WordPress plugin: Authentication

// July 25th, 2010 // Cuvedev, Development, Wordpress, download, plugin

So, I finally submitted my first plugin to the WordPress plugin base.

It’s a plugin which add functionality to request visitors authentication before the website can be viewed. It doesn’t use HTTP Authentication, just php and html.
You can choose to use the WordPress authentication functionality to login, or give a password yourself.

Try it out, and give some feedback.

Link to Basic Authentication plugin

Screenshot:
options

25 Responses to “WordPress plugin: Authentication”

  1. Erik says:
    July 25, 2010 at 19:45

    Hey, thanks for this plugin but I’m getting an error when trying to activate it:
    Parse error: syntax error, unexpected T_FUNCTION in /var/www/vhosts/…/httpdocs/wp-content/plugins/basic-authentication/basic-authentication.php on line 22

    Could you help me out on this one?

  2. Erik says:
    July 25, 2010 at 19:49

    I’m sorry, looks like I posted this beneath the wrong post.
    It was ment as a comment on the basic authentication plugin.
    once again my apologies

  3. Klaas Cuvelier says:
    July 25, 2010 at 21:56

    @Erik, apparently your PHP version doesn’t support lambda functions. I just uploaded a version without the lambda functions … it’s now version 1.2. That should work for you. Let me know if it doesn’t.

    Good luck!

  4. Erik says:
    July 25, 2010 at 22:50

    Hi Klaas,
    Thank you for the speedy answer and update, unfortunatly this doesn’t resolve my error.
    I’m not sure what version of php the site uses but I did see that safe mode was “on”.

  5. Klaas Cuvelier says:
    July 26, 2010 at 09:39

    Hmm, weird. Are you sure you have version 1.2? And if you check the editor, are these the first lines you see? 

    add_action('init', 'basic_auth_init');
add_action('admin_menu', 'basic_auth_admin');
  6. Erik says:
    July 26, 2010 at 12:56

    @Klaas: Indeed and yes to both questions. The version is in the first comment section in the editor.

    Ow I now realised that the linenumbers are different, the error is the same but now it says line 66.

  7. Klaas Cuvelier says:
    July 26, 2010 at 14:26

    Ah, apparently I forget to change another function. Done now!
    I’ve tagged version 1.3. Good luck!

  8. Erik says:
    July 26, 2010 at 16:38

    It works now :)
    Thanks again for the quick response and updates

  9. Klaas Cuvelier says:
    July 26, 2010 at 16:47

    You’re very welcome! Thx for the feedback :-)

  10. Sean Dexter says:
    July 30, 2010 at 19:40

    Hello,
    thanks for the plugin, but I have the following problem:
    My WordPress installation is located in /wp (not the root of the webserver) and works without any problems. However, after activating the “Authentication” plugin I do get the following error when I try to access the blog: /wp-login.php was not found on this server. After disabling the plugin the blog works just fine again.

  11. Sean Dexter says:
    July 30, 2010 at 19:55

    Just setup a test blog in the root directory of the web server and the plugin works just fine then, so the problem must be related to how the redirection is done, when WordPress is not present in root.

    Thanks in advance for your help :-)
    Sean.

  12. Klaas Cuvelier says:
    July 30, 2010 at 21:34

    Thanks for letting me know, I fixed it.
    Good luck with it.

    Now version 1.5

  13. Sean Dexter says:
    July 30, 2010 at 21:44

    Great! Works like magic :-D

  14. Klaas Cuvelier says:
    July 30, 2010 at 21:53

    Wicked! Good luck with it!
    And spread it if you can ;-)

  15. John Lloyd says:
    August 6, 2010 at 12:11

    Klaas, thanks for the work on the plugin. I’m curious: If I install the plugin, activate it, and go to the site using another computer with a different browser, would the plugin require me to authenticate?

    Maybe I misunderstand what it’s supposed to do?

    Tnx

  16. John Lloyd says:
    August 6, 2010 at 12:21

    Sorry…my bad. I hadn’t enabled it.

    However, it doesn’t block access to a file in a sub-directory? Is that planned? Correct?

    Tnx.

  17. Klaas Cuvelier says:
    August 6, 2010 at 15:22

    Hi John, thanks for using my plugin.
    The authentication check is executed every time the WordPress framework is initialized, so that’s when you load a normal page, or the backend or such.
    So when you access a file from a sub-directory it isn’t called.

