Restricted Site Access - Version 3.0

Version Description

  • Integrates with Privacy settings page and site visibility option instead of adding a whole new page
  • Simplified options: clearer instructions, removed unnecessary hiding / showing of some options, fewer lines
  • Indicates whether the site is blocked in the admin next to the site title (WordPress 3.0+ only)
  • New action hook, restrict_site_access_handling, allowing developers to add their own restriction handling
  • Cleans up / removes settings when uninstalled
  • Assorted under the hood improvements for best coding practices, sanitization of options, etc
Download this release

Release Info

Developer jakemgold
Plugin Icon 128x128 Restricted Site Access
Version 3.0
Comparing to
See all releases

Code changes from version 2.1 to 3.0

Files changed (3) hide show
  1. readme.txt +73 -68
  2. restricted_site_access.php +392 -397
  3. screenshot-1.png +0 -0
readme.txt CHANGED
@@ -1,69 +1,74 @@
1
- === Restricted Site Access ===
2
- Contributors: Jacob M Goldman (C. Murray Consulting), Eric Buth
3
- Donate link: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
4
- Tags: restricted, restrict, limited, permissions, security, block
5
- Requires at least: 2.8
6
- Tested up to: 2.9.1
7
- Stable tag: 2.1
8
-
9
- Limit access to visitors who are logged in or at specific IP addresses. Many options for handling blocked visitors.
10
- Great for Intranets, dev sites.
11
-
12
-
13
- == Description ==
14
-
15
- Limit access your site to visitors who are logged in or accessing the site from a set of specific IP addresses.
16
- Send restricted visitors to the log in page, redirect them, or display a message. A great solution for
17
- Extranets, publicly hosted Intranets, or parallel development sites.
18
-
19
- It includes an easy to use configuration panel inside the WordPress settings menu. From this panel you can:
20
-
21
- 1. Enable and disable access restriction at will.
22
- 1. Change the restriction behavior: send to login, redirect, or display a message.
23
- 1. Add IP addresses not subject to restriction, including ranges.
24
- 1. Quickly add your current IP to the restriction list.
25
- 1. Control the redirect location.
26
- 1. Choose to redirect visitors to the same path that they entered the current site on.
27
- 1. Choose the HTTP redirect message for SEO friendliness.
28
- 1. Customize the blocked visitor message.
29
-
30
- Version 2.0 is a major update. In addition to adding IP range support, there are significant UI and usability
31
- improvements, and many other under the hood improvements to the code base.
32
-
33
- Requires PHP 5.1+ to support IPv6 ranges. Download version 1.0.2 if IP ranges are not needed and the host is not
34
- running PHP 5.1 or newer.
35
-
36
-
37
- == Installation ==
38
-
39
- 1. Install easily with the WordPress plugin control panel or manually download the plugin and upload the extracted
40
- folder to the `/wp-content/plugins/` directory
41
- 1. Activate the plugin through the 'Plugins' menu in WordPress
42
- 1. Configure the plugin by going to the "Restricted Access" menu item under "Settings"
43
-
44
-
45
- == Screenshots ==
46
-
47
- 1. Sceenshot of configuration page.
48
-
49
-
50
- == Changelog ==
51
-
52
- = 2.1 =
53
- * Customize blocked visitor message
54
- * Stronger security (patched "search" hole)
55
- * Better display / handling of blocked visitor message
56
-
57
- = 2.0 =
58
- * Add support for IP ranges courtesy Eric Buth
59
- * Major UI changes and improvements; major code improvements
60
-
61
- = 1.0.2 =
62
- * Fix login redirect to home; improve redirect handling to take advantage of wp_redirect function
63
-
64
- = 1.0.1 =
65
- * Important fundamental change related to handling of what should be restricted
66
-
67
- = Planned enhancements =
68
- * Restriction based on user level (vs is logged in)
 
 
 
 
 
69
  * Exclude pages or posts from restrictions
1
+ === Restricted Site Access ===
2
+ Contributors: Jacob M Goldman (C. Murray Consulting), Eric Buth
3
+ Donate link: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
4
+ Tags: restricted, restrict, limited, permissions, security, block
5
+ Requires at least: 2.8
6
+ Tested up to: 3.0
7
+ Stable tag: 3.0
8
+
9
+ Limit access to visitors who are logged in or at specific IP addresses. Many options for handling blocked visitors.
10
+ Great for Intranets, dev sites.
11
+
12
+
13
+ == Description ==
14
+
15
+ Limit access your site to visitors who are logged in or accessing the site from a set of specific IP addresses.
16
+ Send restricted visitors to the log in page, redirect them, or display a message. A great solution for
17
+ Extranets, publicly hosted Intranets, or parallel development sites.
18
+
19
+ Adds a number of new configuration options to the Privacy settings panel. From this panel you can:
20
+
21
+ 1. Enable or disable site access restriction
22
+ 1. Change the restriction behavior: send to login, redirect, or display a message
23
+ 1. Add IP addresses not subject to restriction, including ranges
24
+ 1. Quickly add your current IP to the restriction list
25
+ 1. Control the redirect location
26
+ 1. Choose to redirect visitors to the same requested path
27
+ 1. Choose the HTTP redirect message for SEO friendliness
28
+ 1. Customize the blocked visitor message
29
+
30
+ Requires PHP 5.1+ to support IPv6 ranges. Download version 1.0.2 if IP ranges are not needed and the host is not
31
+ running PHP 5.1 or newer.
32
+
33
+
34
+ == Installation ==
35
+
36
+ 1. Install easily with the WordPress plugin control panel or manually download the plugin and upload the extracted
37
+ folder to the `/wp-content/plugins/` directory
38
+ 1. Activate the plugin through the 'Plugins' menu in WordPress
39
+ 1. Configure the plugin by going to the "Privacy" menu under "Settings"
40
+
41
+
42
+ == Screenshots ==
43
+
44
+ 1. Sceenshot of configuration page.
