WordPress.org

Ready to get started?Download WordPress

Forums

Friends Only
[resolved] Login requested for every page (24 posts)

  1. raywp
    Member
    Posted 2 years ago #

    I've suddenly discovered that a Friends only login request is being made on every page of my site. Previously it was only requested initially for the site. I don't know if this is something I have done, or whether it has something to do with the latest WordPress.org version. Any advice/help gratefully received.

    http://wordpress.org/extend/plugins/friends-only/

  2. raywp
    Member
    Posted 2 years ago #

    I got that wrong. It isn't wanting a login for every page. What happens is, yu log in with your email address to access the site, then if you select a different page it asks for the login email again. After that you can move freely around the site. So it's actually only asking for the login twice

  3. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    Thanks for that - super useful to know. I'm looking into it now.

  4. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    Quick question that just came to mind - is the initial base URL (e.g. http://www.example.com) the same as the subsequent URL?

    Is the server changing the URL between the two pages (e.g. from http://www.example.com to example.com)?

  5. raywp
    Member
    Posted 2 years ago #

    Thanks Gabe. This will be a private blog, but I don't mind sharing it for a while to try and get this sorted out. I appreciate your help.

    http://www.raycastell.co.uk/wordpress

    You can get in with friendsonly instead of an email address -I hope!

  6. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    I think I've fixed it.

    Try editing the sentry.php file in the plugin, and replace it entirely with the following code. (Under Plugins -> Editor)

    <?php 
    
    // This function determines whether the user should be displayed the login page based on whether or not they have already authenticated themselves with WordPress (i.e. Administrator logged in), or with the sentry
    
    function fo_runSentry() {
    
    	// Create site URLs to test later for URL hacking or provide access to special pages (e.g. login or FeedWrangler)
    
    	$base_WP_URI = str_replace('www.','',strtolower(get_bloginfo('wpurl')));
    	$clean_URI = str_replace('www.','',strtolower('http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']));
    
    	// If the cookie has already been set, then don't show the sentry
    	if (isset($_COOKIE['verify'])) {
    		return;
    	}
    	// If the user is logged in then don't show the sentry
    	elseif (is_user_logged_in()) {
    		return;
    	}
    	// If the user is requesting media (mostly RSS readers and subscription emails), then let them view the media
    	elseif (strpos($clean_URI, $base_WP_URI.'/wp-content/uploads') === 0) {
    		return;
    	}
    	// If this is a wp-cron request, then don't show the sentry
    	elseif (strpos($clean_URI, $base_WP_URI.'/wp-cron.php') === 0) {
    		return;
    	}
    	// If the user is requesting a FeedWrangler feed, then don't show the sentry
    	elseif (strpos($clean_URI, $base_WP_URI.'/?feed=') === 0) {
    		return;
    	}
    	// If the user is not logged in, but they are trying to log in, then let them see the login page
    	elseif (strpos($clean_URI, $base_WP_URI.'/wp-admin/') === 0 || strpos($clean_URI, $base_WP_URI.'/wp-login.php') === 0) {
    		return;
    	}
    	// If the user is trying to access XML-RPC then don't show the sentry
    	elseif (strpos($clean_URI, $base_WP_URI.'/xmlrpc.php') === 0) {
    		return;
    	}
    
    	if ($_SERVER['HTTP_HOST'] != parse_url(get_bloginfo('wpurl'),PHP_URL_HOST))
    		{
    		header('Location: '.str_replace($_SERVER['HTTP_HOST'], parse_url(get_bloginfo('wpurl'),PHP_URL_HOST), selfURL()));
    		}
    
    	// Load the array of email addresses and clean it up (including removing invalid email addresses)
    
    	$PERMITTED_ADDRESSES = explode(chr(13), get_option('email_list'));
    
    	array_walk($PERMITTED_ADDRESSES, 'fo_cleanAddress');
    
    	// Load and clean the address to be notified by email, then sort them so any null addresses are at the end of the list
    
    	$notify_address = explode (',', get_option('notify_address'));
    	array_walk($notify_address, 'fo_cleanAddress');
    	array_walk($notify_address, 'fo_removeInvalidAddress');
    	array_filter($notify_address, 'strlen');
    	rsort($notify_address);
    
    	// Process the user provided password
    
    	if (isset($_POST['access_email'])) {
    
    		$supplied_address = strtolower(trim($_POST['access_email']));
    
    		if ( strlen($supplied_address) == 0 ) { $supplied_address = 'blank'; }
    
    		if (!in_array($supplied_address, $PERMITTED_ADDRESSES)) {
    
    	  	//Send email notifying of FAILED login
    
    		if (get_option('notify_fail') && is_email($notify_address[0]) && $supplied_address != 'blank') {
    			wp_mail( $notify_address, "[".wp_specialchars_decode(get_bloginfo('name'), ENT_QUOTES)."] FAIL for ".$supplied_address,
    	  		"Failed login at ".wp_specialchars_decode(get_bloginfo('name'), ENT_QUOTES)." by ".$supplied_address."\n\nTime: ".date("H:i:s \(\G\M\TP\)")."\nIP: ".$_SERVER['REMOTE_ADDR']." (http://www.ip2location.com/".$_SERVER['REMOTE_ADDR'].")", "From: Friends Only Notification <".get_settings('admin_email').">");
    		}
    
    		fo_showLoginForm(get_option('prompt_error'));
    
