Restricted Site Access - Version 5.1

Version Description

  • Under the hood refactoring and clean up for performance and maintainability.
  • Small visual refinements to the settings panel.
Download this release

Release Info

Developer jakemgold
Plugin Icon 128x128 Restricted Site Access
Version 5.1
Comparing to
See all releases

Code changes from version 5.0.1 to 5.1

Files changed (7) hide show
  1. readme.txt +30 -14
  2. restricted-site-access.dev.js +138 -73
  3. restricted-site-access.js +1 -1
  4. restricted_site_access.php +318 -184
  5. screenshot-1.png +0 -0
  6. screenshot-2.png +0 -0
  7. screenshot-3.png +0 -0
readme.txt CHANGED
@@ -2,9 +2,9 @@
2
  Contributors: jakemgold, rcbth, 10up, thinkoomph
3
  Donate link: http://10up.com/plugins/restricted-site-access-wordpress/
4
  Tags: privacy, restricted, restrict, privacy, limited, permissions, security, block
5
- Requires at least: 3.4
6
- Tested up to: 3.5.1
7
- Stable tag: 5.0.1
8
 
9
  Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.
10
 
@@ -12,7 +12,7 @@ Limit access to visitors who are logged in or allowed by IP addresses. Includes
12
 
13
  Limit access your site to visitors who are logged in or accessing the site from a set of specified IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. A great solution for Extranets, publicly hosted Intranets, or parallel development / staging sites.
14
 
15
- Adds a number of new configuration options to the Reading (WordPress 3.5+) or Privacy (WordPress pre-3.5) settings panel. From this panel you can:
16
 
17
  1. Enable or disable site restriction
18
  1. Change the restriction behavior: send to login, redirect, display a message, display a page
@@ -29,37 +29,50 @@ Adds a number of new configuration options to the Reading (WordPress 3.5+) or Pr
29
 
30
  == Frequently Asked Questions ==
31
 
32
- = How do I unrestrict specific pages or parts of my site? =
33
 
34
- Developers can use the `restricted_site_access_is_restricted` filter to override Restricted Site Access. Note that the restriction checks happens before WordPress executes any queries, so use the global `$wp` variable to investigate what the visitor is trying to load.
 
 
 
 
 
 
 
 
 
 
35
 
36
  For instance, to unblock an RSS feed, place the following PHP code in the theme's functions.php file or in a simple plug-in:
37
 
38
- `add_filter( 'restricted_site_access_is_restricted', 'my_rsa_feed_override' );
39
 
40
- function my_rsa_feed_override( $is_restricted ) {
41
- global $wp;
42
  // check query variables to see if this is the feed
43
- if ( ! empty( $wp->query_vars['feed'] ) )
44
  $is_restricted = false;
45
-
46
  return $is_restricted;
47
  }`
48
 
49
  = How secure is this plug-in? =
50
 
51
- Users that are not logged in or allowed by IP address will not be able to browse your site. Restricted Site Access does not block access to your "real" files, so direct links to files in your uploads folder (for instance) are not blocked. It is also important to remember that IP addresses can be spoofed by hackers. Because Restricted Site Access runs as a plug-in, it is subject to any WordPress vulnerabilities.
52
 
53
  Restricted Site Access is not meant to be a top secret data safe, but simply a reliable and convenient way to handle unwanted visitors.
54
 
55
  == Screenshots ==
56
 
57
- 1. Screenshot of settings panel (WP 3.5) with simple Restricted Site Access option (send to login page).
58
- 1. Screenshot of settings panel (WP 3.5) with restriction message option enabled
59
  1. Plenty of inline help! Looks and behaves like native WordPress help.
60
 
61
  == Changelog ==
62
 
 
 
 
 
63
  = 5.0.1 =
64
  * Does not block user activation page in network mode
65
 
@@ -123,5 +136,8 @@ Restricted Site Access is not meant to be a top secret data safe, but simply a r
123
 
124
  == Upgrade Notice ==
125
 
 
 
 
126
  = 4.0 =
127
  This update improves performance, refines the user interface, and adds support for showing restricted visitors a specific page. Please be advised that this udpate is specifically designed for WordPress 3.2+, and like WordPress 3.2, <strong>no longer supports PHP < 5.2.4</strong>.
2
  Contributors: jakemgold, rcbth, 10up, thinkoomph
3
  Donate link: http://10up.com/plugins/restricted-site-access-wordpress/
4
  Tags: privacy, restricted, restrict, privacy, limited, permissions, security, block
5
+ Requires at least: 3.5
6
+ Tested up to: 4.0.1
7
+ Stable tag: 5.1
8
 
9
  Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.
10
 
12
 
13
  Limit access your site to visitors who are logged in or accessing the site from a set of specified IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. A great solution for Extranets, publicly hosted Intranets, or parallel development / staging sites.
14
 
15
+ Adds a number of new configuration options to the Reading settings panel. From this panel you can:
16
 
17
  1. Enable or disable site restriction
18
  1. Change the restriction behavior: send to login, redirect, display a message, display a page
29
 
30
  == Frequently Asked Questions ==
31
 
32
+ = Where do I change the restriction settings? =
33
 
34
+ Restricted Site Access settings are added to the Reading page, with WordPress’s built in site privacy options. (It was moved there from a separate Privacy settings page in 3.5.)
35
+
36
+ = It’s not working! My site is wide open! =
37
+
38
+ Most commonly, Restricted Site Access is not compatible with some page caching solutions. While the plugin hooks in as early as it can to check visitor permissions, its important to understand that some page caching plugins generate static output that prevents plugins like Restricted Site Access from ever checking individual visitors.
39
+
40
+ To the extent that sites blocked by this plugin should not need to concern themselves with high scale front end performance, we strongly recommend disabling any page caching solutions while restricting access to your site. Keep in mind that most page caching plugins do not cache the “logged in” experience, anyhow. Also note that the plugin *is* fully compatible with other caching layers, like the WordPress object cache.
41
+
42
+ = How do I allow access to specific pages or parts of my site? =
43
+
44
+ Developers can use the `restricted_site_access_is_restricted` filter to override normal restriction behavior. Note that restriction checks happen before WordPress executes any queries; it passes the query request from the global `$wp` variable so developers can investigate what the visitor is trying to load.
45
 
46
  For instance, to unblock an RSS feed, place the following PHP code in the theme's functions.php file or in a simple plug-in:
47
 
48
+ `add_filter( 'restricted_site_access_is_restricted', 'my_rsa_feed_override’, 10, 2 );
49
 
50
+ function my_rsa_feed_override( $is_restricted, $wp ) {
 
51
  // check query variables to see if this is the feed
52
+ if ( ! empty( $wp->query_vars['feed'] ) ) {
53
  $is_restricted = false;
54
+ }
55
  return $is_restricted;
56
  }`
57
 
58
  = How secure is this plug-in? =
59
 
60
+ Visitors that are not logged in or allowed by IP address will not be able to browse your site (though be cautious of page caching plugin incompatibilities, mentioned above). Restricted Site Access does not block access to your, so direct links to files in your media and uploads folder (for instance) are not blocked. It is also important to remember that IP addresses can be spoofed. Because Restricted Site Access runs as a plug-in, it is subject to any other vulnerabilities present on your site.
61
 
62
  Restricted Site Access is not meant to be a top secret data safe, but simply a reliable and convenient way to handle unwanted visitors.
63
 
64
  == Screenshots ==
65
 
66
+ 1. Screenshot of settings panel with simple Restricted Site Access option (send to login page).
67
+ 1. Screenshot of settings panel with restriction message option enabled
68
  1. Plenty of inline help! Looks and behaves like native WordPress help.
69
 
70
  == Changelog ==
71
 
72
+ = 5.1 =
73
+ * Under the hood refactoring and clean up for performance and maintainability.
74
+ * Small visual refinements to the settings panel.
75
+
76
  = 5.0.1 =
77
  * Does not block user activation page in network mode
78
 
136
 
137
  == Upgrade Notice ==
138
 
139
+ = 5.1 =
140
+ Drops support for versions of WordPress prior to 3.5.
141
+
142
  = 4.0 =
143
  This update improves performance, refines the user interface, and adds support for showing restricted visitors a specific page. Please be advised that this udpate is specifically designed for WordPress 3.2+, and like WordPress 3.2, <strong>no longer supports PHP < 5.2.4</strong>.
restricted-site-access.dev.js CHANGED
@@ -1,81 +1,146 @@
1
- function add_ip( ip ) {
2
- var shake_speed = 600;
3
- if ( restricted_site_access_l10n.wp_version < 3.5 )
4
- shake_speed = 60;
 