45
+
46
+
47
+ == Changelog ==
48
+
49
+ = 3.0 =
50
+ * Integrates with Privacy settings page and site visibility option instead of adding a whole new page
51
+ * Simplified options: clearer instructions, removed unnecessary hiding / showing of some options, fewer lines
52
+ * Indicates whether the site is blocked in the admin next to the site title (WordPress 3.0+ only)
53
+ * New action hook, `restrict_site_access_handling`, allowing developers to add their own restriction handling
54
+ * Cleans up / removes settings when uninstalled
55
+ * Assorted under the hood improvements for best coding practices, sanitization of options, etc
56
+
57
+ = 2.1 =
58
+ * Customize blocked visitor message
59
+ * Stronger security (patched "search" hole)
60
+ * Better display / handling of blocked visitor message
61
+
62
+ = 2.0 =
63
+ * Add support for IP ranges courtesy Eric Buth
64
+ * Major UI changes and improvements; major code improvements
65
+
66
+ = 1.0.2 =
67
+ * Fix login redirect to home; improve redirect handling to take advantage of wp_redirect function
68
+
69
+ = 1.0.1 =
70
+ * Important fundamental change related to handling of what should be restricted
71
+
72
+ = Planned enhancements =
73
+ * Restriction based on user level (vs is logged in)
74
  * Exclude pages or posts from restrictions
restricted_site_access.php CHANGED
@@ -1,398 +1,393 @@
1
- <?php
2
- /**
3
- Plugin Name: Restricted Site Access
4
- Plugin URI: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
5
- Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message. <strong>Powerful control over redirection</strong>, with option to send to same path and send <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6
- Version: 2.1
7
- Author: Jacob M Goldman (C. Murray Consulting)
8
- Author URI: http://www.cmurrayconsulting.com
9
-
10
- Plugin: Copyright 2009 C. Murray Consulting (email : jake@cmurrayconsulting.com)
11
-
12
- This program is free software; you can redistribute it and/or modify
13
- it under the terms of the GNU General Public License as published by
14
- the Free Software Foundation; either version 2 of the License, or
15
- (at your option) any later version.
16
-
17
- This program is distributed in the hope that it will be useful,
18
- but WITHOUT ANY WARRANTY; without even the implied warranty of
19
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20
- GNU General Public License for more details.
21
-
22
- You should have received a copy of the GNU General Public License
23
- along with this program; if not, write to the Free Software
24
- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
25
- */
26
-
27
- /**
28
- * rsa_activation() handles plugin activation and conversion of pre 1.1 config options
29
- */
30
- function rsa_activation()
31
- {
32
- if (get_option('rsa_restrict_approach'))
33
- {
34
- //convert textarea ips to array
35
- $allowed = get_option('rsa_allowed_ips');
36
- if ($allowed) {
37
- $arrAllowed = preg_split('/\s+/', $allowed);
38
- if (empty($arrAllowed)) $arrAllowed = array($allowed);
39
- }
40
-
41
- $rsa_options = array(
42
- 'active' => (get_option('rsa_is_active')),
43
- 'allowed' => $arrAllowed,
44
- 'approach' => (get_option('rsa_restrict_approach')),
45
- /*
46
- 1: send to login page
47
- 2: redirect to URL
48
- 3: show restricted access message and exit
49
- */
50
- 'redirect_path' => (get_option('rsa_redirect_path')),
51
- 'redirect_url' => (get_option('rsa_redirect_url')),
52
- 'head_code' => (get_option('rsa_redirect_head'))
53
- );
54
- update_option('rsa_options',$rsa_options);
55
-
56
- delete_option('rsa_is_active');
57
- delete_option('rsa_allowed_ips');
58
- delete_option('rsa_restrict_approach');
59
- delete_option('rsa_redirect_path');
60
- delete_option('rsa_redirect_url');
61
- delete_option('rsa_redirect_head');
62
- }
63
- }
64
-
65
- register_activation_hook(__FILE__,'rsa_activation');
66
-
67
- /**
68
- * rsa_admin_init() initializes plugin settings
69
- */
70
- function rsa_admin_init() {
71
- register_setting('restricted_site_access_options','rsa_options','rsa_validate'); //array of fundamental options including ID and caching info
72
- }
73
-
74
- add_action( 'admin_init', 'rsa_admin_init' );
75
-
76
- /**
77
- * rsa_validate() handles validation of settings
78
- */
79
- function rsa_validate($input)
80
- {
81
- $input['active'] = ($input['active'] == 1) ? 1 : 0;
82
- $input['approach'] = intval($input['approach']);
83
- if ($input['approach'] > 3 || $input['approach'] < 0) $input['approach'] = 0;
84
- $input['redirect_path'] = ($input['redirect_path'] == 1) ? 1 : 0;
85
- if ($input['head_code'] != '301' && $input['head_code'] != '302' && $input['head_code'] != '307') $input['head_code'] = '302';
86
- $input['message'] = trim($input['message']);
87
-
88
- return $input;
89
- }
90
-
91
- /**
92
- * rsa_plugin_actlinks() adds direct settings link to plug-in page
93
- */
94
- function rsa_plugin_actlinks( $links )
95
- {
96
- // Add a link to this plugin's settings page
97
- $plugin = plugin_basename(__FILE__);
98
- $settings_link = sprintf( '<a href="options-general.php?page=%s">%s</a>', $plugin, __('Settings') );
99
- array_unshift( $links, $settings_link );
100
- return $links;
101
- }
102
- if(is_admin()) add_filter("plugin_action_links_".$plugin, 'rsa_plugin_actlinks' );
103
-
104
- /**
105
