WordPress.org

Support

Support » Plugins and Hacks » Friends Only » [Resolved] [Plugin: Friends Only] Login requested for every page

[Resolved] [Plugin: Friends Only] Login requested for every page

  • I’ve suddenly discovered that a Friends only login request is being made on every page of my site. Previously it was only requested initially for the site. I don’t know if this is something I have done, or whether it has something to do with the latest WordPress.org version. Any advice/help gratefully received.

    http://wordpress.org/extend/plugins/friends-only/

Viewing 15 replies - 1 through 15 (of 23 total)
  • I got that wrong. It isn’t wanting a login for every page. What happens is, yu log in with your email address to access the site, then if you select a different page it asks for the login email again. After that you can move freely around the site. So it’s actually only asking for the login twice

    Plugin Author Gabe

    @gabrielwhite

    Thanks for that – super useful to know. I’m looking into it now.

    Plugin Author Gabe

    @gabrielwhite

    Quick question that just came to mind – is the initial base URL (e.g. http://www.example.com) the same as the subsequent URL?

    Is the server changing the URL between the two pages (e.g. from http://www.example.com to example.com)?

    Thanks Gabe. This will be a private blog, but I don’t mind sharing it for a while to try and get this sorted out. I appreciate your help.

    http://www.raycastell.co.uk/wordpress

    You can get in with friendsonly instead of an email address -I hope!

    Plugin Author Gabe

    @gabrielwhite

    I think I’ve fixed it.

    Try editing the sentry.php file in the plugin, and replace it entirely with the following code. (Under Plugins -> Editor)

    <?php 
    
    // This function determines whether the user should be displayed the login page based on whether or not they have already authenticated themselves with WordPress (i.e. Administrator logged in), or with the sentry
    
    function fo_runSentry() {
    
    	// Create site URLs to test later for URL hacking or provide access to special pages (e.g. login or FeedWrangler)
    
    	$base_WP_URI = str_replace('www.','',strtolower(get_bloginfo('wpurl')));
    	$clean_URI = str_replace('www.','',strtolower('http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']));
    
    	// If the cookie has already been set, then don't show the sentry
    	if (isset($_COOKIE['verify'])) {
    		return;
    	}
    	// If the user is logged in then don't show the sentry
    	elseif (is_user_logged_in()) {
    		return;
    	}
    	// If the user is requesting media (mostly RSS readers and subscription emails), then let them view the media
    	elseif (strpos($clean_URI, $base_WP_URI.'/wp-content/uploads') === 0) {
    		return;
    	}
    	// If this is a wp-cron request, then don't show the sentry
    	elseif (strpos($clean_URI, $base_WP_URI.'/wp-cron.php') === 0) {
    		return;
    	}
    	// If the user is requesting a FeedWrangler feed, then don't show the sentry
    	elseif (strpos($clean_URI, $base_WP_URI.'/?feed=') === 0) {
    		return;
    	}
    	// If the user is not logged in, but they are trying to log in, then let them see the login page
    	elseif (strpos($clean_URI, $base_WP_URI.'/wp-admin/') === 0 || strpos($clean_URI, $base_WP_URI.'/wp-login.php') === 0) {
    		return;
    	}
    	// If the user is trying to access XML-RPC then don't show the sentry
    	elseif (strpos($clean_URI, $base_WP_URI.'/xmlrpc.php') === 0) {
    		return;
    	}
    
    	if ($_SERVER['HTTP_HOST'] != parse_url(get_bloginfo('wpurl'),PHP_URL_HOST))
    		{
    		header('Location: '.str_replace($_SERVER['HTTP_HOST'], parse_url(get_bloginfo('wpurl'),PHP_URL_HOST), selfURL()));
    		}
    
    	// Load the array of email addresses and clean it up (including removing invalid email addresses)
    
    	$PERMITTED_ADDRESSES = explode(chr(13), get_option('email_list'));
    
    	array_walk($PERMITTED_ADDRESSES, 'fo_cleanAddress');
    
    	// Load and clean the address to be notified by email, then sort them so any null addresses are at the end of the list
    
    	$notify_address = explode (',', get_option('notify_address'));
    	array_walk($notify_address, 'fo_cleanAddress');
    	array_walk($notify_address, 'fo_removeInvalidAddress');
    	array_filter($notify_address, 'strlen');
    	rsort($notify_address);
    