 
 
 
5
 
6
- if ( jQuery.trim(ip) == '' )
7
- return false;
8
 
9
- add_btn.attr('disabled', 'disabled');
 
 
 
 
 
 
 
 
 
 
 
 
 
10
 
11
- var ips = jQuery('#ip_list input');
12
- for ( var i = 0, l = ips.length; i < ips.length; i++ ) {
13
- if( ips[i].value == ip ) {
14
- jQuery(ips[i]).parent().effect('shake',shake_speed);
15
- add_btn.removeAttr('disabled');
16
- return false;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
17
  }
 
 
 
 
 
18
  }
19
 
20
- jQuery.post( ajaxurl, { action: 'rsa_ip_check', 'ip_address': ip }, function(response) {
21
- if ( response ) {
22
- jQuery('#newip').parent().effect('shake',shake_speed);
23
- add_btn.removeAttr('disabled');
24
  return false;
25
- } else {
26
- jQuery('<div style="display: none;"><input type="text" name="rsa_options[allowed][]" value="' + ip + '" readonly="true" /> <a href="#remove" onclick="remove_ip(this);">' + restricted_site_access_l10n.Remove + '</a></div>').appendTo('#ip_list').slideDown(250);
27
- if ( ip == jQuery('#newip').val() )
28
- jQuery('#newip').val('');
29
- jQuery('#addip').removeAttr('disabled');
30
- return true;
31
  }
32
- } );
33
- }
34
-
35
- function remove_ip( btnObj ) {
36
- jQuery(btnObj).parent().slideUp(250,function(){ jQuery(this).remove(); });
37
- }
38
-
39
- var add_btn;
40
-
41
- jQuery(document).ready(function($){
42
- // hide and show relevant pieces
43
- add_btn = $('#addip');
44
- var rsa_table = $('#rsa-send-to-login').closest('table');
45
- var rsa_redirect_fields = $('.rsa_redirect_field').closest('tr');
46
- var rsa_messsage_field = $('#rsa_message').closest('tr');
47
- var rsa_page_field = $('#rsa_page').closest('tr');
48
-
49
- if ( ! $('#blog-restricted').is(':checked') )
50
- rsa_table.hide();
51
- if ( ! $('#rsa-redirect-visitor').is(':checked') )
52
- rsa_redirect_fields.hide();
53
- if ( ! $('#rsa-display-message').is(':checked') )
54
- rsa_messsage_field.hide();
55
- if ( ! $('#rsa-unblocked-page').is(':checked') )
56
- rsa_page_field.hide();
57
-
58
- $('input[name="rsa_options[approach]"]').change(function(){
59
- if( $('#rsa-redirect-visitor').is(':checked') )
60
- rsa_redirect_fields.show();
61
- else
62
- rsa_redirect_fields.hide();
63
-
64
- if( $('#rsa-display-message').is(':checked') )
65
- rsa_messsage_field.show();
66
- else
67
- rsa_messsage_field.hide();
68
-
69
- if( $('#rsa-unblocked-page').is(':checked') )
70
- rsa_page_field.show();
71
- else
72
- rsa_page_field.hide();
73
- });
74
-
75
- $('input[name="blog_public"]').change(function(){
76
- if( $('#blog-restricted').is(':checked') )
77
- rsa_table.show();
78
- else
79
- rsa_table.hide();
80
- });
81
- });
1
+ /**
2
+ * 10up
3
+ * http://10up.com
4
+ *
5
+ * Copyright (c) 2013 10up, jakemgold
6
+ * Licensed under the GPLv2+ license.
7
+ */
8
+ (function (window, $) {
9
 
10
+ 'use strict';
11
+ var document = window.document;
12
 
13
+ var Cache = {
14
+ add_btn : '',
15
+ new_ip : '',
16
+ ip_list_wrap : '',
17
+ empty_ip : '',
18
+ restrict_radio : '',
19
+ table : '',
20
+ redirect_choice : '',
21
+ message_choice : '',
22
+ page_choice : '',
23
+ redirect_fields : '',
24
+ message_field : '',
25
+ page_field : ''
26
+ };
27
 
28
+ function init() {
29
+
30
+ Cache.add_btn = $( document.getElementById('addip') );
31
+ Cache.new_ip = document.getElementById('newip');
32
+ Cache.ip_list_wrap = document.getElementById('ip_list');
33
+ Cache.empty_ip = $( document.getElementById('ip_list_empty') );
34
+ Cache.restrict_radio = document.getElementById('blog-restricted');
35
+ Cache.table = $( document.getElementById('rsa-send-to-login') ).closest('table');
36
+ Cache.redirect_choice = document.getElementById('rsa-redirect-visitor');
37
+ Cache.message_choice = document.getElementById('rsa-display-message');
38
+ Cache.page_choice = document.getElementById('rsa-unblocked-page');
39
+ Cache.redirect_fields = $( document.querySelectorAll('.rsa_redirect_field') ).closest('tr');
40
+ Cache.message_field = $( document.getElementById('rsa_message') ).closest('tr');
41
+ Cache.page_field = $( document.getElementById('rsa_page') ).closest('tr');
42
+
43
+ if ( ! document.getElementById('blog-restricted').checked ) {
44
+ Cache.table.hide();
45
+ }
46
+
47
+ if ( ! document.getElementById('rsa-redirect-visitor').checked ) {
48
+ Cache.redirect_fields.hide();
49
+ }
50
+
51
+ if ( ! document.getElementById('rsa-display-message').checked ) {
52
+ Cache.message_field.hide();
53
+ }
54
+
55
+ if ( ! document.getElementById('rsa-unblocked-page').checked ) {
56
+ Cache.page_field.hide();
57
+ }
58
+
59
+ $( document.querySelectorAll('#rsa_handle_fields input') ).on('change',function(){
60
+
61
+ if ( Cache.redirect_choice.checked ) {
62
+ Cache.redirect_fields.show();
63
+ } else {
64
+ Cache.redirect_fields.hide();
65
+ }
66
+
67
+ if ( Cache.message_choice.checked ) {
68
+ Cache.message_field.show();
69
+ } else {
70
+ Cache.message_field.hide();
71
+ }
72
+
73
+ if ( Cache.page_choice.checked ) {
74
+ Cache.page_field.show();
75
+ } else {
76
+ Cache.page_field.hide();
77
+ }
78
+
79
+ });
80
+
81
+ $( document.querySelectorAll('.option-site-visibility input') ).on('change',function(){
82
+ if ( Cache.restrict_radio.checked ) {
83
+ Cache.table.show();
84
+ } else {
85
+ Cache.table.hide();
86
+ }
87
+ });
88
+
89
+ Cache.add_btn.on('click',function(){
90
+ add_ip( Cache.new_ip.value );
91
+ });
92
+
93
+ var myip_btn = document.getElementById('rsa_myip');
94
+ if ( null !== myip_btn ) {
95
+ $(myip_btn).on('click',function(){
96
+ add_ip( $(this).data('myip') );
97
+ });
98
  }
99
+
100
+ $(Cache.ip_list_wrap).on('click', '.remove_btn', function(){
101
+ $( this.parentNode ).slideUp( 250, function(){ $(this).remove(); } );
102
+ });
103
+
104
  }
105
 
106
+ function add_ip( ip ) {
107
+ if ( $.trim( ip ) == '' ) {
 
 
108
  return false;
 
 
 
 
 
 
109
  }
110
+
111
+ var shake_speed = 600;
112
+
113
+ Cache.add_btn.attr('disabled', 'disabled');
114
+ var ip_list = $( document.querySelectorAll('#ip_list input') );
115
+
116
+ for ( var i = 0, l = ip_list.length; i < ip_list.length; i++ ) {
117
+ if( ip_list[i].value == ip ) {
118
+ $( ip_list[i] ).parent().effect( 'shake', shake_speed );
119
+ Cache.add_btn.removeAttr('disabled');
120
+ return false;
121
+ }
122
+ }
123
+
124
+ jQuery.post( ajaxurl, { action: 'rsa_ip_check', 'ip_address': ip }, function(response) {
125
+ if ( response ) {
126
+ $( Cache.new_ip.parentNode ).effect( 'shake', shake_speed );
127
+ Cache.add_btn.removeAttr('disabled');
128
+ return false;
129
+ } else {
130
+ var new_ip = Cache.empty_ip.clone().appendTo(Cache.ip_list_wrap);
131
+ new_ip.children('input').val(ip);
132
+ new_ip.removeAttr('id').slideDown(250);
133
+
134
+ if ( ip == Cache.new_ip.value ) {
135
+ $(Cache.new_ip).val('');
136
+ }
137
+ Cache.add_btn.removeAttr('disabled');
138
+
139
+ return true;
140
+ }
141
+ } );
142
+ }
143
+
144
+ init();
145
+
146
+ })(window,jQuery);
 
