+
//convert textarea ips to array
|
35 |
+
$allowed = get_option('rsa_allowed_ips');
|
36 |
+
if ($allowed) {
|
37 |
+
$arrAllowed = preg_split('/\s+/', $allowed);
|
38 |
+
if (empty($arrAllowed)) $arrAllowed = array($allowed);
|
39 |
+
}
|
40 |
+
|
41 |
+
$rsa_options = array(
|
42 |
+
'active' => (get_option('rsa_is_active')),
|
43 |
+
'allowed' => $arrAllowed,
|
44 |
+
'approach' => (get_option('rsa_restrict_approach')),
|
45 |
+
/*
|
46 |
+
1: send to login page
|
47 |
+
2: redirect to URL
|
48 |
+
3: show restricted access message and exit
|
49 |
+
*/
|
50 |
+
'redirect_path' => (get_option('rsa_redirect_path')),
|
51 |
+
'redirect_url' => (get_option('rsa_redirect_url')),
|
52 |
+
'head_code' => (get_option('rsa_redirect_head'))
|
53 |
+
);
|
54 |
+
update_option('rsa_options',$rsa_options);
|
55 |
+
|
56 |
+
delete_option('rsa_is_active');
|
57 |
+
delete_option('rsa_allowed_ips');
|
58 |
+
delete_option('rsa_restrict_approach');
|
59 |
+
delete_option('rsa_redirect_path');
|
60 |
+
delete_option('rsa_redirect_url');
|
61 |
+
delete_option('rsa_redirect_head');
|
62 |
+
}
|
63 |
+
}
|
64 |
+
|
65 |
+
register_activation_hook(__FILE__,'rsa_activation');
|
66 |
+
|
67 |
+
/**
|
68 |
+
* rsa_admin_init() initializes plugin settings
|
69 |
+
*/
|
70 |
+
function rsa_admin_init() {
|
71 |
+
register_setting('restricted_site_access_options','rsa_options','rsa_validate'); //array of fundamental options including ID and caching info
|
72 |
+
}
|
73 |
+
|
74 |
+
add_action( 'admin_init', 'rsa_admin_init' );
|
75 |
+
|
76 |
+
/**
|
77 |
+
* rsa_validate() handles validation of settings
|
78 |
+
*/
|
79 |
+
function rsa_validate($input)
|
80 |
+
{
|
81 |
+
$input['active'] = ($input['active'] == 1) ? 1 : 0;
|
82 |
+
$input['approach'] = intval($input['approach']);
|
83 |
+
if ($input['approach'] > 3 || $input['approach'] < 0) $input['approach'] = 0;
|
84 |
+
$input['redirect_path'] = ($input['redirect_path'] == 1) ? 1 : 0;
|
85 |
+
if ($input['head_code'] != '301' && $input['head_code'] != '302' && $input['head_code'] != '307') $input['head_code'] = '302';
|
86 |
+
$input['message'] = trim($input['message']);
|
87 |
+
|
88 |
+
return $input;
|
89 |
+
}
|
90 |
+
|
91 |
+
/**
|
92 |
+
* rsa_plugin_actlinks() adds direct settings link to plug-in page
|
93 |
+
*/
|
94 |
+
function rsa_plugin_actlinks( $links )
|
95 |
+
{
|
96 |
+
// Add a link to this plugin's settings page
|
97 |
+
$plugin = plugin_basename(__FILE__);
|
98 |
+
$settings_link = sprintf( '<a href="options-general.php?page=%s">%s</a>', $plugin, __('Settings') );
|
99 |
+
array_unshift( $links, $settings_link );
|
100 |
+
return $links;
|
101 |
+
}
|
102 |
+
if(is_admin()) add_filter("plugin_action_links_".$plugin, 'rsa_plugin_actlinks' );
|
103 |
+
|
104 |
+
/**
|
105 |
+
* restricted_site_access() is the core function that blocks a page if appropriate
|
106 |
+
*/
|
107 |
+
function restricted_site_access()
|
108 |
+
{
|
109 |
+
$rsa_options = get_option('rsa_options');
|
110 |
+
|
111 |
+
//logged in users can stay, can stay if plug-in not active
|
112 |
+
if (is_user_logged_in() || !$rsa_options['active']) return false;
|
113 |
+