    	// Process the user provided password
    
    	if (isset($_POST['access_email'])) {
    
    		$supplied_address = strtolower(trim($_POST['access_email']));
    
    		if ( strlen($supplied_address) == 0 ) { $supplied_address = 'blank'; }
    
    		if (!in_array($supplied_address, $PERMITTED_ADDRESSES)) {
    
    	  	//Send email notifying of FAILED login
    
    		if (get_option('notify_fail') && is_email($notify_address[0]) && $supplied_address != 'blank') {
    			wp_mail( $notify_address, "[".wp_specialchars_decode(get_bloginfo('name'), ENT_QUOTES)."] FAIL for ".$supplied_address,
    	  		"Failed login at ".wp_specialchars_decode(get_bloginfo('name'), ENT_QUOTES)." by ".$supplied_address."\n\nTime: ".date("H:i:s \(\G\M\TP\)")."\nIP: ".$_SERVER['REMOTE_ADDR']." (http://www.ip2location.com/".$_SERVER['REMOTE_ADDR'].")", "From: Friends Only Notification <".get_settings('admin_email').">");
    		}
    
    		fo_showLoginForm(get_option('prompt_error'));
    
    	  }
    	else {
    		// set cookie if password was validated
    		setcookie("verify", md5($login.'%'.$supplied_address), 0, parse_url(get_bloginfo('wpurl'),PHP_URL_HOST));
    
    		// Clear password protector variables
    		unset($_POST['access_login']);
    		unset($_POST['access_password']);
    		unset($_POST['Submit']);
    
    		// Send email notifying of SUCCESSFUL login
    
    	    if (get_option('notify_success') && is_email($notify_address[0])) {
    	    wp_mail( $notify_address, "[".wp_specialchars_decode(get_bloginfo('name'), ENT_QUOTES)."] SUCCESS for ".$supplied_address,
    	  "Successful login at ".wp_specialchars_decode(get_bloginfo('name'), ENT_QUOTES)." by ".$supplied_address."\n\nTime: ".date("H:i:s \(\G\M\TP\)")."\nIP: ".$_SERVER['REMOTE_ADDR']." (http://www.ip2location.com/".$_SERVER['REMOTE_ADDR'].")", "From: Friends Only Notification <".get_settings('admin_email').">");
    	    }
    
    	  }
    	}
    
    	// Check if password cookie is set
    
    	else {
    	  if (!isset($_COOKIE['verify'])) {
    	    fo_showLoginForm("");
    	  }
    	}
    }
    
    // This function displays the login form if the user is required to authenticate with the sentry
    
    function fo_showLoginForm($error_message) {
    
    	echo "<!DOCTYPE html>
    	<html ";
    
    	echo language_attributes();
    
    	echo ">
    	<head>
    	<title>";
    
    	echo htmlentities(bloginfo('name'));
    
    	echo "
    	</title>
    	  <META HTTP-EQUIV='CACHE-CONTROL' CONTENT='NO-CACHE'>
    	  <META HTTP-EQUIV='PRAGMA' CONTENT='NO-CACHE'>
    	  <META HTTP-EQUIV='CONTENT-TYPE' CONTENT='";
    
    	echo bloginfo('html_type');
    	echo " CHARSET=";
    	echo bloginfo('charset');
    	echo "'>";
    
    	wp_head();
    
    // Reset the CSS styles using the Meyer Reset (http://meyerweb.com/eric/tools/css/reset/) before applying CSS styles
    
    	echo "	<style type='text/css'>
    
    	html, body, div, span, applet, object, iframe,
    	h1, h2, h3, h4, h5, h6, p, blockquote, pre,
    	a, abbr, acronym, address, big, cite, code,
    	del, dfn, em, img, ins, kbd, q, s, samp,
    	small, strike, strong, sub, sup, tt, var,
    	b, u, i, center,
    	dl, dt, dd, ol, ul, li,
    	fieldset, form, label, legend,
    	table, caption, tbody, tfoot, thead, tr, th, td,
    	article, aside, canvas, details, embed,
    	figure, figcaption, footer, header, hgroup,
    	menu, nav, output, ruby, section, summary,
    	time, mark, audio, video {
    		margin: 0;
    		padding: 0;
    		border: 0;
    		font-size: 100%;
    		font: inherit;
    		vertical-align: baseline;
    	}
    
    	article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section {
    		display: block;
    	}
    	body {
    		line-height: 1;
    	}
    	ol, ul {
    		list-style: none;
    	}
    	blockquote, q {
    		quotes: none;
    	}
    	blockquote:before, blockquote:after, q:before, q:after {
    		content: '';
    		content: none;
    	}
    	table {
    		border-collapse: collapse;
    		border-spacing: 0;
    	}
    