 
 
 
 
 
 
 
 
 
 
 
 
restricted-site-access.js CHANGED
@@ -1 +1 @@
1
- function add_ip(e){var t=600;if(restricted_site_access_l10n.wp_version<3.5)t=60;if(jQuery.trim(e)=="")return false;add_btn.attr("disabled","disabled");var n=jQuery("#ip_list input");for(var r=0,i=n.length;r<n.length;r++){if(n[r].value==e){jQuery(n[r]).parent().effect("shake",t);add_btn.removeAttr("disabled");return false}}jQuery.post(ajaxurl,{action:"rsa_ip_check",ip_address:e},function(n){if(n){jQuery("#newip").parent().effect("shake",t);add_btn.removeAttr("disabled");return false}else{jQuery('<div style="display: none;"><input type="text" name="rsa_options[allowed][]" value="'+e+'" readonly="true" /> <a href="#remove" onclick="remove_ip(this);">'+restricted_site_access_l10n.Remove+"</a></div>").appendTo("#ip_list").slideDown(250);if(e==jQuery("#newip").val())jQuery("#newip").val("");jQuery("#addip").removeAttr("disabled");return true}})}function remove_ip(e){jQuery(e).parent().slideUp(250,function(){jQuery(this).remove()})}var add_btn;jQuery(document).ready(function(e){add_btn=e("#addip");var t=e("#rsa-send-to-login").closest("table");var n=e(".rsa_redirect_field").closest("tr");var r=e("#rsa_message").closest("tr");var i=e("#rsa_page").closest("tr");if(!e("#blog-restricted").is(":checked"))t.hide();if(!e("#rsa-redirect-visitor").is(":checked"))n.hide();if(!e("#rsa-display-message").is(":checked"))r.hide();if(!e("#rsa-unblocked-page").is(":checked"))i.hide();e('input[name="rsa_options[approach]"]').change(function(){if(e("#rsa-redirect-visitor").is(":checked"))n.show();else n.hide();if(e("#rsa-display-message").is(":checked"))r.show();else r.hide();if(e("#rsa-unblocked-page").is(":checked"))i.show();else i.hide()});e('input[name="blog_public"]').change(function(){if(e("#blog-restricted").is(":checked"))t.show();else t.hide()})})
1
+ (function(e,t){"use strict";function i(){r.add_btn=t(n.getElementById("addip"));r.new_ip=n.getElementById("newip");r.ip_list_wrap=n.getElementById("ip_list");r.empty_ip=t(n.getElementById("ip_list_empty"));r.restrict_radio=n.getElementById("blog-restricted");r.table=t(n.getElementById("rsa-send-to-login")).closest("table");r.redirect_choice=n.getElementById("rsa-redirect-visitor");r.message_choice=n.getElementById("rsa-display-message");r.page_choice=n.getElementById("rsa-unblocked-page");r.redirect_fields=t(n.querySelectorAll(".rsa_redirect_field")).closest("tr");r.message_field=t(n.getElementById("rsa_message")).closest("tr");r.page_field=t(n.getElementById("rsa_page")).closest("tr");if(!n.getElementById("blog-restricted").checked){r.table.hide()}if(!n.getElementById("rsa-redirect-visitor").checked){r.redirect_fields.hide()}if(!n.getElementById("rsa-display-message").checked){r.message_field.hide()}if(!n.getElementById("rsa-unblocked-page").checked){r.page_field.hide()}t(n.querySelectorAll("#rsa_handle_fields input")).on("change",function(){if(r.redirect_choice.checked){r.redirect_fields.show()}else{r.redirect_fields.hide()}if(r.message_choice.checked){r.message_field.show()}else{r.message_field.hide()}if(r.page_choice.checked){r.page_field.show()}else{r.page_field.hide()}});t(n.querySelectorAll(".option-site-visibility input")).on("change",function(){if(r.restrict_radio.checked){r.table.show()}else{r.table.hide()}});r.add_btn.on("click",function(){s(r.new_ip.value)});var e=n.getElementById("rsa_myip");if(null!==e){t(e).on("click",function(){s(t(this).data("myip"))})}t(r.ip_list_wrap).on("click",".remove_btn",function(){t(this.parentNode).slideUp(250,function(){t(this).remove()})})}function s(e){if(t.trim(e)==""){return false}var i=600;r.add_btn.attr("disabled","disabled");var s=t(n.querySelectorAll("#ip_list input"));for(var o=0,u=s.length;o<s.length;o++){if(s[o].value==e){t(s[o]).parent().effect("shake",i);r.add_btn.removeAttr("disabled");return false}}jQuery.post(ajaxurl,{action:"rsa_ip_check",ip_address:e},function(n){if(n){t(r.new_ip.parentNode).effect("shake",i);r.add_btn.removeAttr("disabled");return false}else{var s=r.empty_ip.clone().appendTo(r.ip_list_wrap);s.children("input").val(e);s.removeAttr("id").slideDown(250);if(e==r.new_ip.value){t(r.new_ip).val("")}r.add_btn.removeAttr("disabled");return true}})}var n=e.document;var r={add_btn:"",new_ip:"",ip_list_wrap:"",empty_ip:"",restrict_radio:"",table:"",redirect_choice:"",message_choice:"",page_choice:"",redirect_fields:"",message_field:"",page_field:""};i()})(window,jQuery)
restricted_site_access.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Restricted Site Access
4
  Plugin URI: http://10up.com/plugins/restricted-site-access-wordpress/
5
  Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. <strong>Powerful control over redirection</strong>, including <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6
- Version: 5.0.1
7
  Author: Jake Goldman, 10up, Oomph
8
  Author URI: http://10up.com
9
  License: GPLv2 or later
@@ -11,10 +11,9 @@
11
 
12
  class Restricted_Site_Access {
13
 
14
- private $rsa_options;
15
- private $basename;
16
- private $settings_page = 'privacy';
17
- private $fields = array(
18
  'approach' => array(
19
  'default' => 1,
20
  'label' => 'Handle restricted visitors',
@@ -52,55 +51,92 @@ class Restricted_Site_Access {
52
  ),
53
  );
54
 
55
- public function __construct() {
56
- $this->basename = plugin_basename( __FILE__ );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
57
 
58
- add_action( 'parse_request', array( $this, 'restrict_access' ), 1 );
59
- add_action( 'admin_init', array( $this, 'admin_init' ), 1 );
60
- add_action( 'init', array( $this, 'init' ) );
61
- add_action( 'wp_ajax_rsa_ip_check', array( $this, 'ajax_rsa_ip_check' ) );
62
 
63
- add_action( 'activate_' . $this->basename, array( $this, 'activation' ) );
64
- add_action( 'deactivate_' . $this->basename, array( $this, 'deactivation' ) );
65
  }
66
-
67
- public function init() {
68
- load_plugin_textdomain( 'restricted-site-access', false, dirname( $this->basename ) . '/localization/' );
 
 
 
69
  }
70
 
71
  /**
72
  * populate the option with defaults
73
  */
74
- private function set_option_defaults() {
75
- if ( ! empty( $this->rsa_options ) )
76
  return;
 
77
 
78
  // set default options
79
- $this->rsa_options = (array) get_option( 'rsa_options' );
80
- foreach( $this->fields as $field_name => $field_details ) {
81
- if ( ! isset( $this->rsa_options[$field_name] ) )
82
- $this->rsa_options[$field_name] = $field_details['default'];
 
83
  }
84
  }
85
-
86
- public function restrict_access( $wp ) {
87
- remove_action( 'parse_request', array( $this, 'restrict_access' ), 1 ); // only need it the first time
 
 
 
 
 
88
 
89
- $is_restricted = ( is_admin() || is_user_logged_in() || get_option( 'blog_public' ) != 2 || ( defined( 'WP_INSTALLING' ) && isset( $_GET['key'] ) ) ) ? false : true;
90
- if ( apply_filters( 'restricted_site_access_is_restricted', $is_restricted, $wp ) === false )
91
  return;
 