//if we're not on a front end page, stay put
|
114 |
+
//if (!is_singular() && !is_archive() && !is_feed() && !is_home()) return false;
|
115 |
+
|
116 |
+
// check for the allow list, if its empty block everything
|
117 |
+
if(($list = $rsa_options['allowed']) && function_exists('inet_pton'))
|
118 |
+
{
|
119 |
+
$remote_ip = $_SERVER['REMOTE_ADDR']; //save the remote ip
|
120 |
+
if(strpos($remote_ip, '.')) $remote_ip = str_replace('::ffff:', '', $remote_ip); //handle dual-stack addresses
|
121 |
+
$remote_ip = inet_pton($remote_ip); //parse the remote ip
|
122 |
+
|
123 |
+
//var_dump($list);
|
124 |
+
|
125 |
+
// iterate through the allow list
|
126 |
+
foreach($list as $line)
|
127 |
+
{
|
128 |
+
list($ip, $mask) = explode('/', $line . '/128'); // get the ip and mask from the list
|
129 |
+
|
130 |
+
$mask = str_repeat('f', $mask >> 2); //render the mask as bits, similar to info on the php.net man page discussion for inet_pton
|
131 |
+
|
132 |
+
switch($mask % 4){
|
133 |
+
case 1:
|
134 |
+
$mask .= '8';
|
135 |
+
break;
|
136 |
+
case 2:
|
137 |
+
$mask .= 'c';
|
138 |
+
break;
|
139 |
+
case 3:
|
140 |
+
$mask .= 'e';
|
141 |
+
break;
|
142 |
+
}
|
143 |
+
|
144 |
+
$mask = pack('H*', $mask);
|
145 |
+
|
146 |
+
// check if the masked versions match
|
147 |
+
if((inet_pton($ip) & $mask) == ($remote_ip & $mask)) return false;
|
148 |
+
}
|
149 |
+
}
|
150 |
+
|
151 |
+
$rsa_restrict_approach = intval($rsa_options['approach']);
|
152 |
+
switch ($rsa_restrict_approach) {
|
153 |
+
case 1:
|
154 |
+
$new_url = (is_home()) ? get_bloginfo("url") : get_permalink();
|
155 |
+
wp_redirect(wp_login_url($new_url));
|
156 |
+
exit;
|
157 |
+
case 2:
|
158 |
+
// get base url
|
159 |
+
$rsa_redirect_url = $rsa_options['redirect_url'];
|
160 |
+
if (!$rsa_redirect_url) return false;
|
161 |
+
|
162 |
+
// if redirecting to same path get info
|
163 |
+
if($rsa_options['redirect_path']) $rsa_redirect_url .= $_SERVER["REQUEST_URI"];
|
164 |
+
|
165 |
+
$rsa_redirect_head = $rsa_options['head_code'];
|
166 |
+
$rsa_redirect_head = (!$rsa_redirect_head) ? 302 : intval($rsa_redirect_head);
|
167 |
+
|
168 |
+
wp_redirect($rsa_redirect_url, $rsa_redirect_head);
|
169 |
+
exit;
|
170 |
+
case 3:
|
171 |
+
$message = (isset($rsa_options['message']) && $rsa_options['message']) ? $rsa_options['message'] : "Access to this site is restricted.";
|
172 |
+
wp_die($message);
|
173 |
+
}
|
174 |
+
}
|
175 |
+
if(!is_admin()) add_action('wp','restricted_site_access');
|
176 |
+
|
177 |
+
//************************//
|
178 |
+
//** ADMIN CONTROL PANEL *//
|
179 |
+
//************************//
|
180 |
+
|
181 |
+
function rsa_options() {
|
182 |
+
?>
|
183 |
+
<script type="text/javascript" language="javascript">
|
184 |
+
function add_ip(ip) {
|
185 |
+
if (!jQuery.trim(ip)) return false;
|
186 |
+
|
187 |
+
jQuery('#message').remove();
|
188 |
+
|
189 |
+
var ip_used = false;
|
190 |
+
jQuery('#ip_list input').each(function(){
|
191 |
+
if (jQuery(this).val() == ip) {
|
192 |
+
jQuery('h2').after('<div id="message" class="error"><p><strong>IP address '+ip+' already in list.</strong></p></div>');
|
193 |
+
scroll(0,0);
|
194 |
+
ip_used = true;
|
195 |
