WordPress plugin: Authentication
// juli 25th, 2010 // Cuvedev, Development, download, plugin, Wordpress
Tags: authentication, http, login, php, plugin, website, WordpressSo, I finally submitted my first plugin to the WordPress plugin base.
It’s a plugin which add functionality to request visitors authentication before the website can be viewed. It doesn’t use HTTP Authentication, just php and html.
You can choose to use the WordPress authentication functionality to login, or give a password yourself.
Try it out, and give some feedback.
Link to Basic Authentication plugin
Screenshot:
– Update:
Now compatible with WordPress 3.3
46 Responses to “WordPress plugin: Authentication”
Leave a Reply
Tags
10.4
add-on
app
asrock
Boxee
button
console
Cuvedev
cuvelier
development
english
ep2
eprogrammeur
facebook
felicia
firefox
Greasemonkey
greaseymonkey
header
ion
klaas
like
Linux
lucid
minimal
Mint
Netlog
notification
notify-osd
oneiric
php
picture
plugin
popup
python
quickicon
script
smilies
smiliescript
static
stubru
ubuntu
userscript
vrt
Wordpress 
- Klaas Cuvelier said: That's actually something I didn't think of yet. I...
- Andrew said: Klaas, How would one go about creating a link t...
- Patrick said: Hi, I had to google about the same problem with t...
- Klaas Cuvelier said: @Rob, I've updated the code!...
- Klaas Cuvelier said: Great! I'll update the plugin on the website as s...
- Rob Record said: Hi Klaas, I found that your plugin doesn’t redirec...
- No popular articles yet
10.4
add-on
app
asrock
Boxee
button
console
Cuvedev
cuvelier
development
english
ep2
eprogrammeur
facebook
felicia
firefox
Greasemonkey
greaseymonkey
header
ion
klaas
like
Linux
lucid
minimal
Mint
Netlog
notification
notify-osd
oneiric
php
picture
plugin
popup
python
quickicon
script
smilies
smiliescript
static
stubru
ubuntu
userscript
vrt
Wordpress
Hey, thanks for this plugin but I’m getting an error when trying to activate it:
Parse error: syntax error, unexpected T_FUNCTION in /var/www/vhosts/…/httpdocs/wp-content/plugins/basic-authentication/basic-authentication.php on line 22
Could you help me out on this one?
I’m sorry, looks like I posted this beneath the wrong post.
It was ment as a comment on the basic authentication plugin.
once again my apologies
@Erik, apparently your PHP version doesn’t support lambda functions. I just uploaded a version without the lambda functions … it’s now version 1.2. That should work for you. Let me know if it doesn’t.
Good luck!
Hi Klaas,
Thank you for the speedy answer and update, unfortunatly this doesn’t resolve my error.
I’m not sure what version of php the site uses but I did see that safe mode was “on”.
Hmm, weird. Are you sure you have version 1.2? And if you check the editor, are these the first lines you see?
add_action('init', 'basic_auth_init'); add_action('admin_menu', 'basic_auth_admin');@Klaas: Indeed and yes to both questions. The version is in the first comment section in the editor.
Ow I now realised that the linenumbers are different, the error is the same but now it says line 66.
Ah, apparently I forget to change another function. Done now!
I’ve tagged version 1.3. Good luck!
It works now
Thanks again for the quick response and updates
You’re very welcome! Thx for the feedback
Hello,
thanks for the plugin, but I have the following problem:
My WordPress installation is located in /wp (not the root of the webserver) and works without any problems. However, after activating the “Authentication” plugin I do get the following error when I try to access the blog: /wp-login.php was not found on this server. After disabling the plugin the blog works just fine again.
Just setup a test blog in the root directory of the web server and the plugin works just fine then, so the problem must be related to how the redirection is done, when WordPress is not present in root.
Thanks in advance for your help
Sean.
Thanks for letting me know, I fixed it.
Good luck with it.
Now version 1.5
Great! Works like magic
Wicked! Good luck with it!
And spread it if you can
Klaas, thanks for the work on the plugin. I’m curious: If I install the plugin, activate it, and go to the site using another computer with a different browser, would the plugin require me to authenticate?
Maybe I misunderstand what it’s supposed to do?
Tnx
Sorry…my bad. I hadn’t enabled it.
However, it doesn’t block access to a file in a sub-directory? Is that planned? Correct?