92
 
93
- $this->set_option_defaults();
94
 
95
  // check for the allow list, if its empty block everything
96
- if ( $list = $this->rsa_options['allowed'] ) {
97
  $remote_ip = $_SERVER['REMOTE_ADDR']; //save the remote ip
98
- if ( strpos( $remote_ip, '.' ) )
99
  $remote_ip = str_replace( '::ffff:', '', $remote_ip ); //handle dual-stack addresses
 
100
  $remote_ip = inet_pton( $remote_ip ); //parse the remote ip
101
 
102
  // iterate through the allow list
103
- foreach( $list as $line ) {
104
  list( $ip, $mask ) = explode( '/', $line . '/128' ); // get the ip and mask from the list
105
 
106
  $mask = str_repeat( 'f', $mask >> 2 ); //render the mask as bits, similar to info on the php.net man page discussion for inet_pton
@@ -120,114 +156,137 @@ class Restricted_Site_Access {
120
  $mask = pack( 'H*', $mask );
121
 
122
  // check if the masked versions match
123
- if ( ( inet_pton( $ip ) & $mask ) == ( $remote_ip & $mask ) )
124
  return;
 
125
  }
126
  }
127
 
128
- $rsa_restrict_approach = apply_filters( 'restricted_site_access_approach', $this->rsa_options['approach'] );
129
- do_action( 'restrict_site_access_handling', $rsa_restrict_approach ); // allow users to hook handling
130
 
131
  switch( $rsa_restrict_approach ) {
132
  case 4:
133
- if ( $this->rsa_options['page'] && ( $page_id = get_post_field( 'ID', $this->rsa_options['page'] ) ) ) {
134
  unset( $wp->query_vars );
135
  $wp->query_vars['page_id'] = $page_id;
136
  return;
137
  }
138
 
139
  case 3:
140
- $message = __( $this->rsa_options['message'], 'restricted-site-access' );
141
- $message .= "\n<!-- access protected by Restricted Site Access plug-in | http://10up.com/plugins/restricted-site-access-wordpress/ -->";
142
- $message = apply_filters( 'restricted_site_access_message', $message );
143
-
144
  wp_die( $message, get_bloginfo( 'name' ) . ' - Site Access Restricted' );
145
 
146
  case 2:
147
- if ( $this->rsa_options['redirect_url'] ) {
148
- if( ! empty( $this->rsa_options['redirect_path'] ) )
149
- $this->rsa_options['redirect_url'] = untrailingslashit( $this->rsa_options['redirect_url'] ) . $_SERVER["REQUEST_URI"]; // path
 
150
  break;
151
  }
152
 
153
  default:
154
- $this->rsa_options['redirect_path'] = 302;
155
- $current_path = empty( $_SERVER["REQUEST_URI"] ) ? home_url() : $_SERVER["REQUEST_URI"];
156
- $this->rsa_options['redirect_url'] = wp_login_url( $current_path );
157
  }
158
 
159
- $redirect_url = apply_filters( 'restricted_site_access_redirect_url', $this->rsa_options['redirect_url'] );
160
- $redirect_code = apply_filters( 'restricted_site_access_head', $this->rsa_options['redirect_path'] );
161
  wp_redirect( $redirect_url, $redirect_code );
162
  die;
163
  }
164
-
165
- public function admin_init() {
166
- if ( version_compare( floatval( get_bloginfo( 'version' ) ), '3.5', '>=' ) )
167
- $this->settings_page = 'reading';
168
 
 
 
 
 
169
  // customize privacy message
170
- add_filter( 'privacy_on_link_text', array( $this, 'privacy_on_link_text' ) );
171
- add_filter( 'privacy_on_link_title', array( $this, 'privacy_on_link_title' ) );
172
 
173
  // customize privacy page
174
- add_action( 'load-options-' . $this->settings_page . '.php', array( $this, 'load_options_page' ) );
175
 
176
  // add new choice for blog privacy
177
- add_action( 'blog_privacy_selector', array( $this, 'blog_privacy_selector' ) );
178
 
179
  // settings for restricted site access
180
- register_setting( $this->settings_page, 'rsa_options', array( $this, 'sanitize_options' ) ); // array of fundamental options including ID and caching info
181
- add_settings_section( 'restricted-site-access', '', '__return_false', $this->settings_page );
182
- foreach ( $this->fields as $field_name => $field_data ) {
183
- add_settings_field( $field_name, __( $field_data['label'], 'restricted-site-access' ), array( $this, $field_data['field'] ), $this->settings_page, 'restricted-site-access' );
184
  }
185
 
186
- add_filter( 'plugin_action_links_' . $this->basename, array( $this, 'plugin_action_links' ) );
187
  }
188
-
189
- public function privacy_on_link_text( $text ) {
190
- if ( get_option( 'blog_public' ) == 2 )
 
 
 
 
 
 
 
191
  $text = __( 'Public access to this site has been restricted.', 'restricted-site-access' );
192
-
193
  return $text;
194
  }
195
-
196
- public function privacy_on_link_title( $text ) {
197
- if ( get_option( 'blog_public' ) == 2 )
 
 
 
 
 
 
 
198
  $text = __( 'Restricted Site Access plug-in is blocking public access to this site.', 'restricted-site-access' );
199
-
200
  return $text;
201
  }
202
-
203
- public function load_options_page() {
 
 
 
204
  $dev = ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ? '.dev' : '';
205
- wp_enqueue_script( 'restricted-site-access', plugin_dir_url( __FILE__ ) . 'restricted-site-access'.$dev.'.js', array('jquery-effects-shake'), '5.0', true );
206
- wp_localize_script( 'restricted-site-access', 'restricted_site_access_l10n', array(
207
- 'Remove' => __('Remove','restricted-site-access'),
208
- 'wp_version' => floatval( get_bloginfo( 'version' ) ),
209
- ) );
210
 
211
- add_action( 'admin_notices', array( $this, 'admin_notice' ) );
212
- add_action( 'admin_head', array( $this, 'admin_head' ) );
213
 
214
- $this->set_option_defaults();
215
  }
216
-
217
- public function admin_notice() {
218
- if ( empty( $this->rsa_options['approach'] ) )
 
 
 
219
  return;
 
220
 
221
- if ( $this->rsa_options['approach'] == 4 && empty( $this->rsa_options['page'] ) )
222
- $message = '<strong>' . __( 'Please select the page you want to show restricted visitors. If no page is selected, WordPress will simply show a general restriction message.', 'restricted-site-access' ) . '</strong>';
223
- elseif ( $this->rsa_options['approach'] == 2 && empty( $this->rsa_options['redirect_url'] ) )
224
- $message = '<strong>' . __( 'Please enter the web address you would like to redirect restriced visitors to. If no address is entered, visitors will be redirected to the login screen.', 'restricted-site-access' ) . '</strong>';
 
225
 
226
- if ( ! empty( $message ) )
227
- echo '<div class="updated settings-error"><p>' . $message . '</p></div>';
 
228
  }
229
 
230
- public function admin_head() {
 
 
 
231
  $screen = get_current_screen();
232
  $screen->add_help_tab( array(
233
  'id' => 'restricted-site-access',
@@ -242,219 +301,294 @@ class Restricted_Site_Access {
242
  ',
243
  ) );
244
  }
245
-
246
- public function blog_privacy_selector() {
 
 
 
247
  ?>
248
- <input id="blog-restricted" type="radio" name="blog_public" value="2" <?php checked( get_option( 'blog_public' ), 2 ); ?> />
249
- <label for="blog-restricted"><?php _e( 'Restrict site access to visitors who are logged in or allowed by IP address', 'restricted-site-access' ); ?></label>
 
 
250
  <?php
251
  }
252
-
253
- public function sanitize_options( $input ) {
 
 
 
 
 
 
 
254
  $new_input['approach'] = (int) $input['approach'];
255
- if ( $new_input['approach'] < 1 || $new_input['approach'] > 4 )
256
- $new_input['approach'] = $this->fields['approach']['default'];
 
257
 
258
  global $allowedtags;
259
  $new_input['message'] = wp_kses( $input['message'], $allowedtags );
260
 
261
  $new_input['redirect_path'] = empty( $input['redirect_path'] ) ? 0 : 1;
262
- $new_input['head_code'] = in_array( (int) $input['head_code'], array( 301, 302, 307 ) ) ? (int) $input['head_code'] : $this->fields['head_code']['default'];
263
  $new_input['redirect_url'] = empty( $input['redirect_url'] ) ? '' : esc_url_raw( $input['redirect_url'], array('http','https') );
264
  $new_input['page'] = empty( $input['page'] ) ? 0 : (int) $input['page'];
265
 