+
return false;
|
196 |
+
}
|
197 |
+
});
|
198 |
+
if (ip_used) return false;
|
199 |
+
|
200 |
+
jQuery('#ip_list').append('<span><input type="text" name="rsa_options[allowed][]" value="'+ip+'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /><br /></span>');
|
201 |
+
jQuery('h2').after('<div id="message" class="updated"><p><strong>IP added to exception list.</strong></p></div>');
|
202 |
+
}
|
203 |
+
|
204 |
+
function remove_ip(btnObj) {
|
205 |
+
if (!confirm('Are you certain you want to remove this IP?')) return false;
|
206 |
+
jQuery(btnObj).parent().remove();
|
207 |
+
}
|
208 |
+
|
209 |
+
function change_approach(approach_choice) {
|
210 |
+
if (approach_choice == 2) jQuery(".redirect_field").fadeIn(500);
|
211 |
+
else jQuery(".redirect_field").fadeOut(500);
|
212 |
+
if (approach_choice == 3) jQuery(".message_field").fadeIn(500);
|
213 |
+
else jQuery(".message_field").fadeOut(500);
|
214 |
+
}
|
215 |
+
|
216 |
+
function check_redirect() {
|
217 |
+
if (jQuery("#rsa_is_active:checked").val() == 1 && jQuery("#rsa_restrict_approach").val() == 0) {
|
218 |
+
alert('When restricted access is turned on, restriction handling must be selected.');
|
219 |
+
jQuery("#rsa_restrict_approach").focus();
|
220 |
+
return false;
|
221 |
+
}
|
222 |
+
if (jQuery("#rsa_restrict_approach").val() != 2) return true;
|
223 |
+
var redirect_url = jQuery("#rsa_redirect_url").val();
|
224 |
+
if (redirect_url.substring(0,7) != "http://" && redirect_url.substring(0,8) != "https://") {
|
225 |
+
alert('The redirect location must be a valid URL starting with http:// or https://.');
|
226 |
+
jQuery("#rsa_redirect_url").focus();
|
227 |
+
return false;
|
228 |
+
}
|
229 |
+
return true;
|
230 |
+
}
|
231 |
+
</script>
|
232 |
+
<div class="wrap">
|
233 |
+
<div class="icon32" id="icon-options-general"><br/></div>
|
234 |
+
<h2>Restricted Site Access Configuration</h2>
|
235 |
+
|
236 |
+
<?php
|
237 |
+
if (!function_exists('inet_pton')) {
|
238 |
+
echo '<p>Version 2.0 of this plug-in requires a server running PHP 5.1 or newer in order to support IPv6 (as well as IPv4) ranges. If you are using an older version of PHP and your host cannot be upgraded, and you do not need IP range support, you can always manually <a href="http://downloads.wordpress.org/plugin/restricted-site-access.1.0.2.zip">download and install version 1.0.2</a>.</p>';
|
239 |
+
return false;
|
240 |
+
}
|
241 |
+
?>
|
242 |
+
|
243 |
+
<div id="poststuff" style="margin-top: 20px;">
|
244 |
+
|
245 |
+
<div class="postbox" style="width: 200px; min-width: 200px; float: right;">
|
246 |
+
<h3 class="hndle">Support us</h3>
|
247 |
+
<div class="inside">
|
248 |
+
<p>Help support continued development of Restricted Site Access and our other plugins.</p>
|
249 |
+
<p>The best thing you can do is <strong>refer someone looking for web development or strategy work <a href="http://www.cmurrayconsulting.com" target="_blank">to our company</a></strong>. Learn more about our <a href="http://www.cmurrayconsulting.com/services/partners/wordpress-developer/" target="_blank">Wordpress experience and services</a>.</p>
|
250 |
+
