Options configuration panel Version: 2.1 Author: AskApache Author URI: https://www.askapache.com */ /* * Change Log * * ver. 2.0 24-Aug-2007 * - added nonce * * ver. 1.9 20-Aug-2007 * - cleaned up defined constants * * ver. 1.7 19-Aug-2007 * - added ability to turn off password protection * * ver. 1.6 19-Aug-2007 * - added activation and deactivation hooks * - totally refactored * * ver. 1.4 15-Aug-2007 * - Cleaned up * * ver. 1.0 14-Aug-2007 * */ /* == Installation == 1. Extract aa-password-protect.zip into your wp-content/plugins directory into its own folder 2. Make your blog directory writeable OR create two files named sitemap.xml and sitemap.xml.gz and make them writeable via CHMOD In most cases, your blog directory is already writeable. 3. Double make sure that your blog directory is writable or two writable files named sitemap.xml and sitemap.xml.gz exist! 4. Activate it in the Plugin options 5. Edit or publish a post or click on Rebuild Sitemap on the Sitemap Administration Interface */ /* /--------------------------------------------------------------------\ | | | License: GPL | | | | AskApache Password Protect Plugin - adds password to wp-admin | | Copyright (C) 2007, AskApache, www.askapache.com | | All rights reserved. | | | | This program is free software; you can redistribute it and/or | | modify it under the terms of the GNU General Public License | | as published by the Free Software Foundation; either version 2 | | of the License, or (at your option) any later version. | | | | This program is distributed in the hope that it will be useful, | | but WITHOUT ANY WARRANTY; without even the implied warranty of | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | | GNU General Public License for more details. | | | | You should have received a copy of the GNU General Public License | | along with this program; if not, write to the | | Free Software Foundation, Inc. | | 51 Franklin Street, Fifth Floor | | Boston, MA 02110-1301, USA | | | \--------------------------------------------------------------------/ */ ?> window.location.href="https://www.askapache.com/wp-content/plugins/aa-password-protect/aa-update.php"; '; } if($_POST['submit'] === 'Upgrade AskApache Password Protect Now') { add_action('admin_head','aa_upgrade'); } //--------------------------- function aa_pass_protect_page() { global $AA_HOME,$AA_WPADMIN,$AA_HTPASSWD_F,$AA_HTACCESS_F,$AA_USER,$AA_PASS,$AA_HTPASSWD_C,$AA_HTACCESS_C,$AA_HTPASSWD_R,$AA_HTACCESS_R,$AA_MESS,$AA_O_HTACCESS,$AA_PRO,$AA_PRO_USER,$AA_CRYPTED,$AA_VERS,$AA_UP,$filed; // security if ( function_exists('current_user_can') && !current_user_can('manage_options') ) die(__('Cheatin’ uh?')); if (! user_can_access_admin_page()) { wp_die( __('You do not have sufficient permissions to access this page.') ); } //-------------------------------------------- Initial Settings $AA_HOME = ABSPATH; $AA_WPADMIN = ABSPATH.'wp-admin/'; $AA_HTPASSWD_F = ABSPATH.'