Restricted Site Access - Version 3.2

Version Description

  • More meaningful page title in "Display Message" mode (previously WordPress > Error)
  • Code clean up, prevent rare warnings in debug mode
Download this release

Release Info

Developer jakemgold
Plugin Icon 128x128 Restricted Site Access
Version 3.2
Comparing to
See all releases

Code changes from version 3.1.1 to 3.2

Files changed (3) hide show
  1. readme.txt +13 -6
  2. restricted-site-access.js +21 -0
  3. restricted_site_access.php +311 -319
readme.txt CHANGED
@@ -1,10 +1,10 @@
1
  === Restricted Site Access ===
2
- Contributors: Jacob M Goldman (C. Murray Consulting), Eric Buth
3
- Donate link: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
4
- Tags: restricted, restrict, limited, permissions, security, block
5
  Requires at least: 2.8
6
- Tested up to: 3.0
7
- Stable tag: 3.1.1
8
 
9
  Limit access to visitors who are logged in or at specific IP addresses. Many options for handling blocked visitors.
10
  Great for Intranets, dev sites.
@@ -43,12 +43,19 @@ folder to the `/wp-content/plugins/` directory
43
 
44
  == Changelog ==
45
 
 
 
 
 
 
 
 
46
  = 3.1.1 =
47
  * Fixed PHP warning when debugging is enabled and redirect path is not checked
48
 
49
  = 3.1 =
50
  * New feature: backwards compatibility with PHP < 5.1 (limited testing with earlier versions)
51
- * Bug fiX: disappearing blocked access message text box on configuration page
52
  * Bug fix: login always redirects visitor back to correct page
53
  * Improved: built in help on configuration page updated, clearer
54
  * Improved: "IP already in list" indicator
1
  === Restricted Site Access ===
2
+ Contributors: jakemgold, rcbth, thinkoomph
3
+ Donate link: http://www.get10up.com/plugins/restricted-site-access-wordpress/
4
+ Tags: privacy, restricted, restrict, limited, permissions, security, block
5
  Requires at least: 2.8
6
+ Tested up to: 3.1
7
+ Stable tag: 3.2.1
8
 
9
  Limit access to visitors who are logged in or at specific IP addresses. Many options for handling blocked visitors.
10
  Great for Intranets, dev sites.
43
 
44
  == Changelog ==
45
 
46
+ = 3.2.1 =
47
+ * Restored PHP4 compatibility
48
+
49
+ = 3.2 =
50
+ * More meaningful page title in "Display Message" mode (previously WordPress > Error)
51
+ * Code clean up, prevent rare warnings in debug mode
52
+
53
  = 3.1.1 =
54
  * Fixed PHP warning when debugging is enabled and redirect path is not checked
55
 
56
  = 3.1 =
57
  * New feature: backwards compatibility with PHP < 5.1 (limited testing with earlier versions)
58
+ * Bug fix: disappearing blocked access message text box on configuration page
59
  * Bug fix: login always redirects visitor back to correct page
60
  * Improved: built in help on configuration page updated, clearer
61
  * Improved: "IP already in list" indicator
restricted-site-access.js ADDED
@@ -0,0 +1,21 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ function add_ip(ip) {
2
+ if (!jQuery.trim(ip)) return false;
3
+
4
+ jQuery('#message').remove();
5
+
6
+ var ip_used = false;
7
+ jQuery('#ip_list input').each(function(){
8
+ if (jQuery(this).val() == ip) {
9
+ jQuery(this).animate( { marginLeft: '-45px' }, 250, 'swing', function(){ jQuery(this).animate( { marginLeft: '0px' }, 250, 'swing' ); } );
10
+ ip_used = true;
11
+ return false;
12
+ }
13
+ });
14
+ if (ip_used) return false;
15
+
16
+ jQuery('<span style="display: none;"><input type="text" name="rsa_options[allowed][]" value="'+ip+'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /> <span class="description">Click "Save Changes" to save this IP.</span><br /></span>').appendTo('#ip_list').slideDown();
17
+ }
18
+
19
+ function remove_ip(btnObj) {
20
+ if (confirm('Are you certain you want to remove this IP?')) jQuery(btnObj).parent().slideUp(250,function(){ jQuery(this).remove() });
21
+ }
restricted_site_access.php CHANGED
@@ -1,13 +1,13 @@
1
  <?php
2
  /**
3
  Plugin Name: Restricted Site Access
4
- Plugin URI: http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/
5
  Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message. <strong>Powerful control over redirection</strong>, with option to send to same path and send <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6
- Version: 3.1.1
7
- Author: Jacob M Goldman (C. Murray Consulting)
8
- Author URI: http://www.cmurrayconsulting.com
9
 
10
- Plugin: Copyright 2009 C. Murray Consulting (email : jake@cmurrayconsulting.com)
11
 
12
  This program is free software; you can redistribute it and/or modify
13
  it under the terms of the GNU General Public License as published by
@@ -51,360 +51,352 @@ function inet_pton($ip)
51
  endif;
52
 