<p>Short of that, please consider a donation. If you cannot afford even a small donation, please consider providing a link to our website, maybe in a blog post acknowledging this plugin.</p>
|
251 |
+
<form method="post" action="https://www.paypal.com/cgi-bin/webscr" style="text-align: left;">
|
252 |
+
<input type="hidden" value="_s-xclick" name="cmd"/>
|
253 |
+
<input type="hidden" value="3377715" name="hosted_button_id"/>
|
254 |
+
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="PayPal - The safer, easier way to pay online!"/> <img height="1" border="0" width="1" alt="" src="https://www.paypal.com/en_US/i/scr/pixel.gif"/><br/>
|
255 |
+
</form>
|
256 |
+
<p><strong><a href="http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/">Support page</a></strong></p>
|
257 |
+
</div>
|
258 |
+
</div>
|
259 |
+
|
260 |
+
<form method="post" action="options.php" onsubmit="return check_redirect();">
|
261 |
+
<?php
|
262 |
+
settings_fields('restricted_site_access_options');
|
263 |
+
$rsa_options = get_option('rsa_options');
|
264 |
+
?>
|
265 |
+
<h3 class="hndle">Restriction Options</h3>
|
266 |
+
|
267 |
+
<table class="form-table" style="clear: none; width: auto;">
|
268 |
+
<tr valign="top">
|
269 |
+
<th scope="row"><label for="rsa_options[active]">Restrict access</label></th>
|
270 |
+
<td>
|
271 |
+
<input type="checkbox" name="rsa_options[active]" value="1" id="rsa_is_active"<?php if ($rsa_options['active']) echo ' checked="true"'; ?> />
|
272 |
+
Activates the plug-in and restriction rules.
|
273 |
+
</td>
|
274 |
+
</tr>
|
275 |
+
<tr valign="top">
|
276 |
+
<th scope="row"><label for="rsa_options[approach]">Handling</label></th>
|
277 |
+
<td>
|
278 |
+
<select name="rsa_options[approach]" id="rsa_restrict_approach" onchange="change_approach(selectedIndex);">
|
279 |
+
<?php
|
280 |
+
$rsa_restrict_approach = intval($rsa_options['approach']);
|
281 |
+
$restrict_choices = array('Select handling','Send to login page','Redirect visitor','Display message');
|
282 |
+
foreach($restrict_choices as $key=>$value) {
|
283 |
+
echo '<option value="'.$key.'"';
|
284 |
+
if ($rsa_restrict_approach == $key) echo ' selected="selected"';
|
285 |
+
echo '>'.$value."</option>\n";
|
286 |
+
}
|
287 |
+
?>
|
288 |
+
</select>
|
289 |
+
<span class="description">Method for handling visitors who do not have access.</span>
|
290 |
+
</td>
|
291 |
+
</tr>
|
292 |
+
<tr valign="top">
|
293 |
+
<th scope="row"><label for="newip">Allowed IPs</label></th>
|
294 |
+
<td>
|
295 |
+
<div id="ip_list">
|
296 |
+
<?php
|
297 |
+
$ips = $rsa_options['allowed'];
|
298 |
+
if (!empty($ips)) {
|
299 |
+
foreach ($ips as $key => $ip) {
|
300 |
+
if (empty($ip)) continue;
|
301 |
+
echo '<span><input type="text" name="rsa_options[allowed][]" value="'.$ip.'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /><br /></span>';
|
302 |
+
}
|
303 |
+
}
|
304 |
+
?>
|
305 |
+
</div>
|
306 |
+
<input type="text" name="newip" id="newip" value="" /><input class="button" type="button" onclick="add_ip(jQuery('#newip').val());" value="add" /><br />
|
307 |
+
<input class="button" type="button" onclick="add_ip('<?php echo $_SERVER['REMOTE_ADDR']; ?>');" value="add my current IP" style="margin: 5px 0;" /><br />
