Changeset 738058

Timestamp:

07/09/2013 02:38:46 AM (11 years ago)

Author:

sean212

Message:

Updates for 2.0.2

Location:

lockdown-wp-admin/trunk

Files:

• README.md (modified) (1 diff)
• admin.php (modified) (1 diff)
• lockdown-wp-admin.php (modified) (30 diffs)
• no-wpmu.php (modified) (3 diffs)
• readme.txt (modified) (2 diffs)

lockdown-wp-admin/trunk/README.md

@@ -88 +88 @@
 
 2.0.1
+
 
-Tiny bug fix.
+2.0.2
+* Query string detection bug fix by [James Bonham](http://wordpress.org/support/profile/jamesbonham)
+* Issues with WordPress in a sub-directory

lockdown-wp-admin/trunk/admin.php

@@ -34 +34 @@
             <br />
             <em>This will change it from <?php echo wp_guess_url(); ?>/wp-login.php to whatever you put in this box. If you leave it <strong>black</strong>, it will be disabled.<br />
-            Say if you put "login" into the box, your new login URL will be <?php echo wp_guess_url(); ?>/login/.</em></label>
+            Say if you put "login" into the box, your new login URL will be <?php echo _url(); ?>/login/.</em></label>
         <?php
 global $auth_obj;
-$url = wp_guess_url() . '/'. $this->login_base;
+$url = _url() . '/'. $this->login_base;
 ?>
         <p>Your current login URL is <code><a href="<?php echo $url; ?>"><?php echo $url; ?></a></code>.</p>

lockdown-wp-admin/trunk/lockdown-wp-admin.php

@@ -5 +5 @@
 Donate link: http://seanfisher.co/donate/
 Description: Securing the WordPress Administration interface by concealing the administration dashboard and changing the login page URL.
-Version: 2.0.1
+Version: 2.0.
 Author: Sean Fisher
 Author URI: http://seanfisher.co/
@@ -18 +18 @@
  *
  * @author   Sean Fisher <me@seanfisher.co>
- * @version  1.9
+ * @version  
  * @license   GPL 
 **/
@@ -29 +29 @@
      * @access private
     **/
-    private $ld_admin_version = 2.0;
+    p;
     
     /**
@@ -45 +45 @@
      * @access  private
     **/
-    private $current_user = FALSE;
+    pr $current_user = FALSE;
     
     /**
@@ -52 +52 @@
      * @access  private
     **/
-    private $login_base = FALSE;
+    pr $login_base = FALSE;
     
     public function __construct()
@@ -78 +78 @@
     {
         // Since PHP saves the HTTP Password in a bunch of places, we have to be able to test for all of them
-        $username = NULL;
-        $password = NULL;
+        $username = $password = NULL;
         
         // mod_php
@@ -153 +152 @@
         if ( isset( $_GET['delete'] ) )
         {
-            //  Delete the user.
+            //Delete the user.
             unset( $users );
             $users = $this->get_private_users();
@@ -165 +164 @@
                         if( $this->current_user !== '' && $to_delete === $this->current_user )
                         {
-                            //  They can't delete themselves!
+                            //They can't delete themselves!
                             define('LD_ERROR', 'delete-self');
                             return;
@@ -198 +197 @@
             return;
         
-        //  Nonce
+        //Nonce
         $nonce = $_POST['_wpnonce'];
         if (! wp_verify_nonce($nonce, 'lockdown-wp-admin') )
             wp_die('Security error, please try again.');
         
-        //  ---------------------------------------------------
-        //  They're updating.
-        //  ---------------------------------------------------
+        //---------------------------------------------------
+        //They're updating.
+        //---------------------------------------------------
         if ( isset( $_POST['http_auth'] ) )
             update_option('ld_http_auth', trim( strtolower( $_POST['http_auth'] ) ) );
@@ -245 +244 @@
         }
         
-        //  Redirect
+        //Redirect
         define('LD_WP_ADMIN', TRUE);
         return;
@@ -259 +258 @@
     private function inauth_headers()
     {
-        //  Disable if there is a text file there.
+        //Disable if there is a text file there.
         if ( file_exists(dirname(__FILE__).DIRECTORY_SEPARATOR.'disable_auth.txt'))
             return;
@@ -292 +291 @@
         $opt = get_option('ld_hide_wp_admin');
         