    	body {
    		font-family : Tahoma, Verdana, Arial;
    		font-color: #000000;
    		padding-left: 20%;
    		padding-top:50px;
    		padding-bottom: 50px;
    		padding-right: 5%;
    		background-color: #FFFFFF;
    	}
    
    	p	{
    		padding-top: 8px;
    		padding-bottom: 8px;
    	}
    
    	</style>";
    
    	echo "</head>
    
    	<body>
    
    	<p style='font-size: 2em; padding-bottom: 50px;'>";
    
    	echo bloginfo('name');
    
    	echo "</p>";
    
    	if ($error_message == NULL) {
    		echo get_option('prompt_email');
    	}
    	else {
    		echo $error_message;
    	}
    
    	echo "
    	<p>
    	<form method='post'><input style='font-size: 1.2em;' type='input' name='access_email' size='32' />&nbsp;<input type='submit' style='background-color: #DDDDDD; border-color: #AAAAAA; color: #000000; font-family: tahoma, verdana, arial; font-size: 1.2em;' name='Submit' value='";
    
    	echo get_option('prompt_submit');
    
    	echo "' /></form>
    	</p>
    	<br /><p><a href='";
    
    	echo bloginfo('wpurl');
    
    	echo "/wp-admin/' style='color: #CCCCCC; font-size: small;'>Administrator login >></a></p>
    	</body>
    	</html>";
    
    	// stop at this point
    	die();
    }
    
    function fo_cleanAddress(&$value, $key)
    	{
    	    $value = strtolower(trim($value));
    	}
    
    function fo_removeInvalidAddress (&$value, $key)
    	{
        if (!is_email($value)) $value = NULL;
    	}
    
    function selfURL()
    {
        $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
        $protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s;
        $port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
        return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI'];
    } 
    
    function strleft($s1, $s2) { return substr($s1, 0, strpos($s1, $s2)); }
    
    ?>
    Plugin Author Gabe

    @gabrielwhite

    Oh, and just so you know, it was an issue with the domain under which the cookie was being set.

    If you go to:

    http://www.raycastell.co.uk/wordpress

    you’ll see the problem

    if you go to:

    http://raycastell.co.uk/wordpress

    you won’t see the problem

    Thanks so much Gabe. As I’m just waiting for a bunch of people arriving for dinner I’d better leave this until tomorrow. I’ll get back with results.

    I tried modifying sentry.php, but I clearly did something wrong as I couln’t get it to work. When I went to the site afterwards it just displayed code.

    However, I’m totally happy to use http://raycastell.co.uk/wordpress as the normal site address. As you say, it then works fine.

    This really is a useful plugin.

    Plugin Author Gabe

    @gabrielwhite

    0.5.2 is now available and should fix this problem.

    Gabe

    Thanks Gabe. I’ll install it later today.

    I may not have updated correctly. I downloaded version 0.5.2 and unzipped it. I then copied the unzipped folder to plugins and selected ‘merge’ when asked, then copy and replace for all other files. Now I find that I am having to log in to every single page both when I access the site using http://www.raycastell.co.uk and http://raycastell.co.uk

    Plugin Author Gabe

    @gabrielwhite

    Hmm.

    I’m not sure what the story is.

    I’m not sure how you got to the ‘merge’ prompt, so I would recommend deleting the plugin completely from your installation (settings will be preserved), and then reinstall it from within the WordPress UI (Plugins -> Add New).

    Are you on the latest version of WordPress?

    Gabe

    Sorry Gabe. I see that you’ve tried to enter the site. I’d removed your login. It should be back now.

    I deleted friendsonly and reinstalled it at you suggested, but the issue persists I’m afraid.

    Let me know if there is anything else you want me to try.

    Plugin Author Gabe

    @gabrielwhite

    I can’t replicate the bug, sorry. I’m only being asked for my login once (I’ve tried two different browsers).

    Can I suggest you make sure that you quit / reopen your web browser and try again?

    Plugin Author Gabe

    @gabrielwhite

    There’s also a new version of the plugin with a couple of tiny tweaks (but which probably won’t affect the issue you’re seeing).

Viewing 15 replies - 1 through 15 (of 23 total)
  • The topic ‘[Resolved] [Plugin: Friends Only] Login requested for every page’ is closed to new replies.
Skip to toolbar