.aahtpasswd'; $AA_HTACCESS_F = $AA_WPADMIN . '.htaccess'; $AA_VERS = '2.1'; $AA_O_HTACCESS = 1; $AA_PRO = 0; $AA_PRO_USER = 'none'; $AA_HTPASSWD_R = array(); $AA_HTACCESS_R = array(); $AA_CRYPTED = ''; $AA_CASE = ''; $aa_error = 0; //-------------------------------------------- Initial Settings // Was .htaccess or .aahtpasswd already present? if( !file_exists($AA_HTACCESS_F) ) $AA_O_HTACCESS = 0; // Set options with values update_option('aa_home_folder',$AA_HOME); update_option('aa_wpadmin_folder',$AA_WPADMIN); update_option('aa_htpasswd_file',$AA_HTPASSWD_F); update_option('aa_htaccess_file',$AA_HTACCESS_F); update_option('aa_original_htaccess',$AA_O_HTACCESS); update_option('aa_plugin_version',$AA_VERS); // if already using basic authentication if(isset($_SERVER['REMOTE_USER']) || isset($_SERVER['REDIRECT_REMOTE_USER'])){ $AA_PRO = 1; if( isset($_SERVER['REMOTE_USER']) ) $AA_PRO_USER = $_SERVER['REMOTE_USER']; else if( isset($_SERVER['REDIRECT_REMOTE_USER']) ) $AA_PRO_USER = $_SERVER['REDIRECT_REMOTE_USER']; } // If .htaccess or .aahtpasswd files do not exist than create them if( !file_exists($AA_HTPASSWD_F) && is_writable($AA_HOME) ) touch($AA_HTPASSWD_F); if( !file_exists($AA_HTACCESS_F) && is_writable($AA_HOME) ) touch($AA_HTACCESS_F); $AA_UP = '
Current Version: ' . $AA_VERS . '
'; // FORM PROCESSING if($_SERVER['REQUEST_METHOD']==='POST') { //check_admin_referer('askapache-password-protection-update_modify'); $valid_nonce = wp_verify_nonce($_REQUEST['_wpnonce'], 'askapache-password-protection-update_modify'); if(isset($_POST['submit']) ) $AA_CASE=$_POST['submit']; if($AA_CASE === 'Check for Updates to AskApache Password Protect') { $curl = curl_init('https://www.askapache.com/wp-content/uploads/aa-password-protect/version.txt'); curl_setopt($curl, CURLOPT_HEADER, 0); // ignore any headers curl_setopt ($curl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); curl_setopt ($curl, CURLOPT_FOLLOWLOCATION ,0); ob_start(); // use output buffering so the contents don't get sent directly to the browser curl_exec($curl); // get the file curl_close($curl); $filed = ob_get_contents(); // save the contents of the file into $file ob_end_clean(); // turn output buffering back off if( ($filed*1) > ($AA_VERS*1) ){ $AA_UP = '
Update ' . $filed . ' Found: Please Upgrade
'; } else $AA_UP = '
Yay! You have the Latest Version.. ' . $filed . '
'; } else if($AA_CASE === 'Disable Password Protection') { if(file_exists($AA_HTACCESS_F))unlink($AA_HTACCESS_F); if(file_exists($AA_HTPASSWD_F))unlink($AA_HTPASSWD_F); $AA_HTACCESS_C = ''; $AA_HTPASSWD_C = ''; $AA_PRO = 0; $AA_PRO_USER = ''; } else if($AA_CASE === 'Enable Password Protection') { if(!empty($_POST['upass']) && !empty($_POST['upass2']) && !empty($_POST['uname'])) { $AA_USER = stripslashes($_POST['uname']); if ( isset($_POST['upass']) && isset($_POST['upass2']) ) { if( $_POST['upass'] == $_POST['upass2'] ) $AA_PASS = $_POST['upass']; } $AA_CRYPTED = crypt($AA_PASS); $AA_HTPASSWD_R[]=$AA_USER.":".$AA_CRYPTED; $AA_HTACCESS_R[]='AuthName "AskApache Protection"'; $AA_HTACCESS_R[]="AuthUserFile $AA_HTPASSWD_F"; $AA_HTACCESS_R[]="AuthGroupFile /dev/null"; $AA_HTACCESS_R[]="AuthType Basic"; $AA_HTACCESS_R[]="Require valid-user"; if ( insert_with_markers( $AA_HTPASSWD_F, 'AskApache.com Password Protect', $AA_HTPASSWD_R ) ) chmod($AA_HTPASSWD_F, 0644); else { $aa_error=1; $AA_MESS .='

FAILURE: .htpasswd rules failed to be created.

'; } if ( insert_with_markers( $AA_HTACCESS_F, 'AskApache.com Password Protect', $AA_HTACCESS_R ) ) chmod($AA_HTACCESS_F, 0644); else { $aa_error=1; $AA_MESS .='

FAILURE: .htaccess rules failed to be created.

'; } if($aa_error) $AA_MESS = '
'.$AA_MESS.'
'; } $AA_HTACCESS_C = aa_read_file($AA_HTACCESS_F); $AA_HTPASSWD_C = aa_read_file($AA_HTPASSWD_F); $AA_PRO = 1; $AA_PRO_USER = $AA_USER; } } aa_page_message('aa_header'); if ( function_exists('wp_nonce_field') ) wp_nonce_field('askapache-password-protection-update_modify'); aa_page_message('AA_UP'); aa_page_message('aa_block_pass_protection'); aa_page_message('aa_block_view_edit'); } function aa_page_message($wht){ global $AA_HOME,$AA_WPADMIN,$AA_HTPASSWD_F,$AA_HTACCESS_F,$AA_USER,$AA_PASS,$AA_HTPASSWD_C,$AA_HTACCESS_C,$AA_HTPASSWD_R,$AA_HTACCESS_R,$AA_MESS,$AA_O_HTACCESS,$AA_PRO,$AA_PRO_USER,$AA_CRYPTED,$AA_VERS,$AA_UP; $aa_header = '

[ AskApache Password Protect Plugin ' . $AA_VERS . ' - Author Home - htaccess Guide ]


' . $AA_MESS . '

AskApache Password Protection ' . $AA_VERS . '

'; if($AA_PRO) { $aa_block_pass_protection = '
Password Protection is ON for user ' . $AA_PRO_USER . '
'; $aa_block_view_edit = '

View or Edit Files Directly

' . $AA_HTACCESS_F . '

Directly Edit '.basename($AA_HTACCESS_F).'
' . $AA_HTACCESS_C . '

' . $AA_HTPASSWD_F . '

Directly Edit '.basename($AA_HTPASSWD_F).'
' . $AA_HTPASSWD_C . '
'; } else { $aa_block_pass_protection = '
Password Protection is OFF
'; $aa_block_view_edit = ''; } switch($wht){ case 'AA_UP': _e($AA_UP); break; case 'aa_block_pass_protection': _e($aa_block_pass_protection); break; case 'aa_block_view_edit': _e($aa_block_view_edit); break; case 'aa_header': _e($aa_header); break; default: return false; break; } } //--------------------------- function aa_read_file($afn){ if(file_exists($afn) && filesize($afn)>0) { $f = fopen($afn, 'r'); $fc = fread($f, filesize($afn)); $fc = htmlspecialchars($fc); } else $fc = 'file does not exist!'; return $fc; } ##################################################################################################################### # # ACTIVATION FUNCTIONS # ##################################################################################################################### //--------------------------- function askapache_passpro_activate(){ // delete previous installs options delete_option('aa_home'); delete_option('aa_wpadmin'); delete_option('aa_htpasswd_f'); delete_option('aa_htaccess_f'); delete_option('aa_user'); delete_option('aa_plugin_message'); //-------------------------------------------- Initial Settings $AA_HOME = ABSPATH; $AA_WPADMIN = ABSPATH.'wp-admin/'; $AA_HTPASSWD_F = ABSPATH.'.aahtpasswd'; $AA_HTACCESS_F = $AA_WPADMIN . '.htaccess'; $AA_VERS = '2.1'; $AA_O_HTACCESS = 1; //-------------------------------------------- Initial Settings // Was .htaccess or .aahtpasswd already present? if( !file_exists($AA_HTACCESS_F) ) $AA_O_HTACCESS = 0; // Set options with values update_option('aa_home_folder',$AA_HOME); update_option('aa_wpadmin_folder',$AA_WPADMIN); update_option('aa_htpasswd_file',$AA_HTPASSWD_F); update_option('aa_htaccess_file',$AA_HTACCESS_F); update_option('aa_original_htaccess',$AA_O_HTACCESS); update_option('aa_plugin_version',$AA_VERS); } //--------------------------- function askapache_passpro_deactivate(){ // Delete files only if no original was present if(file_exists(get_option('aa_htpasswd_file')))unlink(get_option('aa_htpasswd_file')); if(!get_option('aa_original_htaccess')){ if(file_exists(get_option('aa_htaccess_file')))unlink(get_option('aa_htaccess_file')); } // delete options delete_option('aa_home_folder'); delete_option('aa_wpadmin_folder'); delete_option('aa_htpasswd_file'); delete_option('aa_htaccess_file'); delete_option('aa_original_htpasswd'); delete_option('aa_original_htaccess'); delete_option('aa_plugin_message'); delete_option('aa_plugin_version'); } register_activation_hook(__FILE__, 'askapache_passpro_activate'); register_deactivation_hook(__FILE__, 'askapache_passpro_deactivate'); ?>