53
  /**
54
- * Supercede search engines blocked info (WP3.0)
55
  */
56
-
57
- add_filter( 'privacy_on_link_text', 'rsa_privacy_on_link_text' );
58
-
59
- function rsa_privacy_on_link_text( $text )
60
- {
61
- if ( get_option('blog_public') == 2 ) $text = __('Site Access Restricted');
62
- return $text;
63
- }
64
-
65
- add_filter( 'privacy_on_link_title', 'rsa_privacy_on_link_title' );
66
-
67
- function rsa_privacy_on_link_title( $text )
68
  {
69
- if ( get_option('blog_public') == 2 ) $text = __('Restricted Site Access plug-in is blocking public access to this site.');
70
- return $text;
71
- }
72
-
73
- /**
74
- * rsa_admin_init() initializes plugin settings
75
- */
76
- function rsa_admin_init() {
77
- register_setting( 'privacy', 'rsa_options', 'rsa_validate' ); //array of fundamental options including ID and caching info
78
- add_settings_section( 'rsa-settings-section', __('Restricted Site Access'), 'rsa_options', 'privacy' );
79
 
80
- add_settings_field( 'approach', __('Handling'), 'rsa_handling_field', 'privacy', 'rsa-settings-section' );
81
- add_settings_field( 'allowed', __('Allowed IPs'), 'rsa_allowed_field', 'privacy', 'rsa-settings-section' );
82
- add_settings_field( 'message', __('Message'), 'rsa_message_field', 'privacy', 'rsa-settings-section' );
83
- add_settings_field( 'redirect', __('Redirect visitor to'), 'rsa_redirect_field', 'privacy', 'rsa-settings-section' );
84
- add_settings_field( 'redirect_path', __('Redirect to same path'), 'rsa_redirect_path_field', 'privacy', 'rsa-settings-section' );
85
- add_settings_field( 'redirect_code', __('Redirection type'), 'rsa_redirect_code_field', 'privacy', 'rsa-settings-section' );
86
 
87
- add_action( 'blog_privacy_selector', 'rsa_blog_privacy_selector' );
88
- }
89
-
90
- add_action( 'admin_init', 'rsa_admin_init' );
91
-
92
- /**
93
- * handles validation of settings
94
- */
95
-
96
- function rsa_validate($input)
97
- {
98
- // $new_input['active'] = ($input['active'] == 1) ? 1 : 0;
99
- $new_input['approach'] = intval($input['approach']);
100
- if ( !in_array( $new_input['approach'], array(1,2,3) ) ) $new_input['approach'] = 1;
101
 
102
- $new_input['redirect_path'] = ( isset($input['redirect_path']) && $input['redirect_path'] == 1 ) ? 1 : 0;
103
- $new_input['head_code'] = !in_array( $input['head_code'], array('301','302','307') ) ? $new_input['head_code'] = '302' : $input['head_code'] ;
104
- $new_input['message'] = trim( $input['message'] );
105
- $new_input['redirect_url'] = esc_url( $input['redirect_url'], array('http','https') );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
106
 
107
- $new_input['allowed'] = $input['allowed']; // probably need regex at some point
 
 
 
 
 
 
 
 
 
 
 