- * restricted_site_access() is the core function that blocks a page if appropriate
106
- */
107
- function restricted_site_access()
108
- {
109
- $rsa_options = get_option('rsa_options');
110
-
111
- //logged in users can stay, can stay if plug-in not active
112
- if (is_user_logged_in() || !$rsa_options['active']) return false;
113
- //if we're not on a front end page, stay put
114
- //if (!is_singular() && !is_archive() && !is_feed() && !is_home()) return false;
115
-
116
- // check for the allow list, if its empty block everything
117
- if(($list = $rsa_options['allowed']) && function_exists('inet_pton'))
118
- {
119
- $remote_ip = $_SERVER['REMOTE_ADDR']; //save the remote ip
120
- if(strpos($remote_ip, '.')) $remote_ip = str_replace('::ffff:', '', $remote_ip); //handle dual-stack addresses
121
- $remote_ip = inet_pton($remote_ip); //parse the remote ip
122
-
123
- //var_dump($list);
124
-
125
- // iterate through the allow list
126
- foreach($list as $line)
127
- {
128
- list($ip, $mask) = explode('/', $line . '/128'); // get the ip and mask from the list
129
-
130
- $mask = str_repeat('f', $mask >> 2); //render the mask as bits, similar to info on the php.net man page discussion for inet_pton
131
-
132
- switch($mask % 4){
133
- case 1:
134
- $mask .= '8';
135
- break;
136
- case 2:
137
- $mask .= 'c';
138
- break;
139
- case 3:
140
- $mask .= 'e';
141
- break;
142
- }
143
-
144
- $mask = pack('H*', $mask);
145
-
146
- // check if the masked versions match
147
- if((inet_pton($ip) & $mask) == ($remote_ip & $mask)) return false;
148
- }
149
- }
150
-
151
- $rsa_restrict_approach = intval($rsa_options['approach']);
152
- switch ($rsa_restrict_approach) {
153
- case 1:
154
- $new_url = (is_home()) ? get_bloginfo("url") : get_permalink();
155
- wp_redirect(wp_login_url($new_url));
156
- exit;
157
- case 2:
158
- // get base url
159
- $rsa_redirect_url = $rsa_options['redirect_url'];
160
- if (!$rsa_redirect_url) return false;
161
-
162
- // if redirecting to same path get info
163
- if($rsa_options['redirect_path']) $rsa_redirect_url .= $_SERVER["REQUEST_URI"];
164
-
165
- $rsa_redirect_head = $rsa_options['head_code'];
166
- $rsa_redirect_head = (!$rsa_redirect_head) ? 302 : intval($rsa_redirect_head);
167
-
168
- wp_redirect($rsa_redirect_url, $rsa_redirect_head);
169
- exit;
170
- case 3:
171
- $message = (isset($rsa_options['message']) && $rsa_options['message']) ? $rsa_options['message'] : "Access to this site is restricted.";
172
- wp_die($message);
173
- }
174
- }
175
- if(!is_admin()) add_action('wp','restricted_site_access');
176
-
177
- //************************//
178
- //** ADMIN CONTROL PANEL *//
179
- //************************//
180
-
181
- function rsa_options() {
182
- ?>
183
- <script type="text/javascript" language="javascript">
184
- function add_ip(ip) {
185
- if (!jQuery.trim(ip)) return false;
186
-
187
- jQuery('#message').remove();
188
-
189
- var ip_used = false;
190
- jQuery('#ip_list input').each(function(){
191
- if (jQuery(this).val() == ip) {
192
- jQuery('h2').after('<div id="message" class="error"><p><strong>IP address '+ip+' already in list.</strong></p></div>');
193
- scroll(0,0);
194
- ip_used = true;
195
- return false;
196
- }
197
- });
198
- if (ip_used) return false;
199
-
200
- jQuery('#ip_list').append('<span><input type="text" name="rsa_options[allowed][]" value="'+ip+'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /><br /></span>');
201
- jQuery('h2').after('<div id="message" class="updated"><p><strong>IP added to exception list.</strong></p></div>');
202
- }
203
-
204
- function remove_ip(btnObj) {
205
- if (!confirm('Are you certain you want to remove this IP?')) return false;
206
- jQuery(btnObj).parent().remove();
207
- }
208
-
209
- function change_approach(approach_choice) {
210
- if (approach_choice == 2) jQuery(".redirect_field").fadeIn(500);
211
- else jQuery(".redirect_field").fadeOut(500);
212
- if (approach_choice == 3) jQuery(".message_field").fadeIn(500);
213
- else jQuery(".message_field").fadeOut(500);
214
- }
215
-
216
- function check_redirect() {
217
- if (jQuery("#rsa_is_active:checked").val() == 1 && jQuery("#rsa_restrict_approach").val() == 0) {
218
- alert('When restricted access is turned on, restriction handling must be selected.');
219
- jQuery("#rsa_restrict_approach").focus();
220
- return false;
221
- }
222
- if (jQuery("#rsa_restrict_approach").val() != 2) return true;
223
- var redirect_url = jQuery("#rsa_redirect_url").val();
224
- if (redirect_url.substring(0,7) != "http://" && redirect_url.substring(0,8) != "https://") {
225
- alert('The redirect location must be a valid URL starting with http:// or https://.');
226
- jQuery("#rsa_redirect_url").focus();
227
- return false;
228
- }
229
- return true;
230
- }
231
- </script>
232
- <div class="wrap">
233
- <div class="icon32" id="icon-options-general"><br/></div>
234
- <h2>Restricted Site Access Configuration</h2>
235
-
236
- <?php
237
- if (!function_exists('inet_pton')) {
238
- echo '<p>Version 2.0 of this plug-in requires a server running PHP 5.1 or newer in order to support IPv6 (as well as IPv4) ranges. If you are using an older version of PHP and your host cannot be upgraded, and you do not need IP range support, you can always manually <a href="http://downloads.wordpress.org/plugin/restricted-site-access.1.0.2.zip">download and install version 1.0.2</a>.</p>';