    	  }
    	else {
    		// set cookie if password was validated
    		setcookie("verify", md5($login.'%'.$supplied_address), 0, parse_url(get_bloginfo('wpurl'),PHP_URL_HOST));
    
    		// Clear password protector variables
    		unset($_POST['access_login']);
    		unset($_POST['access_password']);
    		unset($_POST['Submit']);
    
    		// Send email notifying of SUCCESSFUL login
    
    	    if (get_option('notify_success') && is_email($notify_address[0])) {
    	    wp_mail( $notify_address, "[".wp_specialchars_decode(get_bloginfo('name'), ENT_QUOTES)."] SUCCESS for ".$supplied_address,
    	  "Successful login at ".wp_specialchars_decode(get_bloginfo('name'), ENT_QUOTES)." by ".$supplied_address."\n\nTime: ".date("H:i:s \(\G\M\TP\)")."\nIP: ".$_SERVER['REMOTE_ADDR']." (http://www.ip2location.com/".$_SERVER['REMOTE_ADDR'].")", "From: Friends Only Notification <".get_settings('admin_email').">");
    	    }
    
    	  }
    	}
    
    	// Check if password cookie is set
    
    	else {
    	  if (!isset($_COOKIE['verify'])) {
    	    fo_showLoginForm("");
    	  }
    	}
    }
    
    // This function displays the login form if the user is required to authenticate with the sentry
    
    function fo_showLoginForm($error_message) {
    
    	echo "<!DOCTYPE html>
    	<html ";
    
    	echo language_attributes();
    
    	echo ">
    	<head>
    	<title>";
    
    	echo htmlentities(bloginfo('name'));
    
    	echo "
    	</title>
    	  <META HTTP-EQUIV='CACHE-CONTROL' CONTENT='NO-CACHE'>
    	  <META HTTP-EQUIV='PRAGMA' CONTENT='NO-CACHE'>
    	  <META HTTP-EQUIV='CONTENT-TYPE' CONTENT='";
    
    	echo bloginfo('html_type');
    	echo " CHARSET=";
    	echo bloginfo('charset');
    	echo "'>";
    
    	wp_head();
    
    // Reset the CSS styles using the Meyer Reset (http://meyerweb.com/eric/tools/css/reset/) before applying CSS styles
    
    	echo "	<style type='text/css'>
    
    	html, body, div, span, applet, object, iframe,
    	h1, h2, h3, h4, h5, h6, p, blockquote, pre,
    	a, abbr, acronym, address, big, cite, code,
    	del, dfn, em, img, ins, kbd, q, s, samp,
    	small, strike, strong, sub, sup, tt, var,
    	b, u, i, center,
    	dl, dt, dd, ol, ul, li,
    	fieldset, form, label, legend,
    	table, caption, tbody, tfoot, thead, tr, th, td,
    	article, aside, canvas, details, embed,
    	figure, figcaption, footer, header, hgroup,
    	menu, nav, output, ruby, section, summary,
    	time, mark, audio, video {
    		margin: 0;
    		padding: 0;
    		border: 0;
    		font-size: 100%;
    		font: inherit;
    		vertical-align: baseline;
    	}
    
    	article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section {
    		display: block;
    	}
    	body {
    		line-height: 1;
    	}
    	ol, ul {
    		list-style: none;
    	}
    	blockquote, q {
    		quotes: none;
    	}
    	blockquote:before, blockquote:after, q:before, q:after {
    		content: '';
    		content: none;
    	}
    	table {
    		border-collapse: collapse;
    		border-spacing: 0;
    	}
    
    	body {
    		font-family : Tahoma, Verdana, Arial;
    		font-color: #000000;
    		padding-left: 20%;
    		padding-top:50px;
    		padding-bottom: 50px;
    		padding-right: 5%;
    		background-color: #FFFFFF;
    	}
    
    	p	{
    		padding-top: 8px;
    		padding-bottom: 8px;
    	}
    
    	</style>";
    
    	echo "</head>
    
    	<body>
    
    	<p style='font-size: 2em; padding-bottom: 50px;'>";
    
    	echo bloginfo('name');
    
    	echo "</p>";
    
    	if ($error_message == NULL) {
    		echo get_option('prompt_email');
    	}
    	else {
    		echo $error_message;
    	}
    
    	echo "
    	<p>
    	<form method='post'><input style='font-size: 1.2em;' type='input' name='access_email' size='32' />&nbsp;<input type='submit' style='background-color: #DDDDDD; border-color: #AAAAAA; color: #000000; font-family: tahoma, verdana, arial; font-size: 1.2em;' name='Submit' value='";
    
    	echo get_option('prompt_submit');
    
    	echo "' /></form>
    	</p>
    	<br /><p><a href='";
    
    	echo bloginfo('wpurl');
    
    	echo "/wp-admin/' style='color: #CCCCCC; font-size: small;'>Administrator login >></a></p>
    	</body>
    	</html>";
    