 
108
 
109
- return $new_input;
110
- }
111
-
112
- /**
113
- * add new privacy option
114
- */
115
-
116
- function rsa_blog_privacy_selector() {
117
- ?>
118
- <br />
119
- <input id="blog-restricted" type="radio" name="blog_public" value="2" <?php checked('2', get_option('blog_public')); ?> />
120
- <label for="blog-restricted"><?php _e('I would like to block all visitors who are not logged in or allowed by IP address'); ?> (<strong><?php _e('Restricted Site Access'); ?></strong>)</label>
121
- <?php
122
- }
123
-
124
- /**
125
- * new fields
126
- */
127
-
128
- function rsa_handling_field($value) {
129
- $rsa_options = get_option('rsa_options');
130
- ?>
131
- <select name="rsa_options[approach]" id="allowed">
132
- <option value="1" <?php selected( $rsa_options['approach'], '1' ); ?>><?php _e('Send to login page'); ?></option>
133
- <option value="2" <?php selected( $rsa_options['approach'], '2' ); ?>><?php _e('Redirect visitor'); ?></option>
134
- <option value="3" <?php selected( $rsa_options['approach'], '3' ); ?>><?php _e('Display message'); ?></option>
135
- </select>
136
- <span class="description"><?php _e('Method for handling visitors who do not have access.'); ?></span>
137
- <?php
138
- }
139
-
140
- function rsa_allowed_field($value) {
141
- $rsa_options = get_option('rsa_options');
142
- ?>
143
- <div id="ip_list">
144
- <?php
145
- $ips = $rsa_options['allowed'];
146
- if ( !empty($ips) ) {
147
- foreach ($ips as $key => $ip) {
148
- if (empty($ip)) continue;
149
- echo '<span><input type="text" name="rsa_options[allowed][]" value="'.$ip.'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /><br /></span>';
150
  }
151
  }
152
- ?>
153
- </div>
154
- <input type="text" name="newip" id="newip" value="" /><input class="button" type="button" onclick="add_ip(jQuery('#newip').val());" value="add" />
155
- <span class="description"><?php _e('Enter a single IP or a range using a subnet prefix. (<a href="#" onclick="jQuery(\'#contextual-help-link\').click(); return false;">more help</a>)'); ?></span>
156
- <br />
157
- <input class="button" type="button" onclick="add_ip('<?php echo $_SERVER['REMOTE_ADDR']; ?>');" value="add my current IP" style="margin: 5px 0;" /><br />
158
- <?php
159
- }
160
-
161
- function rsa_message_field($value) {
162
- $rsa_options = get_option('rsa_options');
163
- ?>
164
- <input type="text" name="rsa_options[message]" id="rsa_message" value="<?php echo esc_attr( $rsa_options['message'] ); ?>" class="regular-text" />
165
- <span class="description"><?php _e('Default (blank): "Access to this site is restricted."'); ?></span>
166
- <?php
167
- }
168
-
169
- function rsa_redirect_field($value) {
170
- $rsa_options = get_option('rsa_options');
171
- ?>
172
- <input type="text" name="rsa_options[redirect_url]" id="redirect" value="<?php echo esc_attr( $rsa_options['redirect_url'] ); ?>" class="regular-text" />
173
- <?php
174
- }
175
-
176
- function rsa_redirect_path_field($value) {
177
- $rsa_options = get_option('rsa_options');
178
- ?>
179
- <input type="checkbox" name="rsa_options[redirect_path]" value="1" id="redirect_path" <?php checked( $rsa_options['redirect_path'] ); ?> />
180
- <?php _e('Send visitor to same relative URL at redirection site (<a href="#" onclick="jQuery(\'#contextual-help-link\').click(); return false;">more help</a>)'); ?>
181
- <?php
182
- }
183
-
184
- function rsa_redirect_code_field($value) {
185
- $rsa_options = get_option('rsa_options');
186
- ?>
187
- <select name="rsa_options[head_code]" id="redirect_code">
188
- <option value="301" <?php selected( $rsa_options['head_code'], '301' ); ?>><?php _e('301 Permanent'); ?></option>
189
- <option value="302" <?php selected( $rsa_options['head_code'], '302' ); ?>><?php _e('302 Undefined'); ?></option>
190
- <option value="307" <?php selected( $rsa_options['head_code'], '307' ); ?>><?php _e('307 Temporary'); ?></option>
191
- </select>
192
- <span class="description"><?php _e('Redirect HTTP status code (<a href="#" onclick="jQuery(\'#contextual-help-link\').click(); return false;">more help</a>)'); ?></span>
193
- <?php
194
- }
195
-
196
- /**
197
- * settings section
198
- */
199
-
200
- function rsa_options() {
201
- ?>
202
- <script type="text/javascript" language="javascript">
203
- function add_ip(ip) {
204
- if (!jQuery.trim(ip)) return false;
205
 
206
- jQuery('#message').remove();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
207
 
208
- var ip_used = false;
209
- jQuery('#ip_list input').each(function(){
210
- if (jQuery(this).val() == ip) {
211
- jQuery(this).animate( { marginLeft: '-45px' }, 250, 'swing', function(){ jQuery(this).animate( { marginLeft: '0px' }, 250, 'swing' ); } );
212
- ip_used = true;
213
- return false;
214
- }
215
- });
216
- if (ip_used) return false;
217
 
218
- jQuery('<span style="display: none;"><input type="text" name="rsa_options[allowed][]" value="'+ip+'" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /> <span class="description">Click "Save Changes" to save this IP.</span><br /></span>').appendTo('#ip_list').slideDown();
219
- }
220
-
221
- function remove_ip(btnObj) {
222
- if (confirm('Are you certain you want to remove this IP?')) jQuery(btnObj).parent().slideUp(250,function(){ jQuery(this).remove() });
223
- }
224
- </script>
225
- <?php
226
- }
227
-
228
- /**
229
- * special contextual help
230
- */
231
-
232
- add_action( 'load-options-privacy.php', 'rsa_header' );
233
-
234
- function rsa_header() {
235
- add_filter('contextual_help','rsa_context_help');
236
- }
237
-
238
- function rsa_context_help($text)
239
- {
240
- return $text . '
241
- <h5>Restricted Site Access</h5>
242
- <p><a href="http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/" target="_blank">Restricted Site Access</a> is a plug-in by <a href="http://www.jakegoldman.net" target="_blank">Jake Goldman</a> (<a href="http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/" target="_blank">C. Murray Consulting</a>) that allows you to restrict access to logged in users and a set of IP addresses.</p>
243
 
244
- <p><strong>Handling</strong> - send the visitor the WordPress login screen, redirect the visitor, or display a message indicating that the site is restricted.</p>
245
- <p><strong>Allowed IPs</strong> - enter a single IP address (i.e. 192.168.1.105) or an IP range using a network prefix (i.e. 10.0.0.1/24). In the current version, validation is not performed on the IP addresses or IP ranges, so enter your addresses carefully! Here\'s a <a href="http://www.csgnetwork.com/ipinfocalc.html" target="_blank">handy calculator</a> to check your prefix.</p>
 
 
 
 
 
246
 
247
- <h5>Redirection Options</h5>
248
- <p>The redirection fields are only used when "Handling" is set to "Redirect visitor".</p>
249
- <p><strong>Redirect visitor to</strong> - the web address of the site you want the visitor redirected to.</p>
250
- <p><strong>Redirect to same path</strong> - redirect the visitor to the same path (URI) entered at this site. Typically used when there are two, very similar sites at different public web addresses; for instance, a parallel development server accessible on the Internet but not intended for the public.</p>
251
- <p><strong>Redirection type</strong> - redirect status codes can provide certain visitors, particularly search engines, more information about the nature of the redirect. A 301 redirect tells search engines that a page has moved permanently to the new location. 307 indicates a temporary redirect. 302 is an undefined redirect.</p>
252
-
253
- <h5><a href="http://www.cmurrayconsulting.com/software/wordpress-restricted-site-access/" target="_blank">Restricted Site Access support</a></h5>
254
- ';
255
- }
256
-
257
- /**
258
- * rsa_plugin_actlinks() adds direct settings link to plug-in page
259
- */
260
-
261
- add_filter( 'plugin_action_links_' . plugin_basename(__FILE__), 'rsa_plugin_actlinks' );
262
-
263
- function rsa_plugin_actlinks( $links )
264
- {
265
- array_unshift( $links, '<a href="options-privacy.php">'.__('Settings').'</a>' );
266
- return $links;
267
- }
268
-
269
-
270
- /**
271
- * THE CORE FUNCTION FOR BLOCKING ACCESSS
272
- */
273
-
274
- if( !is_admin() ) add_action( 'wp', 'restricted_site_access', 1 );
275
-
276
- function restricted_site_access()
277
- {
278
- //logged in users can stay, can stay if plug-in not active
279
- if ( is_user_logged_in() || get_option('blog_public') != 2 ) return false;
280
 
281
- $rsa_options = get_option('rsa_options');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
282
 
283
- // check for the allow list, if its empty block everything
284
- if( $list = $rsa_options['allowed'] )
285
  {
286
- $remote_ip = $_SERVER['REMOTE_ADDR']; //save the remote ip
287
- if( strpos($remote_ip, '.') ) $remote_ip = str_replace('::ffff:', '', $remote_ip); //handle dual-stack addresses
288
- $remote_ip = inet_pton($remote_ip); //parse the remote ip
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
289
 
290
- // iterate through the allow list
291
- foreach($list as $line)
292
- {
293
- list($ip, $mask) = explode('/', $line . '/128'); // get the ip and mask from the list
294
-
295
- $mask = str_repeat('f', $mask >> 2); //render the mask as bits, similar to info on the php.net man page discussion for inet_pton
296
-
297
- switch($mask % 4){
298
- case 1:
299
- $mask .= '8';
300
- break;
301
- case 2:
302
- $mask .= 'c';
303
- break;
304
- case 3:
305
- $mask .= 'e';
306
- break;
307
  }
308
-
309
- $mask = pack('H*', $mask);
310
-
311
- // check if the masked versions match
312
- if((inet_pton($ip) & $mask) == ($remote_ip & $mask)) return false;
313
- }
 
 
 
 
 
 
 
 
 
314
  }
315
 
316
- $rsa_restrict_approach = $rsa_options['approach'];
 
 
 
 
 
317
 
318
- do_action( 'restrict_site_access_handling', $rsa_restrict_approach ); // allow users to hook handling
 
 
 
 
 
 
319
 
320
- switch($rsa_restrict_approach)
321
  {
322
- case 3:
323
- if ( !isset($rsa_options['message']) || empty($rsa_options['message']) ) $rsa_options['message'] = "Access to this site is restricted.";
324
- wp_die( $rsa_options['message'] );
325
- case 2:
326
- if ( $rsa_redirect_url = $rsa_options['redirect_url'] )
327
- {
328
- if( $rsa_options['redirect_path'] ) $rsa_redirect_url .= $_SERVER["REQUEST_URI"]; // path
329
- $rsa_redirect_head = ( !$rsa_options['head_code'] ) ? 302 : intval($rsa_options['head_code']); // code
330
- }
331
- break;
332
- default:
333
- $rsa_redirect_head = 302;
334
- $rsa_redirect_url = wp_login_url( empty($_SERVER["REQUEST_URI"]) ? get_bloginfo('url') : $_SERVER["REQUEST_URI"] );
335
  }
336
 
337
- wp_redirect( $rsa_redirect_url, $rsa_redirect_head );
338
- exit;
339
- }
340
-
341
- /**
342
- * rsa_activation() handles plugin activation and conversion of pre 1.1 config options
343
- */
344
-
345
- register_activation_hook( __FILE__, 'rsa_activation' );
346
-
347
- function rsa_activation()
348
- {
349
- $blog_public = 2; //default new blog public option
 
 
 
 
 
 
 
 
350
 
351
- // if upgrading from previous version, update the blog_public option
352
- if ( get_option('rsa_options') ) {
353
- if ( isset($rsa_options['active']) && !$rsa_options['active'] ) $blog_public = 1;
 
 
 
 
354
  }
355
 
356
- // upgrading pre 1.1
357
- if (get_option('rsa_restrict_approach'))
 
 
358
  {
359
- //visibility
360
- if ( !get_option('rsa_is_active') ) $blog_public = 1;
361
 
362
- //convert textarea ips to array
363
- $allowed = get_option('rsa_allowed_ips');
364
- if ($allowed) {
365
- $arrAllowed = preg_split('/\s+/', $allowed);
366
- if (empty($arrAllowed)) $arrAllowed = array($allowed);
367
  }
368
 
369
- $rsa_options = array(
370
- 'allowed' => $arrAllowed,
371
- 'approach' => (get_option('rsa_restrict_approach')),
372
- 'redirect_path' => (get_option('rsa_redirect_path')),
373
- 'redirect_url' => (get_option('rsa_redirect_url')),
374
- 'head_code' => (get_option('rsa_redirect_head'))
375
- );
376
- update_option('rsa_options',$rsa_options);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
377
 
378
- delete_option('rsa_is_active');
379
- delete_option('rsa_allowed_ips');
380
- delete_option('rsa_restrict_approach');
381
- delete_option('rsa_redirect_path');
382
- delete_option('rsa_redirect_url');
383
- delete_option('rsa_redirect_head');
384
  }
385
 
386
- update_option( 'blog_public', $blog_public ); // set blog visibility
 
 
 
 
 
 
 
387
  }
388
 
389
- /**
390
- * upon deactivation restore blog_public option
391
- */
392
-
393
- register_deactivation_hook( __FILE__, 'rsa_deactivation_hook' );
394
-
395
- function rsa_deactivation_hook() {
396
- if ( get_option('blog_public') == 2 ) update_option( 'blog_public', 1 );
397
- }
398
 
399
  /**
400
- * uninstall method
401
  */
402
-
403
- register_uninstall_hook(__FILE__, 'rsa_uninstall_hook');
404
 
405
- function my_uninstall_hook()
 
 
406
  {
407
- delete_option('rsa_options'); //delete options
408
- if ( get_option('blog_public') == 2 ) update_option( 'blog_public', 1 ); //restore blog public option
409
- }
410
- ?>
 
1
  <?php
2
  /**
3
  Plugin Name: Restricted Site Access
4
+ Plugin URI: http://www.get10up.com/plugins/restricted-site-access-wordpress/
5
  Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message. <strong>Powerful control over redirection</strong>, with option to send to same path and send <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6
+ Version: 3.2.1
7
+ Author: Jake Goldman (10up)
8
+ Author URI: http://www.get10up.com
9
 
10
+ Plugin: Copyright 2011 10up (email : jake@get10up.com)
11
 
12
  This program is free software; you can redistribute it and/or modify
13
  it under the terms of the GNU General Public License as published by
51
  endif;
52
 
53
  /**
54
+ * class to compartmentalize functionality
55
  */
56
+
57
+ class restricted_site_access
 
 
 
 
 
 
 
 
 
 
58
  {
59
+ var $rsa_options;
 
 
 
 
 
 
 
 
 
60
 
61
+ function restricted_site_access()
62
+ {
63
+ $this->rsa_options = get_option('rsa_options');
 
 
 
64
 
65
+ add_action( 'wp', array( $this, 'restrict_access' ), 1 );
66
+ add_action( 'admin_init', array( $this, 'admin_init' ) );
67
+
68
+ register_activation_hook( __FILE__, array( $this, 'activation' ) );
69
+ register_deactivation_hook( __FILE__, array( $this, 'deactivation' ) );
70
+ }
 
 
 
 
 
 
 
 
71
 
72
+ function restrict_access()
73
+ {
74
+ //logged in users can stay, can stay if plug-in not active
75
+ if ( is_admin() || is_user_logged_in() || get_option('blog_public') != 2 )
76
+ return;
77
+
78
+ $rsa_options = $this->rsa_options;
79
+
80
+ // check for the allow list, if its empty block everything
81
+ if( isset($rsa_options['allowed']) && ( $list = $rsa_options['allowed'] ) )
82
+ {
83
+ $remote_ip = $_SERVER['REMOTE_ADDR']; //save the remote ip
84
+ if( strpos($remote_ip, '.') ) $remote_ip = str_replace('::ffff:', '', $remote_ip); //handle dual-stack addresses
85
+ $remote_ip = inet_pton($remote_ip); //parse the remote ip
86
+
87
+ // iterate through the allow list
88
+ foreach($list as $line)
89
+ {
90
+ list($ip, $mask) = explode('/', $line . '/128'); // get the ip and mask from the list
91
+
92
+ $mask = str_repeat('f', $mask >> 2); //render the mask as bits, similar to info on the php.net man page discussion for inet_pton
93
 
94
+ switch($mask % 4){
95
+ case 1:
96
+ $mask .= '8';
97
+ break;
98
+ case 2:
99
+ $mask .= 'c';
100
+ break;
101
+ case 3:
102
+ $mask .= 'e';
103
+ break;
104
+ }
105
+
106
+ $mask = pack('H*', $mask);
107
 
108
+ // check if the masked versions match
109
+ if((inet_pton($ip) & $mask) == ($remote_ip & $mask))
110
+ return;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
111
  }
112
  }
113
+
114
+ $rsa_restrict_approach = $rsa_options['approach'];
115
+
116
+ do_action( 'restrict_site_access_handling', $rsa_restrict_approach ); // allow users to hook handling
117
+
118
+ switch( $rsa_restrict_approach )
119
+ {
120
+ case 3:
121
+ if ( !isset($rsa_options['message']) || empty($rsa_options['message']) )
122
+ $rsa_options['message'] = "Access to this site is restricted.";
123
+
124
+ wp_die( $rsa_options['message'], 'Restricted Site Access' );
125
+
126
+ case 2:
127
+ if ( $rsa_redirect_url = $rsa_options['redirect_url'] )
128
+ {
129
+ if( $rsa_options['redirect_path'] )
130
+ $rsa_redirect_url .= $_SERVER["REQUEST_URI"]; // path
131
+
132
+ $rsa_redirect_head = ( !$rsa_options['head_code'] ) ? 302 : intval( $rsa_options['head_code'] ); // code
133
+ }
134
+ break;
135
+
136
+ default:
137
+ $rsa_redirect_head = 302;
138
+ $rsa_redirect_url = wp_login_url( empty($_SERVER["REQUEST_URI"]) ? get_bloginfo('url') : $_SERVER["REQUEST_URI"] );
139
+ }
140
+
141
+ wp_redirect( $rsa_redirect_url, $rsa_redirect_head );
142
+ exit;
143
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
144
 
145
+ function admin_init()
146
+ {
147
+ // customize privacy message
148
+ add_filter( 'privacy_on_link_text', array( $this, 'privacy_on_link_text' ) );
149
+ add_filter( 'privacy_on_link_title', array( $this, 'privacy_on_link_title' ) );
150
+
151
+ // customize privacy page
152
+ add_action( 'load-options-privacy.php', array( $this, 'load_options_privacy' ) );
153
+
154
+ // add new choice for blog privacy
155
+ add_action( 'blog_privacy_selector', array( $this, 'blog_privacy_selector' ) );
156
+
157
+ // settings for restricted site access
158
+ register_setting( 'privacy', 'rsa_options', array( $this, 'sanitize_options' ) ); //array of fundamental options including ID and caching info
159
+ add_settings_section( 'restricted-site-access', __('Restricted Site Access'), array( $this, 'settings_section' ), 'privacy' );
160
+ add_settings_field( 'approach', __('Handling'), array( $this, 'settings_field_handling' ), 'privacy', 'restricted-site-access' );
161
+ add_settings_field( 'allowed', __('Allowed IPs'), array( $this, 'settings_field_allowed' ), 'privacy', 'restricted-site-access' );
162
+ add_settings_field( 'message', __('Message'), array( $this, 'settings_field_message' ), 'privacy', 'restricted-site-access' );
163
+ add_settings_field( 'redirect', __('Redirect visitor to'), array( $this, 'settings_field_redirect' ), 'privacy', 'restricted-site-access' );
164
+ add_settings_field( 'redirect_path', __('Redirect to same path'), array( $this, 'settings_field_redirect_path' ), 'privacy', 'restricted-site-access' );
165
+ add_settings_field( 'redirect_code', __('Redirection type'), array( $this, 'settings_field_redirect_code' ), 'privacy', 'restricted-site-access' );
166
+
167
+ add_filter( 'plugin_action_links_' . plugin_basename(__FILE__), array( $this, 'plugin_action_links' ) );
168
+ }
169
 
170
+ function settings_section() { }
 
 
 
 
 
 
 
 
171
 
172
+ function privacy_on_link_text( $text )
173
+ {
174
+ if ( get_option('blog_public') == 2 )
175
+ $text = __('Site Access Restricted');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
176
 
177
+ return $text;
178
+ }
179
+
180
+ function privacy_on_link_title( $text )
181
+ {
182
+ if ( get_option('blog_public') == 2 )
183
+ $text = __('Restricted Site Access plug-in is blocking public access to this site.');
184
 
185
+ return $text;
186
+ }
187
+
188
+ function load_options_privacy()
189
+ {
190
+ wp_enqueue_script( 'restricted-site-access', plugin_dir_url( __FILE__ ) . 'restricted-site-access.js', array('jquery'), '3.2', true );
191
+ add_filter( 'contextual_help', array( $this, 'contextual_help' ) );
192
+ }
193
+
194
+ function blog_privacy_selector() {
195
+ ?>
196
+ <br />
197
+ <input id="blog-restricted" type="radio" name="blog_public" value="2" <?php checked( '2', get_option('blog_public') ); ?> />
198
+ <label for="blog-restricted"><?php _e('I would like to block all visitors who are not logged in or allowed by IP address'); ?> (<strong><?php _e('Restricted Site Access'); ?></strong>)</label>
199
+ <?php
200
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
201
 
202
+ function sanitize_options( $input )
203
+ {
204
+ $new_input['approach'] = intval( $input['approach'] );
205
+
206
+ if ( !in_array( $new_input['approach'], array(1,2,3) ) )
207
+ $new_input['approach'] = 1;
208
+
209
+ $new_input['redirect_path'] = ( isset($input['redirect_path']) && $input['redirect_path'] == 1 ) ? 1 : 0;
210
+ $new_input['head_code'] = !in_array( $input['head_code'], array('301','302','307') ) ? $new_input['head_code'] = '302' : $input['head_code'] ;
211
+ $new_input['message'] = trim( $input['message'] );
212
+ $new_input['redirect_url'] = esc_url( $input['redirect_url'], array('http','https') );
213
+
214
+ $new_input['allowed'] = $input['allowed']; // probably need regex at some point
215
+
216
+ return $new_input;
217
+ }
218
 
