admin.php
18.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
<?php
class Password_Protected_Admin {
var $settings_page_id;
var $options_group = 'password-protected';
/**
* Constructor
*/
public function __construct() {
global $wp_version;
add_action( 'admin_init', array( $this, 'password_protected_settings' ), 5 );
add_action( 'admin_init', array( $this, 'add_privacy_policy' ) );
add_action( 'admin_menu', array( $this, 'admin_menu' ) );
add_action( 'password_protected_help_tabs', array( $this, 'help_tabs' ), 5 );
add_action( 'admin_notices', array( $this, 'password_protected_admin_notices' ) );
add_filter( 'plugin_row_meta', array( $this, 'plugin_row_meta' ), 10, 4 );
add_filter( 'plugin_action_links_password-protected/password-protected.php', array( $this, 'plugin_action_links' ) );
add_filter( 'pre_update_option_password_protected_password', array( $this, 'pre_update_option_password_protected_password' ), 10, 2 );
add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
}
/**
* Admin enqueue scripts.
*
* @param string $hooks Page Hook.
*/
public function admin_enqueue_scripts( $hooks ) {
if ( 'settings_page_password-protected' === $hooks ) {
wp_enqueue_style( 'password-protected-page-script', PASSWORD_PROTECTED_URL . 'assets/css/admin.css', array(), '2.5.3' );
}
}
/**
* Add Privacy Policy
*/
public function add_privacy_policy() {
if ( ! function_exists( 'wp_add_privacy_policy_content' ) ) {
return;
}
$content = _x( 'The Password Protected plugin stores a cookie on successful password login containing a hashed version of the entered password. It does not store any information about the user. The cookie stored is named <code>bid_n_password_protected_auth</code> where <code>n</code> is the blog ID in a multisite network', 'privacy policy content', 'password-protected' );
wp_add_privacy_policy_content( __( 'Password Protected Plugin', 'password-protected' ), wp_kses_post( wpautop( $content, false ) ) );
}
/**
* Admin Menu
*/
public function admin_menu() {
$capability = apply_filters( 'password_protected_options_page_capability', 'manage_options' );
$this->settings_page_id = add_options_page( __( 'Password Protected', 'password-protected' ), __( 'Password Protected', 'password-protected' ), $capability, 'password-protected', array( $this, 'settings_page' ) );
add_action( 'load-' . $this->settings_page_id, array( $this, 'add_help_tabs' ), 20 );
}
/**
* Settings Page
*/
public function settings_page() {
?>
<div class="wrap">
<div id="icon-options-general" class="icon32"><br /></div>
<h2><?php _e( 'Password Protected Settings', 'password-protected' ) ?></h2>
<form method="post" action="options.php">
<?php
settings_fields( 'password-protected' );
do_settings_sections( 'password-protected' );
?>
<p class="submit"><input type="submit" name="submit" id="submit" class="button button-primary" value="<?php _e( 'Save Changes' ) ?>"></p>
</form>
<div id="login-designer-message">
<?php do_settings_sections( 'password-protected-login-designer' ); ?>
</div>
<div id="help-notice">
<?php do_settings_sections( 'password-protected-compat' ); ?>
</div>
</div>
<?php
}
/**
* Add Help Tabs
*/
public function add_help_tabs() {
global $wp_version;
if ( version_compare( $wp_version, '3.3', '<' ) ) {
return;
}
do_action( 'password_protected_help_tabs', get_current_screen() );
}
/**
* Help Tabs
*
* @param object $current_screen Screen object.
*/
public function help_tabs( $current_screen ) {
$current_screen->add_help_tab( array(
'id' => 'PASSWORD_PROTECTED_SETTINGS',
'title' => __( 'Password Protected', 'password-protected' ),
'content' => __( '<p><strong>Password Protected Status</strong><br />Turn on/off password protection.</p>', 'password-protected' )
. __( '<p><strong>Protected Permissions</strong><br />Allow access for logged in users and administrators without needing to enter a password. You will need to enable this option if you want administrators to be able to preview the site in the Theme Customizer. Also allow RSS Feeds to be accessed when the site is password protected.</p>', 'password-protected' )
. __( '<p><strong>Password Fields</strong><br />To set a new password, enter it into both fields. You cannot set an `empty` password. To disable password protection uncheck the Enabled checkbox.</p>', 'password-protected' )
) );
}
/**
* Settings API
*/
public function password_protected_settings() {
add_settings_section(
'password_protected',
'',
array( $this, 'password_protected_settings_section' ),
$this->options_group
);
add_settings_field(
'password_protected_status',
__( 'Password Protected Status', 'password-protected' ),
array( $this, 'password_protected_status_field' ),
$this->options_group,
'password_protected'
);
add_settings_field(
'password_protected_permissions',
__( 'Protected Permissions', 'password-protected' ),
array( $this, 'password_protected_permissions_field' ),
$this->options_group,
'password_protected'
);
add_settings_field(
'password_protected_password',
__( 'New Password', 'password-protected' ),
array( $this, 'password_protected_password_field' ),
$this->options_group,
'password_protected'
);
add_settings_field(
'password_protected_allowed_ip_addresses',
__( 'Allow IP Addresses', 'password-protected' ),
array( $this, 'password_protected_allowed_ip_addresses_field' ),
$this->options_group,
'password_protected'
);
add_settings_field(
'password_protected_remember_me',
__( 'Allow Remember me', 'password-protected' ),
array( $this, 'password_protected_remember_me_field' ),
$this->options_group,
'password_protected'
);
add_settings_field(
'password_protected_remember_me_lifetime',
__( 'Remember for this many days', 'password-protected' ),
array( $this, 'password_protected_remember_me_lifetime_field' ),
$this->options_group,
'password_protected'
);
add_settings_section(
'password-protected-login-designer',
'',
array( $this, 'login_designer_message' ),
'password-protected-login-designer'
);
register_setting( $this->options_group, 'password_protected_status', 'intval' );
register_setting( $this->options_group, 'password_protected_feeds', 'intval' );
register_setting( $this->options_group, 'password_protected_rest', 'intval' );
register_setting( $this->options_group, 'password_protected_administrators', 'intval' );
register_setting( $this->options_group, 'password_protected_users', 'intval' );
register_setting( $this->options_group, 'password_protected_password', array( $this, 'sanitize_password_protected_password' ) );
register_setting( $this->options_group, 'password_protected_allowed_ip_addresses', array( $this, 'sanitize_ip_addresses' ) );
register_setting( $this->options_group, 'password_protected_remember_me', 'boolval' );
register_setting( $this->options_group, 'password_protected_remember_me_lifetime', 'intval' );
}
/**
* Login Designer Message
*/
function login_designer_message(){
echo '<h3>
🎨' . esc_attr__( 'Now you can customize your Password Protected screen with the', 'password-protected' ) . ' <a href="https://wp.org/plugins/login-designer/">Login Designer plugin</a>🌈
<br>
👉<a href="https://wp.org/plugins/login-designer">' . esc_attr__( 'Try it now! It\'s Free.', 'password-protected' ) . '</a>
</h3>';
}
/**
* Sanitize Password Field Input
*
* @param string $val Password.
* @return string Sanitized password.
*/
public function sanitize_password_protected_password( $val ) {
$old_val = get_option( 'password_protected_password' );
if ( is_array( $val ) ) {
if ( empty( $val['new'] ) ) {
return $old_val;
} elseif ( empty( $val['confirm'] ) ) {
add_settings_error( 'password_protected_password', 'password_protected_password', __( 'New password not saved. When setting a new password please enter it in both fields.', 'password-protected' ) );
return $old_val;
} elseif ( $val['new'] != $val['confirm'] ) {
add_settings_error( 'password_protected_password', 'password_protected_password', __( 'New password not saved. Password fields did not match.', 'password-protected' ) );
return $old_val;
} elseif ( $val['new'] == $val['confirm'] ) {
add_settings_error( 'password_protected_password', 'password_protected_password', __( 'New password saved.', 'password-protected' ), 'updated' );
return $val['new'];
}
return get_option( 'password_protected_password' );
}
return $val;
}
/**
* Sanitize IP Addresses
*
* @param string $val IP addresses.
* @return string Sanitized IP addresses.
*/
public function sanitize_ip_addresses( $val ) {
$ip_addresses = explode( "\n", $val );
$ip_addresses = array_map( 'sanitize_text_field', $ip_addresses );
$ip_addresses = array_map( 'trim', $ip_addresses );
$ip_addresses = array_map( array( $this, 'validate_ip_address' ), $ip_addresses );
$ip_addresses = array_filter( $ip_addresses );
$val = implode( "\n", $ip_addresses );
return $val;
}
/**
* Validate IP Address
*
* @param string $ip_address IP Address.