266
  $new_input['allowed'] = array();
267
  if ( !empty( $input['allowed'] ) && is_array( $input['allowed'] ) ) {
268
  foreach( $input['allowed'] as $ip_address ) {
269
- if ( $this->is_ip( $ip_address ) )
270
  $new_input['allowed'][] = $ip_address;
 
271
  }
272
  }
273
 
274
  return $new_input;
275
  }
276
-
277
- public function settings_field_handling( $args ) {
278
- if ( !isset($this->rsa_options['approach']) )
279
- $this->rsa_options['approach'] = 1;
 
 
 
 
 
 
280
  ?>
281
- <fieldset>
282
- <input id="rsa-send-to-login" name="rsa_options[approach]" type="radio" value="1" <?php checked( $this->rsa_options['approach'], 1 ); ?> />
283
  <label for="rsa-send-to-login"><?php _e('Send them to the WordPress login screen','restricted-site-access'); ?></label>
284
  <br />
285
- <input id="rsa-redirect-visitor" name="rsa_options[approach]" type="radio" value="2" <?php checked( $this->rsa_options['approach'], 2 ); ?> />
286
  <label for="rsa-redirect-visitor"><?php _e('Redirect them to a specified web address','restricted-site-access'); ?></label>
287
  <br />
288
- <input id="rsa-display-message" name="rsa_options[approach]" type="radio" value="3" <?php checked( $this->rsa_options['approach'], 3 ); ?> />
289
  <label for="rsa-display-message"><?php _e('Show them a simple message','restricted-site-access'); ?></label>
290
  <br />
291
- <input id="rsa-unblocked-page" name="rsa_options[approach]" type="radio" value="4" <?php checked( $this->rsa_options['approach'], 4 ); ?> />
292
  <label for="rsa-unblocked-page"><?php _e('Show them a specific WordPress page I\'ve created','restricted-site-access'); ?></label>
293
  </fieldset>
294
  <?php
295
  }
296
-
297
- public function settings_field_allowed( $args ) {
 
 
 
 
 
298
  ?>
299
  <div class="hide-if-no-js">
300
  <div id="ip_list">
 
301
  <?php
302
- foreach ( (array) $this->rsa_options['allowed'] as $ip) {
303
- if ( empty( $ip ) )
304
- continue;
305
-
306
- echo '<div><input type="text" name="rsa_options[allowed][]" value="' . esc_attr( $ip ) . '" readonly="true" /> <a href="#remove" onclick="remove_ip(this);">' . __( 'Remove' ) . '</a></div>';
307
  }
308
  ?>
309
  </div>
310
  <div>
311
- <input type="text" name="newip" id="newip" /> <input class="button" type="button" id="addip" onclick="add_ip(jQuery('#newip').val());" value="<?php _e( 'Add' ); ?>" />
312
- <label for="newip"><span class="description"><?php _e('Enter a single IP address or a range using a subnet prefix','restricted-site-access'); ?></span></label>
313
  </div>
314
- <?php if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) { ?><input class="button" type="button" onclick="add_ip('<?php echo esc_attr( $_SERVER['REMOTE_ADDR'] ); ?>');" value="<?php _e( 'Add My Current IP Address', 'restricted-site-access' ); ?>" style="margin-top: 5px;" /><br /><?php } ?>
315
  </div>
316
  <p class="hide-if-js"><strong><?php _e('To manage IP addresses, you must use a JavaScript enabled browser.','restricted-site-access'); ?></strong></p>
317
  <?php
318
  }
319
-
320
- public function settings_field_message( $args ) {
321
- if ( empty($this->rsa_options['message']) )
322
- $this->rsa_options['message'] = __('Access to this site is restricted.','restricted-site-access');
323
 
324
- wp_editor( $this->rsa_options['message'], 'rsa_message', array(
 
 
 
 
 
 
 
 
 
 
325
  'media_buttons' => false,
326
  'textarea_name' => 'rsa_options[message]',
327
  'textarea_rows' => 4,
328
  'tinymce' => false,
329
  ) );
330
  }
331
-
332
- public function settings_field_redirect( $args ) {
 
 
 
 
 
 
 
 
333
  ?>
334
- <input type="text" name="rsa_options[redirect_url]" id="redirect" class="rsa_redirect_field regular-text" value="<?php echo @esc_attr( $this->rsa_options['redirect_url'] ); ?>" />
335
  <?php
336
  }
337
-
338
- public function settings_field_redirect_path( $args ) {
 
 
 
 
 
 
 
 
339
  ?>
340
- <input type="checkbox" name="rsa_options[redirect_path]" value="1" id="redirect_path" class="rsa_redirect_field" <?php @checked( $this->rsa_options['redirect_path'] ); ?> />
341
- <?php _e( 'Send restricted visitor to same path (relative URL) at the new web address', 'restricted-site-access' ); ?>
 
 
 
342
  <?php
343
  }
344
-
345
- public function settings_field_redirect_code( $args ) {
346
- if ( empty($this->rsa_options['head_code']) )
347
- $this->rsa_options['head_code'] = 302;
 
 
 
 
 
 
348
  ?>
349
  <select name="rsa_options[head_code]" id="redirect_code" class="rsa_redirect_field">
350
- <option value="301" <?php selected( $this->rsa_options['head_code'], 301 ); ?>><?php _e( '301 Permanent', 'restricted-site-access' ); ?></option>
351
- <option value="302" <?php selected( $this->rsa_options['head_code'], 302 ); ?>><?php _e( '302 Undefined', 'restricted-site-access' ); ?></option>
352
- <option value="307" <?php selected( $this->rsa_options['head_code'], 307 ); ?>><?php _e( '307 Temporary', 'restricted-site-access' ); ?></option>
353
  </select>
354
- <span class="description"><?php _e( 'HTTP status code sent to browser', 'restricted-site-access' ); ?></span>
355
  <?php
356
  }
357
-
358
- public function settings_field_rsa_page( $args ) {
 
 
 
 
 
 
 
 
 
359
  wp_dropdown_pages(array(
360
- 'selected' => $this->rsa_options['page'],
361
- 'show_option_none' => 'Select a page',
362
- 'name' => 'rsa_options[page]',
363
- 'id' => 'rsa_page'
364
  ));
365
  }
366
 
367
  /**
368
- * validate IP address entry on demand (AJAX)
369
  */
370
- public function ajax_rsa_ip_check() {
371
- if ( empty( $_POST['ip_address'] ) )
372
- die('1');
373
-
374
- if ( $this->is_ip( stripslashes( $_POST['ip_address'] ) ) )
375
- die;
376
- else
377
- die('1');
378
  }
379
 
380
  /**
381
  * is it a valid IP address? v4/v6 with subnet range
 
 
 
 
382
  */
383
- public function is_ip( $ip_address ) {
384
  // very basic validation of ranges
385
  if ( strpos( $ip_address, '/' ) ) {
386
  $ip_parts = explode( '/', $ip_address );
387
- if ( empty( $ip_parts[1] ) || !is_numeric( $ip_parts[1] ) || strlen( $ip_parts[1] ) > 3 )
388
  return false;
 
389
  $ip_address = $ip_parts[0];
390
  }
391
 
392
  // confirm IP part is a valid IPv6 or IPv4 IP
393
- if ( empty( $ip_address ) || !inet_pton( stripslashes( $ip_address ) ) )
394
  return false;
 
395
 
396
  return true;
397
  }
398
 
399
  /**
400
- * add settings link directing user to privacy page on plug-in page
 
 
 
 
401
  */
402
- public function plugin_action_links( $links ) {
403
- $links[] = '<a href="options-' . $this->settings_page . '.php">' . __('Settings') . '</a>';
404
  return $links;
405
  }
406
 
407
  /**
408
  * activation of plugin: upgrades old versions, immediately sets privacy
409
  */
410
- public function activation() {
411
  update_option( 'blog_public', 2 );
412
  }
413
 
414
  /**
415
  * restore privacy option to default value upon deactivating
416
  */
417
- public function deactivation() {
418
- if ( get_option( 'blog_public' ) == 2 )
419
  update_option( 'blog_public', 1 );
 
420
  }
421
  }
422
 
423
- $restricted_site_access = new Restricted_Site_Access;
424
 
425
  /**
426
- * uninstall hook - remove options
427
  */
428
-
429
- register_uninstall_hook( __FILE__, 'restricted_site_access_uninstall' );
430
-
431
  function restricted_site_access_uninstall() {
432
- if ( get_option('blog_public') == 2 )
433
  update_option( 'blog_public', 1 );
434
-
435
  delete_option('rsa_options');
436
  }
437
 