219
+ function settings_field_handling( $value )
 
220
  {
221
+ if ( !isset($this->rsa_options['approach']) )
222
+ $this->rsa_options['approach'] = '1';
223
+ ?>
224
+ <select name="rsa_options[approach]" id="allowed">
225
+ <option value="1" <?php selected( $this->rsa_options['approach'], '1' ); ?>><?php _e('Send to login page'); ?></option>
226
+ <option value="2" <?php selected( $this->rsa_options['approach'], '2' ); ?>><?php _e('Redirect visitor'); ?></option>
227
+ <option value="3" <?php selected( $this->rsa_options['approach'], '3' ); ?>><?php _e('Display message'); ?></option>
228
+ </select>
229
+ <span class="description"><?php _e('Method for handling visitors who do not have access.'); ?></span>
230
+ <?php
231
+ }
232
+
233
+ function settings_field_allowed( $value ) {
234
+ ?>
235
+ <div id="ip_list">
236
+ <?php
237
+ if ( !isset($this->rsa_options['allowed']) )
238
+ $this->rsa_options['allowed'] = false;
239
 
240
+ $ips = $this->rsa_options['allowed'];
241
+
242
+ if ( !empty($ips) )
243
+ {
244
+ foreach ($ips as $key => $ip)
245
+ {
246
+ if ( empty($ip) )
247
+ continue;
248
+
249
+ echo '<span><input type="text" name="rsa_options[allowed][]" value="' . esc_attr($ip) . '" readonly="true" /><input type="button" class="button" onclick="remove_ip(this);" value="remove" /><br /></span>';
250
+ }
 
 
 
 
 
 
251
  }
252
+ ?>
253
+ </div>
254
+ <input type="text" name="newip" id="newip" value="" /><input class="button" type="button" onclick="add_ip(jQuery('#newip').val());" value="add" />
255
+ <span class="description"><?php _e('Enter a single IP or a range using a subnet prefix.'); ?> (<a href="#" onclick="jQuery('#contextual-help-link').click(); return false;"><?php _e( 'more help' ); ?></a>)</span>
256
+ <br />
257
+ <input class="button" type="button" onclick="add_ip('<?php echo $_SERVER['REMOTE_ADDR']; ?>');" value="add my current IP" style="margin: 5px 0;" /><br />
258
+ <?php
259
+ }
260
+
261
+ function settings_field_message( $value )
262
+ {
263
+ ?>
264
+ <input type="text" name="rsa_options[message]" id="rsa_message" value="<?php echo @esc_attr( $this->rsa_options['message'] ); ?>" class="regular-text" />
265
+ <span class="description"><?php _e('Default (blank): "Access to this site is restricted."'); ?></span>
266
+ <?php
267
  }
268
 
269
+ function settings_field_redirect( $value )
270
+ {
271
+ ?>
272
+ <input type="text" name="rsa_options[redirect_url]" id="redirect" value="<?php echo @esc_attr( $this->rsa_options['redirect_url'] ); ?>" class="regular-text" />
273
+ <?php
274
+ }
275
 
276
+ function settings_field_redirect_path( $value )
277
+ {
278
+ ?>
279
+ <input type="checkbox" name="rsa_options[redirect_path]" value="1" id="redirect_path" <?php @checked( $this->rsa_options['redirect_path'] ); ?> />
280
+ <?php _e('Send visitor to same relative URL at redirection site'); ?> (<a href="#" onclick="jQuery('#contextual-help-link').click(); return false;"><?php _e('more help'); ?></a>)
281
+ <?php
282
+ }
283
 
284
+ function settings_field_redirect_code( $value )
285
  {
286
+ ?>
287
+ <select name="rsa_options[head_code]" id="redirect_code">
288
+ <option value="301" <?php @selected( $this->rsa_options['head_code'], '301' ); ?>><?php _e('301 Permanent'); ?></option>
289
+ <option value="302" <?php @selected( $this->rsa_options['head_code'], '302' ); ?>><?php _e('302 Undefined'); ?></option>
290
+ <option value="307" <?php @selected( $this->rsa_options['head_code'], '307' ); ?>><?php _e('307 Temporary'); ?></option>
291
+ </select>
292
+ <span class="description"><?php _e('Redirect HTTP status code'); ?> (<a href="#" onclick="jQuery('#contextual-help-link').click(); return false;"><?php _e('more help'); ?></a>)</span>
293
+ <?php
 
 
 
 
 