239
- return false;
240
- }
241
- ?>
242
-
243
- <div id="poststuff" style="margin-top: 20px;">
244
-
245
- <div class="postbox" style="width: 200px; min-width: 200px; float: right;">
246
- <h3 class="hndle">Support us</h3>
247
- <div class="inside">
248
- <p>Help support continued development of Restricted Site Access and our other plugins.</p>
249
- <p>The best thing you can do is <strong>refer someone looking for web development or strategy work <a href="http://www.cmurrayconsulting.com" target="_blank">to our company</a></strong>. Learn more about our <a href="http://www.cmurrayconsulting.com/services/partners/wordpress-developer/" target="_blank">Wordpress experience and services</a>.</p>
250
- <p>Short of that, please consider a donation. If you cannot afford even a small donation, please consider providing a link to our website, maybe in a blog post acknowledging this plugin.</p>
251
- <form method="post" action="https://www.paypal.com/cgi-bin/webscr" style="text-align: left;">
252
- <input type="hidden" value="_s-xclick" name="cmd"/>
253
- <input type="hidden" value="3377715" name="hosted_button_id"/>
254
- <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="PayPal - The safer, easier way to pay online!"/> <img height="1" border="0" width="1" alt="" src="https://www.paypal.com/en_US/i/scr/pixel.gif"/><br/>
255
- </form>
256
- <p><strong><a href="http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/">Support page</a></strong></p>
257
- </div>
258
- </div>
259
-
260
- <form method="post" action="options.php" onsubmit="return check_redirect();">
261
- <?php
262
- settings_fields('restricted_site_access_options');
263
- $rsa_options = get_option('rsa_options');
264
- ?>
265
- <h3 class="hndle">Restriction Options</h3>
266
-
267
- <table class="form-table" style="clear: none; width: auto;">
268
- <tr valign="top">
269
- <th scope="row"><label for="rsa_options[active]">Restrict access</label></th>
270
- <td>
271
- <input type="checkbox" name="rsa_options[active]" value="1" id="rsa_is_active"<?php if ($rsa_options['active']) echo ' checked="true"'; ?> />
272
- Activates the plug-in and restriction rules.
273
- </td>
274
- </tr>
275
- <tr valign="top">
276
- <th scope="row"><label for="rsa_options[approach]">Handling</label></th>
277
- <td>
278
- <select name="rsa_options[approach]" id="rsa_restrict_approach" onchange="change_approach(selectedIndex);">
279
- <?php
280
- $rsa_restrict_approach = intval($rsa_options['approach']);
281
- $restrict_choices = array('Select handling','Send to login page','Redirect visitor','Display message');
282
- foreach($restrict_choices as $key=>$value) {
283
- echo '<option value="'.$key.'"';
284
- if ($rsa_restrict_approach == $key) echo ' selected="selected"';
285
- echo '>'.$value."</option>\n";
286
- }
287
- ?>
288
- </select>
289
- <span class="description">Method for handling visitors who do not have access.</span>
290
- </td>
291
- </tr>
292
- <tr valign="top">
293
- <th scope="row"><label for="newip">Allowed IPs</label></th>
294
- <td>
295
- <div id="ip_list">
296
- <?php
297
- $ips = $rsa_options['allowed'];
298
- if (!empty($ips)) {
299
- foreach ($ips as $key => $ip) {
300
- if (empty($ip)) continue;
301
- echo '<span><input type="text" name="rsa_options[allowed][]" value="'.$ip.'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /><br /></span>';
302
- }
303
- }
304
- ?>
305
- </div>
306
- <input type="text" name="newip" id="newip" value="" /><input class="button" type="button" onclick="add_ip(jQuery('#newip').val());" value="add" /><br />
307
- <input class="button" type="button" onclick="add_ip('<?php echo $_SERVER['REMOTE_ADDR']; ?>');" value="add my current IP" style="margin: 5px 0;" /><br />
308
- <span class="description">May enter ranges using subnet prefix or single IPs. Open help tab for details.</span>
309
- </td>
310
- </tr>
311
- </table>
312
-
313
- <h3 class="redirect_field"<?php if ($rsa_restrict_approach != 2) echo ' style="display: none;"'; ?>>Redirection Options</h3>
314
-
315
- <table class="form-table redirect_field" style="clear: none; width: auto;<?php if ($rsa_restrict_approach != 2) echo ' display: none;'; ?>">
316
- <tr valign="top">
317
- <th scope="row"><label for="rsa_options[redirect_url]">Redirect visitor to</label></th>
318
- <td>
319
- <input type="text" name="rsa_options[redirect_url]" id="rsa_redirect_url" value="<?php echo $rsa_options['redirect_url']; ?>" class="regular-text" />
320
- </td>
321
- </tr>
322
-
323
- <tr valign="top">
324
- <th scope="row"><label for="rsa_options[redirect_path]"><em>...with same path</em></label></th>
325
- <td>
326
- <input type="checkbox" name="rsa_options[redirect_path]" value="1" id="rsa_redirect_path"<?php if ($rsa_options['redirect_path']) echo ' checked="true"'; ?> />
327
- Redirect to same path entered at this site (help tab for more)
328
- </td>
329
- </tr>
330
-
331
- <tr valign="top">
332
- <th scope="row"><label for="rsa_options[head_code]">Redirect type</label></th>
333
- <td>
334
- <select name="rsa_options[head_code]" id="rsa_redirect_head">
335
- <?php $rsa_redirect_head = $rsa_options['head_code']; ?>
336
- <option value="301"<?php if ($rsa_redirect_head == "301") echo ' selected="selected"'; ?>>301 Permanent</option>
337
- <option value="302"<?php if ($rsa_redirect_head == "302" || !$rsa_redirect_head) echo ' selected="selected"'; ?>>302 Undefined</option>