438
- /**
439
- * inet_pton is not included in PHP < 5.3 on Windows (WP requires PHP 5.2)
440
- */
441
 
442
  if ( ! function_exists( 'inet_pton' ) ) :
443
 
444
- function inet_pton($ip) {
445
- if (strpos($ip, '.') !== false) {
446
- // ipv4
447
- $ip = pack('N',ip2long($ip));
448
- } elseif (strpos($ip, ':') !== false) {
449
- // ipv6
450
- $ip = explode(':', $ip);
451
- $res = str_pad('', (4*(8-count($ip))), '0000', STR_PAD_LEFT);
452
- foreach ($ip as $seg) {
453
- $res .= str_pad($seg, 4, '0', STR_PAD_LEFT);
454
- }
455
- $ip = pack('H'.strlen($res), $res);
 
 
 
 
 
456
  }
457
- return $ip;
458
  }
 
 
459
 
460
  endif;
3
  Plugin Name: Restricted Site Access
4
  Plugin URI: http://10up.com/plugins/restricted-site-access-wordpress/
5
  Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. <strong>Powerful control over redirection</strong>, including <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6
+ Version: 5.1
7
  Author: Jake Goldman, 10up, Oomph
8
  Author URI: http://10up.com
9
  License: GPLv2 or later
11
 
12
  class Restricted_Site_Access {
13
 
14
+ private static $rsa_options, $basename;
15
+ private static $settings_page = 'reading';
16
+ private static $fields = array(
 
17
  'approach' => array(
18
  'default' => 1,
19
  'label' => 'Handle restricted visitors',
51
  ),
52
  );
53
 
54
+ /**
55
+ * Handles initializing this class and returning the singleton instance after it's been cached.
56
+ *
57
+ * @return null|Simple_page_Ordering
58
+ */
59
+ public static function get_instance() {
60
+ // Store the instance locally to avoid private static replication
61
+ static $instance = null;
62
+
63
+ if ( null === $instance ) {
64
+ $instance = new self();
65
+ self::_add_actions();
66
+ }
67
+
68
+ return $instance;
69
+ }
70
+
71
+ /**
72
+ * An empty constructor
73
+ */
74
+ public function __construct() { /* Purposely do nothing here */ }
75
+
76
+ /**
77
+ * Handles registering hooks that initialize this plugin.
78
+ */
79
+ public static function _add_actions() {
80
+ self::$basename = plugin_basename( __FILE__ );
81
 
82
+ add_action( 'parse_request', array( __CLASS__, 'restrict_access' ), 1 );
83
+ add_action( 'admin_init', array( __CLASS__, 'admin_init' ), 1 );
84
+ add_action( 'plugins_loaded', array( __CLASS__, 'load_textdomain' ) );
85
+ add_action( 'wp_ajax_rsa_ip_check', array( __CLASS__, 'ajax_rsa_ip_check' ) );
86
 
87
+ add_action( 'activate_' . self::$basename, array( __CLASS__, 'activation' ) );
88
+ add_action( 'deactivate_' . self::$basename, array( __CLASS__, 'deactivation' ) );
89
  }
90
+
91
+ /**
92
+ * Loads the plugin textdomain
93
+ */
94
+ public static function load_textdomain() {
95
+ load_plugin_textdomain( 'restricted-site-access', false, dirname( self::$basename ) . '/localization/' );
96
  }
97
 
98
  /**
99
  * populate the option with defaults
100
  */
101
+ private static function set_option_defaults() {
102
+ if ( ! empty( self::$rsa_options ) ) {
103
  return;
104
+ }
105
 
106
  // set default options
107
+ self::$rsa_options = (array) get_option( 'rsa_options' );
108
+ foreach( self::$fields as $field_name => $field_details ) {
109
+ if ( ! isset( self::$rsa_options[ $field_name ] ) ) {
110
+ self::$rsa_options[ $field_name ] = $field_details[ 'default' ];
111
+ }
112
  }
113
  }
114
+
115
+ /**
116
+ * Determine whether page should be restricted at point of request
117
+ *
118
+ * @param array $wp WordPress request
119
+ */
120
+ public static function restrict_access( $wp ) {
121
+ remove_action( 'parse_request', array( __CLASS__, 'restrict_access' ), 1 ); // only need it the first time
122
 
123
+ $is_restricted = !( is_admin() || is_user_logged_in() || 2 != get_option( 'blog_public' ) || ( defined( 'WP_INSTALLING' ) && isset( $_GET['key'] ) ) );
124
+ if ( apply_filters( 'restricted_site_access_is_restricted', $is_restricted, $wp ) === false ) {
125
  return;
126
+ }
127
 
128
+ self::set_option_defaults();
129
 
130
  // check for the allow list, if its empty block everything
131
+ if ( !empty( self::$rsa_options['allowed'] ) && is_array( self::$rsa_options['allowed'] ) ) {
132
  $remote_ip = $_SERVER['REMOTE_ADDR']; //save the remote ip
133
+ if ( strpos( $remote_ip, '.' ) ) {
134
  $remote_ip = str_replace( '::ffff:', '', $remote_ip ); //handle dual-stack addresses
135
+ }
136
  $remote_ip = inet_pton( $remote_ip ); //parse the remote ip
137
 
138
  // iterate through the allow list
139
+ foreach( self::$rsa_options['allowed'] as $line ) {
140
  list( $ip, $mask ) = explode( '/', $line . '/128' ); // get the ip and mask from the list
141
 
142
  $mask = str_repeat( 'f', $mask >> 2 ); //render the mask as bits, similar to info on the php.net man page discussion for inet_pton
156
  $mask = pack( 'H*', $mask );
157
 
158
  // check if the masked versions match
159
+ if ( ( inet_pton( $ip ) & $mask ) == ( $remote_ip & $mask ) ) {
160
  return;
161
+ }
162
  }
163
  }
164
 
165
+ $rsa_restrict_approach = apply_filters( 'restricted_site_access_approach', self::$rsa_options['approach'] );
166
+ do_action( 'restrict_site_access_handling', $rsa_restrict_approach, $wp ); // allow users to hook handling
167
 
168
  switch( $rsa_restrict_approach ) {
169
  case 4:
170
+ if ( !empty( self::$rsa_options['page'] ) && ( $page_id = get_post_field( 'ID', self::$rsa_options['page'] ) ) ) {
171
  unset( $wp->query_vars );
172
  $wp->query_vars['page_id'] = $page_id;
173
  return;
174
  }
175
 
176
  case 3:
177
+ $message = __( self::$rsa_options['message'], 'restricted-site-access' );
178
+ $message .= "\n<!-- protected by Restricted Site Access http://10up.com/plugins/restricted-site-access-wordpress/ -->";
179
+ $message = apply_filters( 'restricted_site_access_message', $message, $wp );
 
180
  wp_die( $message, get_bloginfo( 'name' ) . ' - Site Access Restricted' );
181
 
182
  case 2:
183
+ if ( ! empty( self::$rsa_options['redirect_url'] ) ) {
184
+ if( ! empty( self::$rsa_options['redirect_path'] ) ) {
185
+ self::$rsa_options['redirect_url'] = untrailingslashit( self::$rsa_options['redirect_url'] ) . $_SERVER['REQUEST_URI'];
186
+ }
187
  break;
188
  }
189
 
190
  default:
191
+ self::$rsa_options['redirect_path'] = 302;
192
+ $current_path = empty( $_SERVER['REQUEST_URI'] ) ? home_url() : $_SERVER['REQUEST_URI'];
193
+ self::$rsa_options['redirect_url'] = wp_login_url( $current_path );
194
  }
195
 
196
+ $redirect_url = apply_filters( 'restricted_site_access_redirect_url', self::$rsa_options['redirect_url'], $wp );
197
+ $redirect_code = apply_filters( 'restricted_site_access_head', self::$rsa_options['redirect_path'], $wp );
198
  wp_redirect( $redirect_url, $redirect_code );
199
  die;
200
  }
 
 
 
 
201
 
202
+ /**
203
+ * Admin only hooks
204
+ */
205
+ public static function admin_init() {
206
  // customize privacy message
207
+ add_filter( 'privacy_on_link_text', array( __CLASS__, 'privacy_on_link_text' ) );
208
+ add_filter( 'privacy_on_link_title', array( __CLASS__, 'privacy_on_link_title' ) );
209
 
210
  // customize privacy page
211
+ add_action( 'load-options-' . self::$settings_page . '.php', array( __CLASS__, 'load_options_page' ) );
212
 
