diff --git a/password-protected.php b/password-protected.php index b446eab..5387dcb 100644 --- a/password-protected.php +++ b/password-protected.php @@ -5,6 +5,7 @@ Plugin URI: https://wordpress.org/plugins/password-protected/ Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work with some caching setups. Version: 2.2.5 +Requires PHP: 7.1 Author: Ben Huson Text Domain: password-protected Author URI: http://github.com/benhuson/password-protected/ @@ -42,6 +43,18 @@ class Password_Protected { + private const OPTION_ADMINISTRATORS = 'password_protected_administrators'; + private const OPTION_ALLOWED_IP_ADDRESSES = 'password_protected_allowed_ip_addresses'; + private const OPTION_FEEDS = 'password_protected_feeds'; + private const OPTION_PASSWORD = 'password_protected_password'; + private const OPTION_PASSWORD_PROTECTED = 'password_protected_password'; + private const OPTION_REMEMBER_ME = 'password_protected_remember_me'; + private const OPTION_REMEMBER_ME_LIFETIME = 'password_protected_remember_me_lifetime'; + private const OPTION_REST = 'password_protected_rest'; + private const OPTION_STATUS = 'password_protected_status'; + private const OPTION_USERS = 'password_protected_users'; + private const OPTION_VERSION = 'password_protected_version'; + var $version = '2.2.5'; var $admin = null; var $errors = null; @@ -54,6 +67,7 @@ public function __construct() { $this->errors = new WP_Error(); register_activation_hook( __FILE__, array( &$this, 'install' ) ); + register_uninstall_hook( __FILE__, array( __CLASS__, 'uninstall' ) ); add_action( 'plugins_loaded', array( $this, 'load_plugin_textdomain' ) ); @@ -122,7 +136,7 @@ public function is_active() { return false; } - if ( (bool) get_option( 'password_protected_status' ) ) { + if ( (bool) get_option( self::OPTION_STATUS ) ) { $is_active = true; } else { $is_active = false; @@ -174,7 +188,7 @@ public function disable_feed() { */ public function allow_feeds( $bool ) { - if ( is_feed() && (bool) get_option( 'password_protected_feeds' ) ) { + if ( is_feed() && (bool) get_option( self::OPTION_FEEDS ) ) { return 0; } @@ -190,7 +204,7 @@ public function allow_feeds( $bool ) { */ public function allow_administrators( $bool ) { - if ( ! is_admin() && current_user_can( 'manage_options' ) && (bool) get_option( 'password_protected_administrators' ) ) { + if ( ! is_admin() && current_user_can( 'manage_options' ) && (bool) get_option( self::OPTION_ADMINISTRATORS ) ) { return 0; } @@ -206,7 +220,7 @@ public function allow_administrators( $bool ) { */ public function allow_users( $bool ) { - if ( ! is_admin() && is_user_logged_in() && (bool) get_option( 'password_protected_users' ) ) { + if ( ! is_admin() && is_user_logged_in() && (bool) get_option( self::OPTION_USERS ) ) { return 0; } @@ -241,7 +255,7 @@ public function allow_ip_addresses( $bool ) { */ public function get_allowed_ip_addresses() { - return explode( "\n", get_option( 'password_protected_allowed_ip_addresses' ) ); + return explode( "\n", get_option( self::OPTION_ALLOWED_IP_ADDRESSES ) ); } @@ -252,7 +266,7 @@ public function get_allowed_ip_addresses() { */ public function allow_remember_me() { - return (bool) get_option( 'password_protected_remember_me' ); + return (bool) get_option( self::OPTION_REMEMBER_ME ); } @@ -297,7 +311,7 @@ public function maybe_process_login() { if ( $this->is_active() && isset( $_REQUEST['password_protected_pwd'] ) ) { $password_protected_pwd = $_REQUEST['password_protected_pwd']; - $pwd = get_option( 'password_protected_password' ); + $pwd = get_option( self::OPTION_PASSWORD_PROTECTED ); // If correct password... if ( ( hash_equals( $pwd, $this->encrypt_password( $password_protected_pwd ) ) && $pwd != '' ) || apply_filters( 'password_protected_process_login', false, $password_protected_pwd ) ) { @@ -494,7 +508,7 @@ public function logout_link_shortcode( $atts, $content = null ) { */ public function get_hashed_password() { - return md5( get_option( 'password_protected_password' ) . wp_salt() ); + return md5( get_option( self::OPTION_PASSWORD_PROTECTED ) . wp_salt() ); } @@ -604,7 +618,7 @@ public function parse_auth_cookie( $cookie = '', $scheme = '' ) { public function set_auth_cookie( $remember = false, $secure = '') { if ( $remember ) { - $expiration_time = apply_filters( 'password_protected_auth_cookie_expiration', get_option( 'password_protected_remember_me_lifetime', 14 ) * DAY_IN_SECONDS, $remember ); + $expiration_time = apply_filters( 'password_protected_auth_cookie_expiration', get_option( self::OPTION_REMEMBER_ME_LIFETIME, 14 ) * DAY_IN_SECONDS, $remember ); $expiration = $expire = current_time( 'timestamp' ) + $expiration_time; } else { $expiration_time = apply_filters( 'password_protected_auth_cookie_expiration', DAY_IN_SECONDS * 20, $remember ); @@ -652,11 +666,11 @@ public function cookie_name() { */ public function install() { - $old_version = get_option( 'password_protected_version' ); + $old_version = get_option( self::OPTION_VERSION ); // 1.1 - Upgrade to MD5 if ( empty( $old_version ) || version_compare( '1.1', $old_version ) ) { - $pwd = get_option( 'password_protected_password' ); + $pwd = get_option( self::OPTION_PASSWORD ); if ( ! empty( $pwd ) ) { $new_pwd = $this->encrypt_password( $pwd ); update_option( 'password_protected_password', $new_pwd ); @@ -667,6 +681,28 @@ public function install() { } + /** + * Uninstall + */ + public static function uninstall() { + $options = array( + self::OPTION_ADMINISTRATORS, + self::OPTION_ALLOWED_IP_ADDRESSES, + self::OPTION_FEEDS, + self::OPTION_PASSWORD, + self::OPTION_PASSWORD_PROTECTED, + self::OPTION_REMEMBER_ME, + self::OPTION_REMEMBER_ME_LIFETIME, + self::OPTION_REST, + self::OPTION_STATUS, + self::OPTION_USERS, + self::OPTION_VERSION, + ); + foreach ( $options as $option ) { + delete_option($option); + } + } + /** * Compat * @@ -804,7 +840,7 @@ static function is_plugin_supported() { public function only_allow_logged_in_rest_access( $access ) { // If user is not logged in - if ( $this->is_active() && ! $this->is_user_logged_in() && ! is_user_logged_in() && ! (bool) get_option( 'password_protected_rest' ) ) { + if ( $this->is_active() && ! $this->is_user_logged_in() && ! is_user_logged_in() && ! (bool) get_option( self::OPTION_REST ) ) { return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the REST API.', 'password-protected' ), array( 'status' => rest_authorization_required_code() ) ); }