338
- <option value="307"<?php if ($rsa_redirect_head == "307") echo ' selected="selected"'; ?>>307 Temporary</option>
339
- </select>
340
- <span class="description">Open help tab for more explanation.</span>
341
- </td>
342
- </tr>
343
- </table>
344
-
345
- <h3 class="message_field"<?php if ($rsa_restrict_approach != 3) echo ' style="display: none;"'; ?>>Blocked Access Message</h3>
346
-
347
- <table class="form-table message_field" style="clear: none; width: auto;<?php if ($rsa_restrict_approach != 3) echo ' display: none;'; ?>">
348
- <tr valign="top">
349
- <th scope="row"><label for="rsa_options[message]">Message</label></th>
350
- <td>
351
- <input type="text" name="rsa_options[message]" id="rsa_message" value="<?php echo esc_html($rsa_options['message']); ?>" class="regular-text" /><br />
352
- <span class="description">Blank = "Access to this site is restricted."</span>
353
- </td>
354
- </tr>
355
- </table>
356
-
357
- <p class="submit"><input type="submit" class="button-primary" value="<?php _e('Save Changes') ?>" /></p>
358
- </form>
359
- </div>
360
- </div>
361
- <?php
362
- }
363
-
364
- function rsa_admin_menu() {
365
- $plugin_page = add_options_page('Restricted Site Access Configuration', 'Restricted Access', 8, __FILE__, 'rsa_options');
366
- add_action('admin_head-'.$plugin_page,'rsa_header');
367
- }
368
- add_action('admin_menu', 'rsa_admin_menu');
369
-
370
- function rsa_header() {
371
- add_filter('contextual_help','rsa_context_help');
372
- }
373
-
374
- function rsa_context_help()
375
- {
376
- echo '
377
- <h5>Restricted Site Access</h5>
378
- <p>Restricted Site Access is a plug-in by Jake Goldman (C. Murray Consulting) that allows you to restrict access to logged in users and a set of IP addresses with flexible restricted access behavior.</p>
379
-
380
- <h5>Restriction Options</h5>
381
- <p><strong>Restrict access</strong> - you can enable and disable restriction at will without deactivating the plug-in.</p>
382
- <p><strong>Handling</strong> - send the visitor the WordPress login screen, redirect the visitor (choosing this will offer some new options), or display a message indicating that the site is restricted.</p>
383
- <p><strong>Allowed IPs</strong> - enter a single IP address (such as 192.168.1.105) or an IP range using a network prefix (such as 10.0.0.1/24). In the current version, no validation is completed on these free form fields intended to hold IP addresses or IP ranges. A future version may check for valid entries. Here\'s a <a href="http://www.csgnetwork.com/ipinfocalc.html" target="_blank">handy calculator</a> to check your prefix.</p>
384
-
385
- <h5>Redirection Options</h5>
386
- <p>This field set will only appear if you are using the "redirect visitor" handler.</p>
387
- <p><strong>Redirect visitor to</strong> - the web site address of the site you want the visitor redirected to.</p>
388
- <p><strong>...with same path</strong> - if you would like to redirect the visitor to the same path (URI) he or she entered this site at (the rest of the URL after the base URL), check this option. This is typically used when there are two, very similar sites at different public web addresses; for instance, a parallel development server open to the Internet but not intended for the public.</p>
389
- <p><strong>Redirect type</strong> - redirect type headers can provide certain visitors, particularly search engines, more information about the nature of the redirect. A 301 redirect tells search engines that the page has moved permanently to the new location. 307 indicates a temporary redirect. 302 is an undefined redirect.</p>
390
-
391
- <h5>Support</h5>
392
- <div class="metabox-prefs">
393
- <p><a href="http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/" target="_blank">Restricted Site Access support</a></p>
394
- <p>This plug-in was developed by <a href="http://www.cmurrayconsulting.com" target="_blank">C. Muray Consulting</a>, Web Development &amp; Strategy Experts located in Providence, Rhode Island in the United States. We develop plug-ins because we love working with WordPress, and to generate interest in our business. If you like our plug-in, and know someone who needs web development work, be in touch!</p>
395
- </div>
396
- ';
397
- }
398
  ?>
1
+ <?php
2
+ /**
3
+ Plugin Name: Restricted Site Access
4
+ Plugin URI: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
5
+ Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message. <strong>Powerful control over redirection</strong>, with option to send to same path and send <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6
+ Version: 3.0
7
+ Author: Jacob M Goldman (C. Murray Consulting)
8
+ Author URI: http://www.cmurrayconsulting.com
9
+
10
+ Plugin: Copyright 2009 C. Murray Consulting (email : jake@cmurrayconsulting.com)
11
+
12
+ This program is free software; you can redistribute it and/or modify
13
+ it under the terms of the GNU General Public License as published by
14
+ the Free Software Foundation; either version 2 of the License, or
15
+ (at your option) any later version.
16
+
17
+ This program is distributed in the hope that it will be useful,
18
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
19
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20
+ GNU General Public License for more details.