213
  // add new choice for blog privacy
214
+ add_action( 'blog_privacy_selector', array( __CLASS__, 'blog_privacy_selector' ) );
215
 
216
  // settings for restricted site access
217
+ register_setting( self::$settings_page, 'rsa_options', array( __CLASS__, 'sanitize_options' ) ); // array of fundamental options including ID and caching info
218
+ add_settings_section( 'restricted-site-access', '', '__return_empty_string', self::$settings_page );
219
+ foreach ( self::$fields as $field_name => $field_data ) {
220
+ add_settings_field( $field_name, __( $field_data['label'], 'restricted-site-access' ), array( __CLASS__, $field_data['field'] ), self::$settings_page, 'restricted-site-access' );
221
  }
222
 
223
+ add_filter( 'plugin_action_links_' . self::$basename, array( __CLASS__, 'plugin_action_links' ) );
224
  }
225
+
226
+ /**
227
+ * Overrides text in the dashboard Right Now widget
228
+ *
229
+ * @param string $text
230
+ *
231
+ * @return string New text to show in widget
232
+ */
233
+ public static function privacy_on_link_text( $text ) {
234
+ if ( 2 == get_option( 'blog_public' ) ) {
235
  $text = __( 'Public access to this site has been restricted.', 'restricted-site-access' );
236
+ }
237
  return $text;
238
  }
239
+
240
+ /**
241
+ * Title attribute for link about site status on Right Now widget
242
+ *
243
+ * @param string $text
244
+ *
245
+ * @return string New title attribute
246
+ */
247
+ public static function privacy_on_link_title( $text ) {
248
+ if ( 2 == get_option( 'blog_public' ) ) {
249
  $text = __( 'Restricted Site Access plug-in is blocking public access to this site.', 'restricted-site-access' );
250
+ }
251
  return $text;
252
  }
253
+
254
+ /**
255
+ * Loads needed scripts and assets on the Reading page
256
+ */
257
+ public static function load_options_page() {
258
  $dev = ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ? '.dev' : '';
259
+ wp_enqueue_script( 'restricted-site-access', plugin_dir_url( __FILE__ ) . 'restricted-site-access' . $dev . '.js', array('jquery-effects-shake'), '5.1', true );
 
 
 
 
260
 
261
+ add_action( 'admin_notices', array( __CLASS__, 'admin_notice' ) );
262
+ add_action( 'admin_head', array( __CLASS__, 'admin_head' ) );
263
 
264
+ self::set_option_defaults();
265
  }
266
+
267
+ /**
268
+ * Customize admin notices to ensure user completes restriction setup properly
269
+ */
270
+ public static function admin_notice() {
271
+ if ( empty( self::$rsa_options['approach'] ) ) {
272
  return;
273
+ }
274
 
275
+ if ( 4 == self::$rsa_options['approach'] && empty( self::$rsa_options['page'] ) ) {
276
+ $message = __( 'Please select the page you want to show restricted visitors. If no page is selected, WordPress will simply show a general restriction message.', 'restricted-site-access' );
277
+ } elseif ( 2 == self::$rsa_options['approach'] && empty( self::$rsa_options['redirect_url'] ) ) {
278
+ $message = __( 'Please enter the web address you would like to redirect restricted visitors to. If no address is entered, visitors will be redirected to the login screen.', 'restricted-site-access' );
279
+ }
280
 
281
+ if ( isset( $message ) ) {
282
+ echo '<div class="error"><p><strong>' . $message . '</strong></p></div>';
283
+ }
284
  }
285
 
286
+ /**
287
+ * Add restricted access help tab to screen
288
+ */
289
+ public static function admin_head() {
290
  $screen = get_current_screen();
291
  $screen->add_help_tab( array(
292
  'id' => 'restricted-site-access',
301
  ',
302
  ) );
303
  }
304
+
305
+ /**
306
+ * Add a new choice to the privacy selector
307
+ */
308
+ public static function blog_privacy_selector() {
309
  ?>
310
+ <p>
311
+ <input id="blog-restricted" type="radio" name="blog_public" value="2" <?php checked( get_option( 'blog_public' ), 2 ); ?> />
312
+ <label for="blog-restricted"><?php _e( 'Restrict site access to visitors who are logged in or allowed by IP address', 'restricted-site-access' ); ?></label>
313
+ </p>
314
  <?php
315
  }
316
+
317
+ /**
318
+ * Sanitize RSA options
319
+ *
320
+ * @param array $input
321
+ *
322
+ * @return array Sanitized input
323
+ */
324
+ public static function sanitize_options( $input ) {
325
  $new_input['approach'] = (int) $input['approach'];
326
+ if ( $new_input['approach'] < 1 || $new_input['approach'] > 4 ) {
327
+ $new_input['approach'] = self::$fields['approach']['default'];
328
+ }
329
 
330
  global $allowedtags;
331
  $new_input['message'] = wp_kses( $input['message'], $allowedtags );
332
 
333
  $new_input['redirect_path'] = empty( $input['redirect_path'] ) ? 0 : 1;
334
+ $new_input['head_code'] = in_array( (int) $input['head_code'], array( 301, 302, 307 ) ) ? (int) $input['head_code'] : self::$fields['head_code']['default'];
335
  $new_input['redirect_url'] = empty( $input['redirect_url'] ) ? '' : esc_url_raw( $input['redirect_url'], array('http','https') );
336
  $new_input['page'] = empty( $input['page'] ) ? 0 : (int) $input['page'];
337
 
338
  $new_input['allowed'] = array();
339
  if ( !empty( $input['allowed'] ) && is_array( $input['allowed'] ) ) {
340
  foreach( $input['allowed'] as $ip_address ) {
341
+ if ( self::is_ip( $ip_address ) ) {
342
  $new_input['allowed'][] = $ip_address;
343
+ }
344
  }
345
  }
346
 
347
  return $new_input;
348
  }
349
+
350
+ /**
351
+ * Fieldset for choosing restriction handling
352
+ *
353
+ * @param $args
354
+ */
355
+ public static function settings_field_handling( $args ) {
356
+ if ( ! isset( self::$rsa_options['approach'] ) ) {
357
+ self::$rsa_options['approach'] = 1;
358
+ }
359
  ?>
360
+ <fieldset id="rsa_handle_fields">
361
+ <input id="rsa-send-to-login" name="rsa_options[approach]" type="radio" value="1" <?php checked( self::$rsa_options['approach'], 1 ); ?> />
362
  <label for="rsa-send-to-login"><?php _e('Send them to the WordPress login screen','restricted-site-access'); ?></label>
363
  <br />
364
+ <input id="rsa-redirect-visitor" name="rsa_options[approach]" type="radio" value="2" <?php checked( self::$rsa_options['approach'], 2 ); ?> />
365
  <label for="rsa-redirect-visitor"><?php _e('Redirect them to a specified web address','restricted-site-access'); ?></label>
366
  <br />
367
+ <input id="rsa-display-message" name="rsa_options[approach]" type="radio" value="3" <?php checked( self::$rsa_options['approach'], 3 ); ?> />
368
  <label for="rsa-display-message"><?php _e('Show them a simple message','restricted-site-access'); ?></label>
369
  <br />
370
+ <input id="rsa-unblocked-page" name="rsa_options[approach]" type="radio" value="4" <?php checked( self::$rsa_options['approach'], 4 ); ?> />
371
  <label for="rsa-unblocked-page"><?php _e('Show them a specific WordPress page I\'ve created','restricted-site-access'); ?></label>
372
  </fieldset>
373
  <?php
374
  }
375
+
376
+ /**
377
+ * Fieldset for managing allowed IP addresses
378
+ *
379
+ * @param $args
380
+ */
381
+ public static function settings_field_allowed( $args ) {
382
  ?>
383
  <div class="hide-if-no-js">
384
  <div id="ip_list">
385
+ <div id="ip_list_empty" style="display: none;"><input type="text" name="rsa_options[allowed][]" value="" readonly="true" /> <a href="#remove" class="remove_btn"><?php _e( 'Remove' ); ?></a></div>
386
  <?php
387
+ $ips = (array) self::$rsa_options['allowed'];
388
+ foreach ( $ips as $ip) {
389
+ if ( ! empty( $ip ) ) {
390
+ echo '<div><input type="text" name="rsa_options[allowed][]" value="' . esc_attr( $ip ) . '" readonly="true" /> <a href="#remove" class="remove_btn">' . __( 'Remove' ) . '</a></div>';
391
+ }
392
  }
393
  ?>
394
  </div>
395
  <div>
396
+ <input type="text" name="newip" id="newip" /> <input class="button" type="button" id="addip" value="<?php _e( 'Add' ); ?>" />
397
+ <p class="description" style="display: inline;"><label for="newip"><?php _e('Enter a single IP address or a range using a subnet prefix','restricted-site-access'); ?></label></p>
398
  </div>
399
+ <?php if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) { ?><input class="button" type="button" id="rsa_myip" value="<?php _e( 'Add My Current IP Address', 'restricted-site-access' ); ?>" style="margin-top: 5px;" data-myip="<?php echo esc_attr( $_SERVER['REMOTE_ADDR'] ); ?>" /><br /><?php } ?>
400
  </div>
401
  <p class="hide-if-js"><strong><?php _e('To manage IP addresses, you must use a JavaScript enabled browser.','restricted-site-access'); ?></strong></p>
402
  <?php
403
  }
 