|
308 |
+
<span class="description">May enter ranges using subnet prefix or single IPs. Open help tab for details.</span>
|
309 |
+
</td>
|
310 |
+
</tr>
|
311 |
+
</table>
|
312 |
+
|
313 |
+
<h3 class="redirect_field"<?php if ($rsa_restrict_approach != 2) echo ' style="display: none;"'; ?>>Redirection Options</h3>
|
314 |
+
|
315 |
+
<table class="form-table redirect_field" style="clear: none; width: auto;<?php if ($rsa_restrict_approach != 2) echo ' display: none;'; ?>">
|
316 |
+
<tr valign="top">
|
317 |
+
<th scope="row"><label for="rsa_options[redirect_url]">Redirect visitor to</label></th>
|
318 |
+
<td>
|
319 |
+
<input type="text" name="rsa_options[redirect_url]" id="rsa_redirect_url" value="<?php echo $rsa_options['redirect_url']; ?>" class="regular-text" />
|
320 |
+
</td>
|
321 |
+
</tr>
|
322 |
+
|
323 |
+
<tr valign="top">
|
324 |
+
<th scope="row"><label for="rsa_options[redirect_path]"><em>...with same path</em></label></th>
|
325 |
+
<td>
|
326 |
+
<input type="checkbox" name="rsa_options[redirect_path]" value="1" id="rsa_redirect_path"<?php if ($rsa_options['redirect_path']) echo ' checked="true"'; ?> />
|
327 |
+
Redirect to same path entered at this site (help tab for more)
|
328 |
+
</td>
|
329 |
+
</tr>
|
330 |
+
|
331 |
+
<tr valign="top">
|
332 |
+
<th scope="row"><label for="rsa_options[head_code]">Redirect type</label></th>
|
333 |
+
<td>
|
334 |
+
<select name="rsa_options[head_code]" id="rsa_redirect_head">
|
335 |
+
<?php $rsa_redirect_head = $rsa_options['head_code']; ?>
|
336 |
+
<option value="301"<?php if ($rsa_redirect_head == "301") echo ' selected="selected"'; ?>>301 Permanent</option>
|
337 |
+
<option value="302"<?php if ($rsa_redirect_head == "302" || !$rsa_redirect_head) echo ' selected="selected"'; ?>>302 Undefined</option>
|
338 |
+
<option value="307"<?php if ($rsa_redirect_head == "307") echo ' selected="selected"'; ?>>307 Temporary</option>
|
339 |
+
</select>
|
340 |
+
<span class="description">Open help tab for more explanation.</span>
|
341 |
+
</td>
|
342 |
+
</tr>
|
343 |
+
</table>
|
344 |
+
|
345 |
+
<h3 class="message_field"<?php if ($rsa_restrict_approach != 3) echo ' style="display: none;"'; ?>>Blocked Access Message</h3>
|
346 |
+
|
347 |
+
<table class="form-table message_field" style="clear: none; width: auto;<?php if ($rsa_restrict_approach != 3) echo ' display: none;'; ?>">
|
348 |
+
<tr valign="top">
|
349 |
+
<th scope="row"><label for="rsa_options[message]">Message</label></th>
|
350 |
+
<td>
|
351 |
+
<input type="text" name="rsa_options[message]" id="rsa_message" value="<?php echo esc_html($rsa_options['message']); ?>" class="regular-text" /><br />
|
352 |
+
<span class="description">Blank = "Access to this site is restricted."</span>
|
353 |
+
</td>
|
354 |
+
</tr>
|
355 |
+
</table>
|
356 |
+
|
357 |
+
<p class="submit"><input type="submit" class="button-primary" value="<?php _e('Save Changes') ?>" /></p>
|
358 |
+
</form>
|
359 |
+
</div>
|
360 |
+
</div>
|
361 |
+
<?php
|
362 |
+
}
|
363 |
+
|
364 |
+
function rsa_admin_menu() {
|
365 |
+
$plugin_page = add_options_page('Restricted Site Access Configuration', 'Restricted Access', 8, __FILE__, 'rsa_options');