    Maybe if you can describe a little more precise what you are doing/trying to do, I can check if I can add some place where authentication is required.

    gr Klaas

  18. Josh says:
    August 14, 2010 at 18:59

    Hi Klaas,
    Love the simplicity of your plugin. But I have a few questions/problems.

    1. Is there a time limit on the predefined password? I’m building a site for someone who wants to change the password every day and deny access to any user who doesn’t have the current password (even if they logged in the day before with an earlier password).

    I installed your plugin and chose a predefined password. Then I went to a different browser and logged in. Then I returned to my WP-admin and changed the password. When I went back to the other browser, I was still allowed to surf around the site, even though the password had been changed.

    My worry is that once a user logs in with a valid password one day, he will have access to the site the next day (or until he clears his cache) even if the password he used before is no longer valid. How can I prevent this?

    2. I have a PDF on this same site and want it (and everything else on the site to be protected by your authentification/login page). The problem is when I copy the URL of the PDF and paste it into a browser, I can access it, even when the homepage is protected by your plugin. What can I do to protect all the pages of the site, so that no matter what URL someone pastes into the browser, they always get the authentification page?

    Many thanks!
    Josh

  19. Klaas Cuvelier says:
    August 14, 2010 at 20:02

    Hi Josh, thx for the positive feedback.
    Now for your questions,
    1. I’ve thought of it, and since your the second person to ask,
    I’ll put it in the next version (I’ll do it as soon as possible)

    2. This is a bit difficult, since the WordPress installation isn’t initialised when downloading files. But I might be able to fix this with a RewriteRule in the .htacces file. I’ll see what I can do but I can’t promise anything

  20. Josh says:
    August 14, 2010 at 22:53

    Thanks Klaas!
    I’d like to use your plugin to password protect every page, post and piece of media hosted at my site– anything that begins with my homepage URL.
    Thanks for your quick reply and I’m looking forward to the next version!
    Josh

  21. Klaas Cuvelier says:
    August 17, 2010 at 00:00

    Updated to version 1.6.1:

    = 1.6 =
    * description
    * flood message
    * better flood protection
    * defined blocked time
    * if using predefined pwd, you are not loggedin when the pwd changes (even though you’re sessions can still be active)
    * protect files

    = 1.6.1 =
    * debug fix

    Protect files is experimental … Let me know how it works out for you ..

  22. Josh says:
    August 26, 2010 at 17:07

    Hi Klaas,

    Nice work on the update. The password change and subsequent lock-out works perfectly.

    Protect files is still not working for me. PDFs can still be accessed. I didn’t know exactly where to place the additional code in the htaccess file, so I tried the following:

    1. Directly below the last Rewriterule: “RewriteRule . /index.php [L]”

    2. Below the “”

    3. Below the “# END WordPress”

    I pasted in the following code in all cases:
    “RewriteRule ^/wp-content/uploads/(.*) wp-content/plugins/basic-authentication/basic-auth-fileprotect.php?_folder=upload&_protect=$2 [QSA]”

    None worked. Did I skip a step or not put the right code in?

    Thanks again for the awesome plugin!
    Josh

  23. Klaas Cuvelier says:
    August 28, 2010 at 20:15

    Hi Josh,
    glad to hear you still like my plugin, and the first part of the update works for you.
    Now for the htaccess stuff,

    This is how my file looks:
    http://cl.ly/56908600a9cd2e1b0caa

    Hope you can do something with this. Keep me posted.

    gr Klaas

  24. Chance says:
    August 31, 2010 at 07:16

    Hi Klaas,
    You have created a wonderful plug-in! I am having some difficulties, and your insight would greatly be appreciated. My problem is with my RSS feeds and the inability for my users to get to them, I believe because of the rewrite in thee htaccess file. Am I totally missing something or am I even barking up the right tree going in this direction? Your thoughts would be highly appreciated.
    Chance

  25. Klaas Cuvelier says:
    August 31, 2010 at 20:57

    Hi Chance,

    The problem indeed can be caused by the rewrite rule in the htaccess file. Can you give an example of an RSS link?
    I’ll try to fix it this week, as I’m going surfing next week :-)
    gr Klaas

Leave a Reply