 
 
 
404
 
405
+ /**
406
+ * Field for custom message
407
+ *
408
+ * @param $args
409
+ */
410
+ public static function settings_field_message( $args ) {
411
+ if ( empty( self::$rsa_options['message'] ) ) {
412
+ self::$rsa_options['message'] = __( 'Access to this site is restricted.', 'restricted-site-access' );
413
+ }
414
+
415
+ wp_editor( self::$rsa_options['message'], 'rsa_message', array(
416
  'media_buttons' => false,
417
  'textarea_name' => 'rsa_options[message]',
418
  'textarea_rows' => 4,
419
  'tinymce' => false,
420
  ) );
421
  }
422
+
423
+ /**
424
+ * Field for redirection
425
+ *
426
+ * @param $args
427
+ */
428
+ public static function settings_field_redirect( $args ) {
429
+ if ( ! isset( self::$rsa_options['redirect_url'] ) ) {
430
+ self::$rsa_options['redirect_url'] = '';
431
+ }
432
  ?>
433
+ <input type="text" name="rsa_options[redirect_url]" id="redirect" class="rsa_redirect_field regular-text" value="<?php echo esc_attr( self::$rsa_options['redirect_url'] ); ?>" />
434
  <?php
435
  }
436
+
437
+ /**
438
+ * Field for redirect path option
439
+ *
440
+ * @param $args
441
+ */
442
+ public static function settings_field_redirect_path( $args ) {
443
+ if ( ! isset( self::$rsa_options['redirect_path'] ) ) {
444
+ self::$rsa_options['redirect_path'] = 0;
445
+ }
446
  ?>
447
+ <fieldset><legend class="screen-reader-text"><span><?php _e( self::$rsa_options['redirect_path']['label'], 'restricted-site-access' ); ?></span></legend>
448
+ <label for="redirect_path">
449
+ <input type="checkbox" name="rsa_options[redirect_path]" value="1" id="redirect_path" class="rsa_redirect_field" <?php checked( self::$rsa_options['redirect_path'] ); ?> />
450
+ <?php _e( 'Send restricted visitor to same path (relative URL) at the new web address', 'restricted-site-access' ); ?></label>
451
+ </fieldset>
452
  <?php
453
  }
454
+
455
+ /**
456
+ * Field for specifying redirect code
457
+ *
458
+ * @param $args
459
+ */
460
+ public static function settings_field_redirect_code( $args ) {
461
+ if ( empty( self::$rsa_options['head_code'] ) ) {
462
+ self::$rsa_options['head_code'] = 302;
463
+ }
464
  ?>
465
  <select name="rsa_options[head_code]" id="redirect_code" class="rsa_redirect_field">
466
+ <option value="301" <?php selected( self::$rsa_options['head_code'], 301 ); ?>><?php _e( '301 Permanent', 'restricted-site-access' ); ?></option>
467
+ <option value="302" <?php selected( self::$rsa_options['head_code'], 302 ); ?>><?php _e( '302 Undefined', 'restricted-site-access' ); ?></option>
468
+ <option value="307" <?php selected( self::$rsa_options['head_code'], 307 ); ?>><?php _e( '307 Temporary', 'restricted-site-access' ); ?></option>
469
  </select>
 
470
  <?php
471
  }
472
+
473
+ /**
474
+ * Field for choosing a page to redirect to
475
+ *
476
+ * @param $args
477
+ */
478
+ public static function settings_field_rsa_page( $args ) {
479
+ if ( ! isset( self::$rsa_options['page'] ) ) {
480
+ self::$rsa_options['page'] = 0;
481
+ }
482
+
483
  wp_dropdown_pages(array(
484
+ 'selected' => self::$rsa_options['page'],
485
+ 'show_option_none' => 'Select a page',
486
+ 'name' => 'rsa_options[page]',
487
+ 'id' => 'rsa_page'
488
  ));
489
  }
490
 
491
  /**
492
+ * Validate IP address entry on demand (AJAX)
493
  */
494
+ public static function ajax_rsa_ip_check() {
495
+ if ( empty( $_POST['ip_address'] ) || !self::is_ip( stripslashes( $_POST['ip_address'] ) ) ) {
496
+ die( '1' );
497
+ }
498
+ die;
 
 
 
499
  }
500
 
501
  /**
502
  * is it a valid IP address? v4/v6 with subnet range
503
+ *
504
+ * @param string $ip_address IP Address to check
505
+ *
506
+ * @return bool True if its a valid IP address.
507
  */
508
+ public static function is_ip( $ip_address ) {
509
  // very basic validation of ranges
510
  if ( strpos( $ip_address, '/' ) ) {
511
  $ip_parts = explode( '/', $ip_address );
512
+ if ( empty( $ip_parts[1] ) || !is_numeric( $ip_parts[1] ) || strlen( $ip_parts[1] ) > 3 ) {
513
  return false;
514
+ }
515
  $ip_address = $ip_parts[0];
516
  }
517
 
518
  // confirm IP part is a valid IPv6 or IPv4 IP
519
+ if ( empty( $ip_address ) || !inet_pton( stripslashes( $ip_address ) ) ) {
520
  return false;
521
+ }
522
 
523
  return true;
524
  }
525
 
526
  /**
527
+ * Add settings link directing user to privacy page on plug-in page
528
+ *
529
+ * @param array $links Array of links for plugin actions
530
+ *
531
+ * @return array
532
  */
533
+ public static function plugin_action_links( $links ) {
534
+ $links[] = '<a href="options-' . self::$settings_page . '.php">' . __('Settings') . '</a>';
535
  return $links;
536
  }
537
 
538
  /**
539
  * activation of plugin: upgrades old versions, immediately sets privacy
540
  */
541
+ public static function activation() {
542
  update_option( 'blog_public', 2 );
543
  }
544
 
545
  /**
546
  * restore privacy option to default value upon deactivating
547
  */
548
+ public static function deactivation() {
549
+ if ( 2 == get_option( 'blog_public' ) ) {
550
  update_option( 'blog_public', 1 );
551
+ }
552
  }
553
  }
554
 
555
+ Restricted_Site_Access::get_instance();
556
 
557
  /**
558
+ * Uninstall routine for the plugin
559
  */
 
 
 
560
  function restricted_site_access_uninstall() {
561
+ if ( 2 == get_option('blog_public') ) {
562
  update_option( 'blog_public', 1 );
563
+ }
564
  delete_option('rsa_options');
565
  }
566
 
567
+ register_uninstall_hook( __FILE__, 'restricted_site_access_uninstall' );
 
 
568
 
569
  if ( ! function_exists( 'inet_pton' ) ) :
570
 
571
+ /**
572
+ * inet_pton is not included in PHP < 5.3 on Windows (WP requires PHP 5.2)
573
+ *
574
+ * @param string $ip IP Address
575
+ *
576
+ * @return array|string
577
+ */
578
+ function inet_pton($ip) {
579
+ if (strpos($ip, '.') !== false) {
580
+ // ipv4
581
+ $ip = pack('N',ip2long($ip));
582
+ } elseif (strpos($ip, ':') !== false) {
583
+ // ipv6
584
+ $ip = explode(':', $ip);
585
+ $res = str_pad('', (4*(8-count($ip))), '0000', STR_PAD_LEFT);
586
+ foreach ($ip as $seg) {
587
+ $res .= str_pad($seg, 4, '0', STR_PAD_LEFT);
588
  }
589
+ $ip = pack('H'.strlen($res), $res);
590
  }
591
+ return $ip;
592
+ }
593
 
594
  endif;
screenshot-1.png DELETED
Binary file
screenshot-2.png DELETED
Binary file
screenshot-3.png DELETED
Binary file