-        //  Nope, they didn't enable it.
+        //Nope, they didn't enable it.
         if ( $opt !== 'yep' )
             return $this->setup_http_area();
@@ -300 +299 @@
         $no_check_files = apply_filters('no_check_files', $no_check_files);
         
-        $explode = explode('/', $_SERVER['SCRIPT_FILENAME'] );
+        $script_filename = empty($_SERVER['SCRIPT_FILENAME'])
+            ? $_SERVER['PATH_TRANSLATED']
+            : $_SERVER['SCRIPT_FILENAME'];
+        $explode = explode('/', $script_filename);
         $file = end( $explode );
             
             if ( in_array( $file, $no_check_files ) )
             {
+
+
+
+
+
+
+
             define('INTERNAL_AUTH_PASSED', TRUE);
             return;
@@ -328 +337 @@
     public function get_file()
     {
-        //  We're gonna hide it.
+        //We're gonna hide it.
         $no_check_files = array('async-upload.php');
         $no_check_files = apply_filters('no_check_files', $no_check_files);
         
-        $explode = explode('/', $_SERVER['SCRIPT_FILENAME'] );
+        $script_filename = empty($_SERVER['SCRIPT_FILENAME'])
+            ? $_SERVER['PATH_TRANSLATED']
+            : $_SERVER['SCRIPT_FILENAME'];
+        $explode = explode('/', $script_filename );
         return end( $explode );
     }
@@ -345 +357 @@
     protected function setup_http_area()
     {
-        //  We save what type of auth we're doing here.
+        //We save what type of auth we're doing here.
         $opt = get_option('ld_http_auth');
         
@@ -351 +363 @@
         switch( $opt )
         {
-            //  HTTP auth is going to ask for their WordPress creds.
+            //HTTP auth is going to ask for their WordPress creds.
             case 'wp_creds' :
                 $creds = $this->get_http_auth_creds();
@@ -357 +369 @@
                     $this->inauth_headers(); // Invalid credentials
                 
-                //  Are they already logged in as this?
+                //Are they already logged in as this?
                 $current_uid = get_current_user_id();
                 
-                //  We fixed this for use with non WP-MS sites
+                //We fixed this for use with non WP-MS sites
                 $requested_user = get_user_by('login', $creds['username']);
                 
-                //  Not a valid user.
+                //Not a valid user.
                 if (! $requested_user )
                     $this->inauth_headers();
                 
-                //  The correct User ID.
+                //The correct User ID.
                 $requested_uid = (int) $requested_user->ID;
                 
-                //  Already logged in?
+                //Already logged in?
                 if ( $current_uid === $requested_uid )
                 {
@@ -377 +389 @@
                 }
                 
-                //  Attempt to sign them in if they aren't already
+                //Attempt to sign them in if they aren't already
                 if (! is_user_logged_in() ) :
-                    //  Try it via wp_signon
+                    //Try it via wp_signon
                     $creds = array();
                     $creds['user_login'] = $creds['username'];
@@ -386 +398 @@
                     $user = wp_signon( $creds, false );
                     
-                    //  In error :(
+                    //
                     if ( is_wp_error($user) )
                         $this->inauth_headers();
                 endif;
                 
-                //  They passed!
+                //They passed!
                 define('INTERNAL_AUTH_PASSED', TRUE);
             break;
@@ -404 +416 @@
                     return;
                 
-                //  Let's NOT lock everybody out
+                //Let's NOT lock everybody out
                 if ( count( $users ) < 1 )
                     return;
@@ -415 +427 @@
                     $this->inauth_headers();
                 
-                //  Did they enter a valid user?
+                //Did they enter a valid user?
                 if ( $this->user_array_check( $users, $creds['username'], $creds['password'] ) )
                 {
@@ -483 +495 @@
      * @param integer
     **/
-    private function set_current_user( $array, $user )
+    pr function set_current_user( $array, $user )
     {
         foreach( $array as $key => $val )
@@ -510 +522 @@
     public function admin_callback()
     {
-        //  Update the options
+        //Update the options
         $this->update_options();
         
-        //  The UI
+        //The UI
         require_once( dirname( __FILE__ ) . '/admin.php' );
     }   
@@ -541 +553 @@
         $login_base = get_option('ld_login_base');
         
-        //  It's not enabled.
+        //It's not enabled.
         if ( $login_base == NULL || ! $login_base || $login_base == '' )
             return;
@@ -548 +560 @@
         unset( $login_base );
         