Tnx.
Hi John, thanks for using my plugin.
The authentication check is executed every time the WordPress framework is initialized, so that’s when you load a normal page, or the backend or such.
So when you access a file from a sub-directory it isn’t called.
Maybe if you can describe a little more precise what you are doing/trying to do, I can check if I can add some place where authentication is required.
gr Klaas
Hi Klaas,
Love the simplicity of your plugin. But I have a few questions/problems.
1. Is there a time limit on the predefined password? I’m building a site for someone who wants to change the password every day and deny access to any user who doesn’t have the current password (even if they logged in the day before with an earlier password).
I installed your plugin and chose a predefined password. Then I went to a different browser and logged in. Then I returned to my WP-admin and changed the password. When I went back to the other browser, I was still allowed to surf around the site, even though the password had been changed.
My worry is that once a user logs in with a valid password one day, he will have access to the site the next day (or until he clears his cache) even if the password he used before is no longer valid. How can I prevent this?
2. I have a PDF on this same site and want it (and everything else on the site to be protected by your authentification/login page). The problem is when I copy the URL of the PDF and paste it into a browser, I can access it, even when the homepage is protected by your plugin. What can I do to protect all the pages of the site, so that no matter what URL someone pastes into the browser, they always get the authentification page?
Many thanks!
Josh
Hi Josh, thx for the positive feedback.
Now for your questions,
1. I’ve thought of it, and since your the second person to ask,
I’ll put it in the next version (I’ll do it as soon as possible)
2. This is a bit difficult, since the WordPress installation isn’t initialised when downloading files. But I might be able to fix this with a RewriteRule in the .htacces file. I’ll see what I can do but I can’t promise anything
Thanks Klaas!
I’d like to use your plugin to password protect every page, post and piece of media hosted at my site– anything that begins with my homepage URL.
Thanks for your quick reply and I’m looking forward to the next version!
Josh
Updated to version 1.6.1:
= 1.6 =
* description
* flood message
* better flood protection
* defined blocked time
* if using predefined pwd, you are not loggedin when the pwd changes (even though you’re sessions can still be active)
* protect files
= 1.6.1 =
* debug fix
Protect files is experimental … Let me know how it works out for you ..
Hi Klaas,
Nice work on the update. The password change and subsequent lock-out works perfectly.
Protect files is still not working for me. PDFs can still be accessed. I didn’t know exactly where to place the additional code in the htaccess file, so I tried the following:
1. Directly below the last Rewriterule: “RewriteRule . /index.php [L]”
2. Below the “”
3. Below the “# END WordPress”
I pasted in the following code in all cases:
“RewriteRule ^/wp-content/uploads/(.*) wp-content/plugins/basic-authentication/basic-auth-fileprotect.php?_folder=upload&_protect=$2 [QSA]”
None worked. Did I skip a step or not put the right code in?
Thanks again for the awesome plugin!
Josh
Hi Josh,
glad to hear you still like my plugin, and the first part of the update works for you.
Now for the htaccess stuff,
This is how my file looks:
http://cl.ly/56908600a9cd2e1b0caa
Hope you can do something with this. Keep me posted.
gr Klaas
Hi Klaas,
You have created a wonderful plug-in! I am having some difficulties, and your insight would greatly be appreciated. My problem is with my RSS feeds and the inability for my users to get to them, I believe because of the rewrite in thee htaccess file. Am I totally missing something or am I even barking up the right tree going in this direction? Your thoughts would be highly appreciated.
Chance
Hi Chance,
The problem indeed can be caused by the rewrite rule in the htaccess file. Can you give an example of an RSS link?
I’ll try to fix it this week, as I’m going surfing next week
gr Klaas
Hi Klaas, Love the simplicity of your plugin. But I have a few questions/problems. 1. Is there a time limit on the predefined password? I’m building a site for someone who wants to change the password every day and deny access to any user who doesn’t have the current password (even if they logged in the day before with an earlier password). I installed your plugin and chose a predefined password. Then I went to a different browser and logged in. Then I returned to my WP-admin and changed the password. When I went back to the other browser, I was still allowed to surf around the site, even though the password had been changed. My worry is that once a user logs in with a valid password one day, he will have access to the site the next day (or until he clears his cache) even if the password he used before is no longer valid. How can I prevent this? 2. I have a PDF on this same site and want it (and everything else on the site to be protected by your authentification/login page). The problem is when I copy the URL of the PDF and paste it into a browser, I can access it, even when the homepage is protected by your plugin. What can I do to protect all the pages of the site, so that no matter what URL someone pastes into the browser, they always get the authentification page? Many thanks! Josh
Hello Klaas, very nice and useful plugin! Works great!
I’m also using WordPress iPhone App (ios.wordpress.org) and seems to be some kind of incompatibility. With the plugin active the iPhone app doesn’t connect to WP.
I think is related to xml rpc. With your plugin active, it’s not possible to reach uri/xmlrpc.php (always ask for password). Can you help? Thanks in advance! Fabio
hmmmz, Cuve… Ik heb de plugin geïnstalleerd en hij werkt keurig in Firefox en IE, maar in Chrome kan ik gewoon de website bekijken die op slot hoort te zijn?
… en nu werkt ‘t wel. Zou het komen omdat ik Chrome nét heb geïnstalleerd, hij mn settings van Firefox (ofzo) heeft overgenomen waardoor er iets geplaatst was in Chrome dat hij dacht dat ‘ie ingelogd was? Vreemd scenario, maar… what else?
@Jasper
Is indeed pretty weird. Probably indeed a mess-up because of the import or something might explain it. Because everything is done server-side (except for storing the cookie of course), so it’s pretty browser independent …
@Georgia Witt:
Sure you got the latest version?
1. You should be logged out when the password is changed, since version 1.6
2. Protecting files is also something I added in version 1.6, but it’s experimental. Did you try it?
I’m sorry for the late response, gr Klaas
@Fabio: it’s fixed!
I made a new version with the fix in it. Enjoy!
Just perfect! Works like a charm now! Thank you very much! Rgds, Fabio
I like the plugin, but discovered it causes cron not to work. When I schedule a post publish and Basic Authentication is enabled, the scheduled time is missed. Then I noticed that no scheduled event is attempted. Have you encountered this and do you have any suggestions?
I’ll check it out asap and let you know when it’s fixed.
Thanks for the report
Hey,
I love this plugin. I have been searching for one to do exactly this for 3 days now.
Though I wondered if there was anyway to change the way that it looks…
…I know that there are plugins out there where you can customise the login design, so i wondered if you knew how i might go about doing this. I am using the separate password option rather than the standard username and login.
@Rebecca, thx for the response.
At the moment I do not have enough time to build in an option to change login designs.
If you have some HTML and PHP knowledge, you might be able to do it yourself? It’s all in basic-auth-login.php
gr Klaas
This is a good plugin as I was looking to protect my blog from prying eyes. However, when I look at this on my smart phone (Iphone) it will never allow me to log on. Have you seen this before?
This is nice, however, I do see that when trying to log on this on a smartphone (Iphone) that it will never login. Do you know what could be going on?
Thanks
Hey, the plugin is exactly what I am looking for, but after typing the right password the index.php is not found. Is this problem familiar and if so is there a solution? The URL I got redirected after typing the right password sounds strange,,,”http://mydomain.de/folder/wordpress/http://adomaintheblogisredirctedto.de/” … but maybe this is right?
Hi Philipp,
Thanks for using my plugin and the feedback. I actually don’t do any development on this plugin, but I might take a look at it next week.
I’ve never heard of this problem, but I think it is caused by the fact WordPress is not installed in the root of your domain or you’re doing some redirecting/cloaking of your domain.
Can you give me your exact setup so I can try to reproduce this if I have some time next week.
gr Klaas
Hi Klaas, I found that your plugin doesn’t redirect to the right URL if WP is installed in a subdirectory.
To fix this I made the following edits in the basic-authentication.php file:
at line 38 I added:
$wp_dir = str_replace(‘http://’ . $_SERVER['HTTP_HOST'], ”, site_url());
$redirect_url = $wp_dir . $url;
and at (what is now) line 62 I changed urlencode($url) to urlencode($redirect_url)
Hope that helps! Great plugin, thanks for making it.
Great!
I’ll update the plugin on the website as soon as possible!
Thank you Rob.
@Rob, I’ve updated the code!
Klaas,
How would one go about creating a link to logout (clear the session and prevent ‘back’) and return the user to the login page?
That’s actually something I didn’t think of yet. I’ll try to implement it as soon as possible. Thanks for the idea, I’ll keep you posted