21
+
22
+ You should have received a copy of the GNU General Public License
23
+ along with this program; if not, write to the Free Software
24
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
25
+ */
26
+
27
+ /**
28
+ * rsa_activation() handles plugin activation and conversion of pre 1.1 config options
29
+ */
30
+
31
+ register_activation_hook(__FILE__,'rsa_activation');
32
+
33
+ function rsa_activation()
34
+ {
35
+ $blog_public = 2; //default new blog public option
36
+
37
+ // if upgrading from previous version, update the blog_public option
38
+ if ( get_option('rsa_options') ) {
39
+ if ( isset($rsa_options['active']) && !$rsa_options['active'] ) $blog_public = 1;
40
+ }
41
+
42
+ // upgrading pre 1.1
43
+ if (get_option('rsa_restrict_approach'))
44
+ {
45
+ //visibility
46
+ if ( !get_option('rsa_is_active') ) $blog_public = 1;
47
+
48
+ //convert textarea ips to array
49
+ $allowed = get_option('rsa_allowed_ips');
50
+ if ($allowed) {
51
+ $arrAllowed = preg_split('/\s+/', $allowed);
52
+ if (empty($arrAllowed)) $arrAllowed = array($allowed);
53
+ }
54
+
55
+ $rsa_options = array(
56
+ 'allowed' => $arrAllowed,
57
+ 'approach' => (get_option('rsa_restrict_approach')),
58
+ 'redirect_path' => (get_option('rsa_redirect_path')),
59
+ 'redirect_url' => (get_option('rsa_redirect_url')),
60
+ 'head_code' => (get_option('rsa_redirect_head'))
61
+ );
62
+ update_option('rsa_options',$rsa_options);
63
+
64
+ delete_option('rsa_is_active');
65
+ delete_option('rsa_allowed_ips');
66
+ delete_option('rsa_restrict_approach');
67
+ delete_option('rsa_redirect_path');
68
+ delete_option('rsa_redirect_url');
69
+ delete_option('rsa_redirect_head');
70
+ }
71
+
72
+ update_option( 'blog_public', $blog_public ); // set blog visibility
73
+ }
74
+
75
+ /**
76
+ * Supercede search engines blocked info (WP3.0)
77
+ */
78
+
79
+ add_filter( 'privacy_on_link_text', 'rsa_privacy_on_link_text' );
80
+
81
+ function rsa_privacy_on_link_text( $text )
82
+ {
83
+ if ( get_option('blog_public') == 2 ) $text = __('Site Access Restricted');
84
+ return $text;
85
+ }
86
+
87
+ add_filter( 'privacy_on_link_title', 'rsa_privacy_on_link_title' );
88
+
89
+ function rsa_privacy_on_link_title( $text )
90
+ {
91
+ if ( get_option('blog_public') == 2 ) $text = __('Restricted Site Access plug-in is blocking public access to this site.');
92
+ return $text;
93
+ }
94
+
95
+ /**
96
+ * rsa_admin_init() initializes plugin settings
97
+ */
98
+ function rsa_admin_init() {
99
+ register_setting( 'privacy', 'rsa_options', 'rsa_validate' ); //array of fundamental options including ID and caching info
100
+ add_settings_section( 'rsa-settings-section', __('Restricted Site Access'), 'rsa_options', 'privacy' );
101
+
102
+ if ( function_exists('inet_pton') ) {
103
+ add_settings_field( 'approach', __('Handling'), 'rsa_handling_field', 'privacy', 'rsa-settings-section' );
104
+ add_settings_field( 'allowed', __('Allowed IPs'), 'rsa_allowed_field', 'privacy', 'rsa-settings-section' );
105
+ add_settings_field( 'message', __('Message'), 'rsa_message_field', 'privacy', 'rsa-settings-section' );
106
+ add_settings_field( 'redirect', __('Redirect visitor to'), 'rsa_redirect_field', 'privacy', 'rsa-settings-section' );
107
+ add_settings_field( 'redirect_path', __('Redirect to same path'), 'rsa_redirect_path_field', 'privacy', 'rsa-settings-section' );
108
+ add_settings_field( 'redirect_code', __('Redirection type'), 'rsa_redirect_code_field', 'privacy', 'rsa-settings-section' );
109
+
110
+ add_action( 'blog_privacy_selector', 'rsa_blog_privacy_selector' );
111
+ }
112
+ }
113
+
114
+ add_action( 'admin_init', 'rsa_admin_init' );
115
+
116
+ /**
117
+ * handles validation of settings
118
+ */
119
+
120
+ function rsa_validate($input)
121
+ {
122
+ // $new_input['active'] = ($input['active'] == 1) ? 1 : 0;
123
+ $new_input['approach'] = intval($input['approach']);
124
+ if ( !in_array( $new_input['approach'], array(1,2,3) ) ) $new_input['approach'] = 1;
125
+
126
+ $new_input['redirect_path'] = ($input['redirect_path'] == 1) ? 1 : 0;
127
+ $new_input['head_code'] = !in_array( $input['head_code'], array('301','302','307') ) ? $new_input['head_code'] = '302' : $input['head_code'] ;
128
+ $new_input['message'] = trim( $input['message'] );
129
+ $new_input['redirect_url'] = esc_url( $input['redirect_url'], array('http','https') );
130
+
131
+ $new_input['allowed'] = $input['allowed']; // probably need regex at some point
132
+
133
+ return $new_input;
134
+ }
135
+
136
+ /**
137
+ * add new privacy option
138
+ */
139
+
140
+ function rsa_blog_privacy_selector() {
141
+ ?>
142
+ <br />
143
+ <input id="blog-restricted" type="radio" name="blog_public" value="2" <?php checked('2', get_option('blog_public')); ?> />
144
+ <label for="blog-restricted"><?php _e('I would like to block all visitors who are not logged in or allowed by IP address'); ?> (<strong><?php _e('Restricted Site Access'); ?></strong>)</label>
145
+ <?php
146
+ }
147
+
148
+ /**
149
+ * new fields
150
+ */
151
+
152
+ function rsa_handling_field($value) {
153
+ $rsa_options = get_option('rsa_options');
154
+ ?>
155
+ <select name="rsa_options[approach]" id="allowed">
156
+ <option value="1" <?php selected( $rsa_options['approach'], '1' ); ?>><?php _e('Send to login page'); ?></option>
157