* @return string Validated IP Address.
*/
private function validate_ip_address( $ip_address ) {
return filter_var( $ip_address, FILTER_VALIDATE_IP );
}
/**
* Password Protected Section
*/
public function password_protected_settings_section() {
echo '<p>' . __( 'Password protect your web site. Users will be asked to enter a password to view the site.', 'password-protected' ) . '<br />
' . __( 'For more information about Password Protected settings, view the "Help" tab at the top of this page.', 'password-protected' ) . '</p>';
}
/**
* Password Protection Status Field
*/
public function password_protected_status_field() {
echo '<label><input name="password_protected_status" id="password_protected_status" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_status' ), false ) . ' /> ' . __( 'Enabled', 'password-protected' ) . '</label>';
}
/**
* Password Protection Permissions Field
*/
public function password_protected_permissions_field() {
echo '<label><input name="password_protected_administrators" id="password_protected_administrators" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_administrators' ), false ) . ' /> ' . __( 'Allow Administrators', 'password-protected' ) . '</label>';
echo '<label><input name="password_protected_users" id="password_protected_users" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_users' ), false ) . ' style="margin-left: 20px;" /> ' . __( 'Allow Logged In Users', 'password-protected' ) . '</label>';
echo '<label><input name="password_protected_feeds" id="password_protected_feeds" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_feeds' ), false ) . ' style="margin-left: 20px;" /> ' . __( 'Allow RSS Feeds', 'password-protected' ) . '</label>';
echo '<label><input name="password_protected_rest" id="password_protected_rest" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_rest' ), false ) . ' style="margin-left: 20px;" /> ' . __( 'Allow REST API Access', 'password-protected' ) . '</label>';
}
/**
* Password Field
*/
public function password_protected_password_field() {
echo '<input type="password" name="password_protected_password[new]" id="password_protected_password_new" size="16" value="" autocomplete="off"> <span class="description">' . __( 'If you would like to change the password type a new one. Otherwise leave this blank.', 'password-protected' ) . '</span><br>
<input type="password" name="password_protected_password[confirm]" id="password_protected_password_confirm" size="16" value="" autocomplete="off"> <span class="description">' . __( 'Type your new password again.', 'password-protected' ) . '</span>';
}
/**
* Allowed IP Addresses Field
*/
public function password_protected_allowed_ip_addresses_field() {
echo '<textarea name="password_protected_allowed_ip_addresses" id="password_protected_allowed_ip_addresses" rows="3" class="large-text" />' . get_option( 'password_protected_allowed_ip_addresses' ) . '</textarea>';
echo '<p class="description">' . esc_html__( 'Enter one IP address per line.', 'password-protected' );
if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
echo ' ' . esc_html( sprintf( __( 'Your IP is address %s.', 'password-protected' ), $_SERVER['REMOTE_ADDR'] ) );
}
echo '</p>';
}
/**
* Remember Me Field
*/
public function password_protected_remember_me_field() {
echo '<label><input name="password_protected_remember_me" id="password_protected_remember_me" type="checkbox" value="1" ' . checked( 1, get_option( 'password_protected_remember_me' ), false ) . ' /></label>';
}
/**
* Remember Me lifetime field
*/
public function password_protected_remember_me_lifetime_field() {
echo '<label><input name="password_protected_remember_me_lifetime" id="password_protected_remember_me_lifetime" type="number" value="' . get_option( 'password_protected_remember_me_lifetime', 14 ) . '" /></label>';
}
/**
* Pre-update 'password_protected_password' Option
*
* Before the password is saved, MD5 it!
* Doing it in this way allows developers to intercept with an earlier filter if they
* need to do something with the plaintext password.
*
* @param string $newvalue New Value.
* @param string $oldvalue Old Value.
* @return string Filtered new value.
*/
public function pre_update_option_password_protected_password( $newvalue, $oldvalue ) {
global $Password_Protected;
if ( $newvalue != $oldvalue ) {
$newvalue = $Password_Protected->encrypt_password( $newvalue );
}
return $newvalue;
}
/**
* Plugin Row Meta
*
* Adds GitHub and translate links below the plugin description on the plugins page.
*
* @param array $plugin_meta Plugin meta display array.
* @param string $plugin_file Plugin reference.
* @param array $plugin_data Plugin data.
* @param string $status Plugin status.
* @return array Plugin meta array.
*/
public function plugin_row_meta( $plugin_meta, $plugin_file, $plugin_data, $status ) {
if ( 'password-protected/password-protected.php' == $plugin_file ) {
$plugin_meta[] = sprintf( '<a href="%s">%s</a>', __( 'http://github.com/benhuson/password-protected', 'password-protected' ), __( 'GitHub', 'password-protected' ) );
$plugin_meta[] = sprintf( '<a href="%s">%s</a>', __( 'https://translate.wordpress.org/projects/wp-plugins/password-protected', 'password-protected' ), __( 'Translate', 'password-protected' ) );
}
return $plugin_meta;
}
/**
* Plugin Action Links
*
* Adds settings link on the plugins page.
*
* @param array $actions Plugin action links array.
* @return array Plugin action links array.
*/
public function plugin_action_links( $actions ) {
$actions[] = sprintf( '<a href="%s">%s</a>', admin_url( 'options-general.php?page=password-protected' ), __( 'Settings', 'password-protected' ) );
return $actions;
}
/**
* Password Admin Notice
* Warns the user if they have enabled password protection but not entered a password
*/
public function password_protected_admin_notices() {
global $Password_Protected;
// Check Support
$screens = $this->plugin_screen_ids( array( 'dashboard', 'plugins' ) );
if ( $this->is_current_screen( $screens ) ) {
$supported = $Password_Protected->is_plugin_supported();
if ( is_wp_error( $supported ) ) {
echo $this->admin_error_display( $supported->get_error_message( $supported->get_error_code() ) );
}
}
// Settings
if ( $this->is_current_screen( $this->plugin_screen_ids() ) ) {
$status = get_option( 'password_protected_status' );
$pwd = get_option( 'password_protected_password' );
if ( (bool) $status && empty( $pwd ) ) {
echo $this->admin_error_display( __( 'You have enabled password protection but not yet set a password. Please set one below.', 'password-protected' ) );
}
if ( current_user_can( 'manage_options' ) && ( (bool) get_option( 'password_protected_administrators' ) || (bool) get_option( 'password_protected_users' ) ) ) {
if ( (bool) get_option( 'password_protected_administrators' ) && (bool) get_option( 'password_protected_users' ) ) {
echo $this->admin_error_display( __( 'You have enabled password protection and allowed administrators and logged in users - other users will still need to enter a password to view the site.', 'password-protected' ) );
} elseif ( (bool) get_option( 'password_protected_administrators' ) ) {
echo $this->admin_error_display( __( 'You have enabled password protection and allowed administrators - other users will still need to enter a password to view the site.', 'password-protected' ) );
} elseif ( (bool) get_option( 'password_protected_users' ) ) {
echo $this->admin_error_display( __( 'You have enabled password protection and allowed logged in users - other users will still need to enter a password to view the site.', 'password-protected' ) );
}
}
}
}
/**
* Admin Error Display
*
* Returns a string wrapped in HTML to display an admin error.
*
* @param string $string Error string.
* @return string HTML error.
*/
private function admin_error_display( $string ) {
return '<div class="error"><p>' . $string . '</p></div>';
}
/**
* Is Current Screen
*
* Checks wether the admin is displaying a specific screen.
*
* @param string|array $screen_id Admin screen ID(s).
* @return boolean
*/
public function is_current_screen( $screen_id ) {
if ( function_exists( 'get_current_screen' ) ) {
$current_screen = get_current_screen();
if ( ! is_array( $screen_id ) ) {
$screen_id = array( $screen_id );
}
if ( in_array( $current_screen->id, $screen_id ) ) {
return true;
}
}
return false;
}
/**
* Plugin Screen IDs
*
* @param string|array $screen_id Additional screen IDs to add to the returned array.
* @return array Screen IDs.
*/
public function plugin_screen_ids( $screen_id = '' ) {
$screen_ids = array( 'options-' . $this->options_group, 'settings_page_' . $this->options_group );
if ( ! empty( $screen_id ) ) {
if ( is_array( $screen_id ) ) {
$screen_ids = array_merge( $screen_ids, $screen_id );
} else {
$screen_ids[] = $screen_id;
}
}
return $screen_ids;
}
}