294
  }
295
 
296
+ /**
297
+ * special contextual help added to the privacy screen
298
+ */
299
+ function contextual_help( $text )
300
+ {
301
+ return $text . '
302
+ <h5>' . __('Restricted Site Access') . '</h5>
303
+ <p><a href="http://www.get10up.com/plugins/restricted-site-access-wordpress/" target="_blank">' . __('Restricted Site Access') . '</a> ' . __('is a plug-in by') . ' <a href="http://www.get10up.com" target="_blank">Jake Goldman</a> (<a href="http://www.get10up.com/plugins/restricted-site-access-wordpress/" target="_blank">10up</a>) ' . __('that allows you to restrict access to logged in users and a set of IP addresses.') . '</p>
304
+
305
+ <p><strong>' . __('Handling') . '</strong> - ' . __('send the visitor the WordPress login screen, redirect the visitor, or display a message indicating that the site is restricted.') . '</p>
306
+ <p><strong>' . __('Allowed IPs') . '</strong> - ' . __('enter a single IP address (i.e. 192.168.1.105) or an IP range using a network prefix (i.e. 10.0.0.1/24). In the current version, validation is not performed on the IP addresses or IP ranges, so enter your addresses carefully! Here\'s a') . ' <a href="http://www.csgnetwork.com/ipinfocalc.html" target="_blank">' . __('handy calculator') . '</a> ' . __('to check your prefix.') . '</p>
307
+
308
+ <h5>' . __('Redirection Options') . '</h5>
309
+ <p>' . __('The redirection fields are only used when "Handling" is set to "Redirect visitor".') . '</p>
310
+ <p><strong>' . __('Redirect visitor to') . '</strong> - ' . __('the web address of the site you want the visitor redirected to.') . '</p>
311
+ <p><strong>' . __('Redirect to same path') . '</strong> - ' . __('redirect the visitor to the same path (URI) entered at this site. Typically used when there are two, very similar sites at different public web addresses; for instance, a parallel development server accessible on the Internet but not intended for the public.') . '</p>
312
+ <p><strong>' . __('Redirection type') . '</strong> - ' . __('redirect status codes can provide certain visitors, particularly search engines, more information about the nature of the redirect. A 301 redirect tells search engines that a page has moved permanently to the new location. 307 indicates a temporary redirect. 302 is an undefined redirect.') . '</p>
313
+
314
+ <h5><a href="http://www.get10up.com/plugins/restricted-site-access-wordpress/" target="_blank">' . __('Restricted Site Access support') . '</a></h5>
315
+ ';
316
+ }
317
 
318
+ /**
319
+ * add settings link directing user to privacy page on plug-in page
320
+ */
321
+ function plugin_action_links( $links )
322
+ {
323
+ array_unshift( $links, '<a href="options-privacy.php">'.__('Settings').'</a>' );
324
+ return $links;
325
  }
326
 
327
+ /**
328
+ * activation of plugin: upgrades old versions, immediately sets privacy
329
+ */
330
+ function activation()
331
  {
332
+ $blog_public = 2; //default new blog public option
 
333
 
334
+ // if upgrading from pre-3.0, update the blog_public option
335
+ if ( $rsa_options = $this->rsa_options )
336
+ {
337
+ if ( isset($rsa_options['active']) && !$rsa_options['active'] )
338
+ $blog_public = 1;
339
  }
340
 
341
+ // upgrading pre 1.1
342
+ if ( get_option('rsa_restrict_approach') )
343
+ {
344
+ //visibility
345
+ if ( !get_option('rsa_is_active') )
346
+ $blog_public = 1;
347
+
348
+ //convert textarea ips to array
349
+ $allowed = get_option('rsa_allowed_ips');
350
+ if ($allowed)
351
+ {
352
+ $arrAllowed = preg_split('/\s+/', $allowed);
353
+
354
+ if ( empty($arrAllowed) )
355
+ $arrAllowed = array($allowed);
356
+ }
357
+
358
+ $rsa_options = array(
359
+ 'allowed' => $arrAllowed,
360
+ 'approach' => (get_option('rsa_restrict_approach')),
361
+ 'redirect_path' => (get_option('rsa_redirect_path')),
362
+ 'redirect_url' => (get_option('rsa_redirect_url')),
363
+ 'head_code' => (get_option('rsa_redirect_head'))
364
+ );
365
+ update_option('rsa_options',$rsa_options);
366
+
367
+ delete_option('rsa_is_active');
368
+ delete_option('rsa_allowed_ips');
369
+ delete_option('rsa_restrict_approach');
370
+ delete_option('rsa_redirect_path');
371
+ delete_option('rsa_redirect_url');
372
+ delete_option('rsa_redirect_head');
373
+ }
374
 
375
+ update_option( 'blog_public', $blog_public ); // set blog visibility
 
 
 
 
 
376
  }
377
 
378
+ /**
379
+ * restore privacy option to default value upon deactivating
380
+ */
381
+ function deactivation()
382
+ {
383
+ if ( get_option('blog_public') == 2 )
384
+ update_option( 'blog_public', 1 );
385
+ }
386
  }
387
 
388
+ $restricted_site_access = new restricted_site_access;
 
 
 
 
 
 
 
 
389
 
390
  /**
391
+ * uninstall hook - remove options
392
  */
 
 
393
 
394
+ register_uninstall_hook( __FILE__, 'restricted_site_access_uninstall' );
395
+
396
+ function restricted_site_access_uninstall()
397
  {
398
+ if ( get_option('blog_public') == 2 )
399
+ update_option( 'blog_public', 1 );
400
+
401
+ delete_option('rsa_options');
402
+ }