+ <option value="2" <?php selected( $rsa_options['approach'], '2' ); ?>><?php _e('Redirect visitor'); ?></option>
158
+ <option value="3" <?php selected( $rsa_options['approach'], '3' ); ?>><?php _e('Display message'); ?></option>
159
+ </select>
160
+ <span class="description"><?php _e('Method for handling visitors who do not have access.'); ?></span>
161
+ <?php
162
+ }
163
+
164
+ function rsa_allowed_field($value) {
165
+ $rsa_options = get_option('rsa_options');
166
+ ?>
167
+ <div id="ip_list">
168
+ <?php
169
+ $ips = $rsa_options['allowed'];
170
+ if (!empty($ips)) {
171
+ foreach ($ips as $key => $ip) {
172
+ if (empty($ip)) continue;
173
+ echo '<span><input type="text" name="rsa_options[allowed][]" value="'.$ip.'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /><br /></span>';
174
+ }
175
+ }
176
+ ?>
177
+ </div>
178
+ <input type="text" name="newip" id="newip" value="" /><input class="button" type="button" onclick="add_ip(jQuery('#newip').val());" value="add" />
179
+ <span class="description"><?php _e('Enter a single IP or a range using a subnet prefix. See help tab for more.'); ?></span>
180
+ <br />
181
+ <input class="button" type="button" onclick="add_ip('<?php echo $_SERVER['REMOTE_ADDR']; ?>');" value="add my current IP" style="margin: 5px 0;" /><br />
182
+ <?php
183
+ }
184
+
185
+ function rsa_message_field($value) {
186
+ $rsa_options = get_option('rsa_options');
187
+ ?>
188
+ <input type="text" name="rsa_options[message]" id="message" value="<?php echo esc_attr( $rsa_options['message'] ); ?>" class="regular-text" />
189
+ <span class="description"><?php _e('Default (blank): "Access to this site is restricted."'); ?></span>
190
+ <?php
191
+ }
192
+
193
+ function rsa_redirect_field($value) {
194
+ $rsa_options = get_option('rsa_options');
195
+ ?>
196
+ <input type="text" name="rsa_options[redirect_url]" id="redirect" value="<?php echo esc_attr( $rsa_options['redirect_url'] ); ?>" class="regular-text" />
197
+ <?php
198
+ }
199
+
200
+ function rsa_redirect_path_field($value) {
201
+ $rsa_options = get_option('rsa_options');
202
+ ?>
203
+ <input type="checkbox" name="rsa_options[redirect_path]" value="1" id="redirect_path" <?php checked( $rsa_options['redirect_path'] ); ?> />
204
+ <?php _e('Send visitor to same relative URL at redirection site (help tab for more)'); ?>
205
+ <?php
206
+ }
207
+
208
+ function rsa_redirect_code_field($value) {
209
+ $rsa_options = get_option('rsa_options');
210
+ ?>
211
+ <select name="rsa_options[head_code]" id="redirect_code">
212
+ <option value="301" <?php selected( $rsa_options['head_code'], '301' ); ?>><?php _e('301 Permanent'); ?></option>
213
+ <option value="302" <?php selected( $rsa_options['head_code'], '302' ); ?>><?php _e('302 Undefined'); ?></option>
214
+ <option value="307" <?php selected( $rsa_options['head_code'], '307' ); ?>><?php _e('307 Temporary'); ?></option>
215
+ </select>
216
+ <span class="description"><?php _e('Redirect HTTP code (see help tab for more information)'); ?></span>
217
+ <?php
218
+ }
219
+
220
+ /**
221
+ * settings section
222
+ */
223
+
224
+ function rsa_options()
225
+ {
226
+ if ( !function_exists('inet_pton') ) {
227
+ echo '<p>Restricted Site Access plug-in 2.0 and newer require PHP 5.1 or newer to support IPv6 (as well as IPv4) ranges. If you are using an older version of PHP, your host cannot be upgraded, and you do not need IP range support, you can always manually <a href="http://downloads.wordpress.org/plugin/restricted-site-access.1.0.2.zip">download and install version 1.0.2</a>.</p>';
228
+ return false;
229
+ }
230
+ ?>
231
+ <script type="text/javascript" language="javascript">
232
+ function add_ip(ip) {
233
+ if (!jQuery.trim(ip)) return false;
234
+
235
+ jQuery('#message').remove();
236
+
237
+ var ip_used = false;
238
+ jQuery('#ip_list input').each(function(){
239
+ if (jQuery(this).val() == ip) {
240
+ jQuery('h2').after('<div id="message" class="error"><p><strong>IP address '+ip+' already in list.</strong></p></div>');
241
+ scroll(0,0);
242
+ ip_used = true;
243
+ return false;
244
+ }
245
+ });
246
+ if (ip_used) return false;
247
+
248
+ jQuery('<span style="display: none;"><input type="text" name="rsa_options[allowed][]" value="'+ip+'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /><br /></span>').appendTo('#ip_list').slideDown();
249
+ }
250
+
251
+ function remove_ip(btnObj) {
252
+ if (confirm('Are you certain you want to remove this IP?')) jQuery(btnObj).parent().slideUp(250,function(){ jQuery(this).remove() });
253
+ }
254
+ </script>
255
+ <?php
256
+ }
257
+
258
+ /**
259
+ * special contextual help
260
+ */
261
+
262
+ add_action( 'load-options-privacy.php', 'rsa_header' );
263
+
264
+ function rsa_header() {
265
+ add_filter('contextual_help','rsa_context_help');
266
+ }
267
+
268
+ function rsa_context_help($text)
269
+ {
270
+ return $text . '
271
+ <h5>Restricted Site Access</h5>
272
+ <p>Restricted Site Access is a plug-in by Jake Goldman (<a href="http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/" target="_blank">C. Murray Consulting</a>) that allows you to restrict access to logged in users and a set of IP addresses with flexible restricted access behavior.</p>
273
+
274
+ <h5>Restriction Options</h5>
275
+ <p><strong>Restrict access</strong> - you can enable and disable restriction at will without deactivating the plug-in.</p>