|
366 |
+
add_action('admin_head-'.$plugin_page,'rsa_header');
|
367 |
+
}
|
368 |
+
add_action('admin_menu', 'rsa_admin_menu');
|
369 |
+
|
370 |
+
function rsa_header() {
|
371 |
+
add_filter('contextual_help','rsa_context_help');
|
372 |
+
}
|
373 |
+
|
374 |
+
function rsa_context_help()
|
375 |
+
{
|
376 |
+
echo '
|
377 |
+
<h5>Restricted Site Access</h5>
|
378 |
+
<p>Restricted Site Access is a plug-in by Jake Goldman (C. Murray Consulting) that allows you to restrict access to logged in users and a set of IP addresses with flexible restricted access behavior.</p>
|
379 |
+
|
380 |
+
<h5>Restriction Options</h5>
|
381 |
+
<p><strong>Restrict access</strong> - you can enable and disable restriction at will without deactivating the plug-in.</p>
|
382 |
+
<p><strong>Handling</strong> - send the visitor the WordPress login screen, redirect the visitor (choosing this will offer some new options), or display a message indicating that the site is restricted.</p>
|
383 |
+
<p><strong>Allowed IPs</strong> - enter a single IP address (such as 192.168.1.105) or an IP range using a network prefix (such as 10.0.0.1/24). In the current version, no validation is completed on these free form fields intended to hold IP addresses or IP ranges. A future version may check for valid entries. Here\'s a <a href="http://www.csgnetwork.com/ipinfocalc.html" target="_blank">handy calculator</a> to check your prefix.</p>
|
384 |
+
|
385 |
+
<h5>Redirection Options</h5>
|
386 |
+
<p>This field set will only appear if you are using the "redirect visitor" handler.</p>
|
387 |
+
<p><strong>Redirect visitor to</strong> - the web site address of the site you want the visitor redirected to.</p>
|
388 |
+
<p><strong>...with same path</strong> - if you would like to redirect the visitor to the same path (URI) he or she entered this site at (the rest of the URL after the base URL), check this option. This is typically used when there are two, very similar sites at different public web addresses; for instance, a parallel development server open to the Internet but not intended for the public.</p>
|
389 |
+
<p><strong>Redirect type</strong> - redirect type headers can provide certain visitors, particularly search engines, more information about the nature of the redirect. A 301 redirect tells search engines that the page has moved permanently to the new location. 307 indicates a temporary redirect. 302 is an undefined redirect.</p>
|
390 |
+
|
391 |
+
<h5>Support</h5>
|
392 |
+
<div class="metabox-prefs">
|
393 |
+
<p><a href="http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/" target="_blank">Restricted Site Access support</a></p>
|
394 |
+
<p>This plug-in was developed by <a href="http://www.cmurrayconsulting.com" target="_blank">C. Muray Consulting</a>, Web Development & Strategy Experts located in Providence, Rhode Island in the United States. We develop plug-ins because we love working with WordPress, and to generate interest in our business. If you like our plug-in, and know someone who needs web development work, be in touch!</p>
|
395 |
+
</div>
|
396 |
+
';
|
397 |
+
}
|
398 |
?>
|