-        //  Setup the filters for the new login form
+        //Setup the filters for the new login form
         add_filter('wp_redirect', array( &$this, 'filter_wp_login'));
         add_filter('network_site_url', array( &$this, 'filter_wp_login'));
         add_filter('site_url', array( &$this, 'filter_wp_login'));
         
-        //  We need to get the URL
-        //  This means we need to take the current URL,
-        //  strip it of an WordPress path (if the blog is located @ /blog/)
-        //  And then remove the query string
-        //  We also need to remove the index.php from the URL if it exists
-        
-        //  The blog's URL
+        //We need to get the URL
+        //This means we need to take the current URL,
+        //strip it of an WordPress path (if the blog is located @ /blog/)
+        //And then remove the query string
+        //We also need to remove the index.php from the URL if it exists
+        
+        //The blog's URL
         $blog_url = trailingslashit( get_bloginfo('url') );
         
-        //  The Current URL
+        //The Current URL
         $schema = is_ssl() ? 'https://' : 'http://';
         $current_url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
@@ -569 +581 @@
         $request_url = str_replace('index.php/', '', $request_url);
         
-        list( $base, $query ) = explode( '?', $request_url, 2 );
-        
-        //  Remove trailing slash
+        $url_parts = explode( '?', $request_url, 2 );
+        $base = $url_parts[0];
+
+        // Remove trailing slash
         $base = rtrim($base,"/");
         $exp = explode( '/', $base, 2 );
-        $super_base = reset( $exp );
-        
-        //  Are they visiting wp-login.php?
+        $super_base = ( $exp );
+
+        //Are they visiting wp-login.php?
         if ( $super_base == 'wp-login.php')
             $this->throw_404();
         
-        //  Is this the "login" url?
+        //Is this the "login" url?
         if ( $base !== $this->login_base )
             return FALSE;
@@ -592 +605 @@
         do_action('ld_login_page');
         
-        include ABSPATH . "/wp-login.php";
+        include ABSPATH . ;
         exit;
     }
@@ -609 +622 @@
      * Launch and display the 404 page depending upon the template
      *
-     * @param       void
-     * @return      void
+     * @paramvoid
+     * @returnvoid
     **/
     public function throw_404()
@@ -626 +639 @@
         wp_dequeue_script( 'admin-bar' );
         wp_dequeue_style( 'admin-bar' );
-        
+
         // Template
-        $four_tpl = get_404_template();
+        $four_tpl = );
 
         // Handle the admin bar
@@ -637 +650 @@
         {
             // We're gonna try and get TwentyTen's one
-            $twenty_ten_tpl = apply_filters('LD_404_FALLBACK', WP_CONTENT_DIR . '/themes/twentytwelve/404.php');
+            $twenty_ten_tpl = apply_filters('LD_404_FALLBACK', WP_CONTENT_DIR . '/themes/twentyt/404.php');
             
             if (file_exists($twenty_ten_tpl))

lockdown-wp-admin/trunk/no-wpmu.php

@@ -32 +32 @@
         }
         
-        //  Default options
+        //Default options
         update_option('ld_http_auth', 'none');
         update_option('ld_hide_wp_admin', 'no');
@@ -44 +44 @@
     function network_activate_error()
     {
-        //  De-activate the plugin
+        //De-activate the plugin
         $active_plugins = (array) get_option('active_plugins');
         $active_plugins_network = (array) get_site_option('active_sitewide_plugins');
@@ -104 +104 @@
 }
 
-//  The object.
+//The object.
 $setup_no_wpmu = new Disable_WPMS_Plugin_LD();
 

lockdown-wp-admin/trunk/readme.txt

@@ -6 +6 @@
 Requires at least: 3.3
 Tested up to: 3.5.1
-Stable tag: 2.0.1
+Stable tag: 2.0.
 
 Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.php) as well as add HTTP authentication to the login system. We can also change the login URL from wp-login.php to whatever you'd like: /login, /log-in-here, etc.
@@ -93 +93 @@
 
 = 2.0.1 =
-* Tiny bug fix
+* Bug fix by [Michal Krause](https://github.com/michal-krause)
+
+= 2.0.2 =
+* Query string detection bug fix by [James Bonham](http://wordpress.org/support/profile/jamesbonham)
+* Issues with WordPress in a sub-directory