276
+ <p><strong>Handling</strong> - send the visitor the WordPress login screen, redirect the visitor (choosing this will offer some new options), or display a message indicating that the site is restricted.</p>
277
+ <p><strong>Allowed IPs</strong> - enter a single IP address (such as 192.168.1.105) or an IP range using a network prefix (such as 10.0.0.1/24). In the current version, no validation is completed on these free form fields intended to hold IP addresses or IP ranges. A future version may check for valid entries. Here\'s a <a href="http://www.csgnetwork.com/ipinfocalc.html" target="_blank">handy calculator</a> to check your prefix.</p>
278
+
279
+ <h5>Redirection Options</h5>
280
+ <p>This field set will only appear if you are using the "redirect visitor" handler.</p>
281
+ <p><strong>Redirect visitor to</strong> - the web site address of the site you want the visitor redirected to.</p>
282
+ <p><strong>...with same path</strong> - if you would like to redirect the visitor to the same path (URI) he or she entered this site at (the rest of the URL after the base URL), check this option. This is typically used when there are two, very similar sites at different public web addresses; for instance, a parallel development server open to the Internet but not intended for the public.</p>
283
+ <p><strong>Redirect type</strong> - redirect type headers can provide certain visitors, particularly search engines, more information about the nature of the redirect. A 301 redirect tells search engines that the page has moved permanently to the new location. 307 indicates a temporary redirect. 302 is an undefined redirect.</p>
284
+
285
+ <h5><a href="http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/" target="_blank">Restricted Site Access support</a></h5>
286
+ ';
287
+ }
288
+
289
+ /**
290
+ * rsa_plugin_actlinks() adds direct settings link to plug-in page
291
+ */
292
+
293
+ add_filter( 'plugin_action_links_' . plugin_basename(__FILE__), 'rsa_plugin_actlinks' );
294
+
295
+ function rsa_plugin_actlinks( $links )
296
+ {
297
+ array_unshift( $links, '<a href="options-privacy.php">'.__('Settings').'</a>' );
298
+ return $links;
299
+ }
300
+
301
+
302
+ /**
303
+ * THE CORE FUNCTION FOR BLOCKING ACCESSS
304
+ */
305
+
306
+ if( !is_admin() ) add_action( 'wp', 'restricted_site_access' );
307
+
308
+ function restricted_site_access()
309
+ {
310
+ //logged in users can stay, can stay if plug-in not active
311
+ if ( is_user_logged_in() || get_option('blog_public') != 2 ) return false;
312
+
313
+ $rsa_options = get_option('rsa_options');
314
+
315
+ // check for the allow list, if its empty block everything
316
+ if( ($list = $rsa_options['allowed']) && function_exists('inet_pton'))
317
+ {
318
+ $remote_ip = $_SERVER['REMOTE_ADDR']; //save the remote ip
319
+ if(strpos($remote_ip, '.')) $remote_ip = str_replace('::ffff:', '', $remote_ip); //handle dual-stack addresses
320
+ $remote_ip = inet_pton($remote_ip); //parse the remote ip
321
+
322
+ // iterate through the allow list
323
+ foreach($list as $line)
324
+ {
325
+ list($ip, $mask) = explode('/', $line . '/128'); // get the ip and mask from the list
326
+
327
+ $mask = str_repeat('f', $mask >> 2); //render the mask as bits, similar to info on the php.net man page discussion for inet_pton
328
+
329
+ switch($mask % 4){
330
+ case 1:
331
+ $mask .= '8';
332
+ break;
333
+ case 2:
334
+ $mask .= 'c';
335
+ break;
336
+ case 3:
337
+ $mask .= 'e';
338
+ break;
339
+ }
340
+
341
+ $mask = pack('H*', $mask);
342
+
343
+ // check if the masked versions match
344
+ if((inet_pton($ip) & $mask) == ($remote_ip & $mask)) return false;
345
+ }
346
+ }
347
+
348
+ $rsa_restrict_approach = intval($rsa_options['approach']);
349
+
350
+ do_action( 'restrict_site_access_handling', $rsa_restrict_approach ); // allow users to hook handling
351
+
352
+ if ( $rsa_restrict_approach == 2 )
353
+ {
354
+ if ( !$rsa_redirect_url = $rsa_options['redirect_url'] ) return false; // base url
355
+ if( $rsa_options['redirect_path'] ) $rsa_redirect_url .= $_SERVER["REQUEST_URI"]; // path
356
+ $rsa_redirect_head = ( !$rsa_options['head_code'] ) ? 302 : intval($rsa_options['head_code']); // code
357
+
358
+ wp_redirect( $rsa_redirect_url, $rsa_redirect_head );
359
+ exit;
360
+ }
361
+ elseif ( $rsa_restrict_approach == 3 )
362
+ {
363
+ $message = ( isset($rsa_options['message']) && $rsa_options['message'] ) ? $rsa_options['message'] : "Access to this site is restricted.";
364
+ wp_die($message);
365
+ }
366
+
367
+ $new_url = is_front_page() ? get_bloginfo("url") : get_permalink();
368
+ wp_redirect( wp_login_url($new_url) );
369
+ exit;
370
+ }
371
+
372
+ /**
373
+ * upon deactivation restore blog_public option
374
+ */
375
+
376
+ register_deactivation_hook( __FILE__, 'rsa_deactivation_hook' );
377
+
378
+ function rsa_deactivation_hook() {
379
+ if ( get_option('blog_public') == 2 ) update_option( 'blog_public', 1 );
380
+ }
381
+
382
+ /**
383
+ * uninstall method
384
+ */
385
+
386
+ register_uninstall_hook(__FILE__, 'rsa_uninstall_hook');
387
+
388
+ function my_uninstall_hook()
389
+ {
390
+ delete_option('rsa_options'); //delete options
391
+ if ( get_option('blog_public') == 2 ) update_option( 'blog_public', 1 ); //restore blog public option
392
+ }
 
 
 
 
 
393
  ?>
screenshot-1.png CHANGED
Binary file