    	// stop at this point
    	die();
    }
    
    function fo_cleanAddress(&$value, $key)
    	{
    	    $value = strtolower(trim($value));
    	}
    
    function fo_removeInvalidAddress (&$value, $key)
    	{
        if (!is_email($value)) $value = NULL;
    	}
    
    function selfURL()
    {
        $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
        $protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s;
        $port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
        return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI'];
    } 
    
    function strleft($s1, $s2) { return substr($s1, 0, strpos($s1, $s2)); }
    
    ?>
  7. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    Oh, and just so you know, it was an issue with the domain under which the cookie was being set.

    If you go to:

    http://www.raycastell.co.uk/wordpress

    you'll see the problem

    if you go to:

    http://raycastell.co.uk/wordpress

    you won't see the problem

  8. raywp
    Member
    Posted 2 years ago #

    Thanks so much Gabe. As I'm just waiting for a bunch of people arriving for dinner I'd better leave this until tomorrow. I'll get back with results.

  9. raywp
    Member
    Posted 2 years ago #

    I tried modifying sentry.php, but I clearly did something wrong as I couln't get it to work. When I went to the site afterwards it just displayed code.

    However, I'm totally happy to use http://raycastell.co.uk/wordpress as the normal site address. As you say, it then works fine.

    This really is a useful plugin.

  10. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    0.5.2 is now available and should fix this problem.

    Gabe

  11. raywp
    Member
    Posted 2 years ago #

    Thanks Gabe. I'll install it later today.

  12. raywp
    Member
    Posted 2 years ago #

    I may not have updated correctly. I downloaded version 0.5.2 and unzipped it. I then copied the unzipped folder to plugins and selected 'merge' when asked, then copy and replace for all other files. Now I find that I am having to log in to every single page both when I access the site using http://www.raycastell.co.uk and http://raycastell.co.uk

  13. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    Hmm.

    I'm not sure what the story is.

    I'm not sure how you got to the 'merge' prompt, so I would recommend deleting the plugin completely from your installation (settings will be preserved), and then reinstall it from within the WordPress UI (Plugins -> Add New).

    Are you on the latest version of WordPress?

    Gabe

  14. raywp
    Member
    Posted 2 years ago #

    Sorry Gabe. I see that you've tried to enter the site. I'd removed your login. It should be back now.

    I deleted friendsonly and reinstalled it at you suggested, but the issue persists I'm afraid.

    Let me know if there is anything else you want me to try.

  15. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    I can't replicate the bug, sorry. I'm only being asked for my login once (I've tried two different browsers).

    Can I suggest you make sure that you quit / reopen your web browser and try again?

  16. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    There's also a new version of the plugin with a couple of tiny tweaks (but which probably won't affect the issue you're seeing).

  17. raywp
    Member
    Posted 2 years ago #

    This is confusing. I still have the problem even after rebooting my machine. I also went to another pc and I had the issue there as well. It also happens on my iPad.

  18. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    Thanks for opening up your site again.

    So after much mucking around, it seems that this is an issue with Safari.

    I haven't been able to replicate the bug on Chrome or Firefox.

    Weird thing is I can't see the same bug on other sites using the plugin with Safari, only on yours.

    But other people have definitely reported the same problem.

    So far I haven't been able to untangle it, but I'll keep looking - I suspect that Safari handles setting cookies differently to other browsers (the cookie isn't being set for your site, for some reason).

    Gabe

  19. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    Try 0.6.0 now available in the repository - I've redesigned the way it stores session data.

    Let me know how you go.

    Gabe

  20. raywp
    Member
    Posted 2 years ago #

    I'll try and have a go at this later today.

    By the way, although I use Safari on my iPad. The other machines use IE

  21. raywp
    Member
    Posted 2 years ago #

    YES. Version 0.6.0 has fixed the problem. Everything is working fine for me. Well done!

  22. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    Fantastic. Thanks so much for persisting and helping me solve this one. It's been something I've been trying to resolve for a while.

  23. spayne
    Member
    Posted 2 years ago #

    Gabe, The plugin works great! I was wanting know if there was a way I could designate the password protection for certain pages. . . not the entire website. Though there are other plugins out there that do this, I LOVE the fact I can designate the actual passwords.

    Reason: We sell products that have serial numbers, I will paste the valid serial numbers to represent the password. This will allow us to protect the documentation for certain products. Since we have more than one product, I was hoping the plugin would only allow people to view the documentation for the product they have purchased.

    Hope that makes sense. Thanks in advance!

  24. Gabe
    Member
    Plugin Author

    Posted 2 years ago #

    What you suggest sounds like a good idea - you're welcome to try to hack the plugin to do what you want, but it would require some pretty serious architectural changes (page-level authentication, different authentication lists for different pages), so my hunch is that what you want to do is pretty far beyond what this plugin can do at the moment...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic