log1x / sage-password-protected
该包已废弃,不再维护。未建议替代包。
一个简单的Roots Sage密码保护包,可使用过滤器自定义。
v1.0.1
2018-11-18 07:49 UTC
Requires
- php: >=7.0
- composer/installers: ^1.0
This package is auto-updated.
Last update: 2024-02-08 13:05:39 UTC
README
Sage Password Protected是一个简单的密码保护包,用于与开发者使用的Sage 9配合使用。没有管理页面、没有样式、没有JavaScript、没有冗余。只需将您自己的配置传递给提供的过滤器即可。
您可以使用ACF在主题选项内轻松构建自己的字段组,或者传递一个过滤器,使其仅在WP_ENV
不等于production
时启用。
要求
安装
通过Composer安装
composer require log1x/sage-password-protected
使用
开箱即用,此包绝对不做任何事情,因为所有值默认为false。要开始,请通过提供的过滤器传递一个包含您值的数组。在传递密码时,您必须通过password_hash()
传递它,或者如果您使用ACF,请使用我的acf-encrypted-password字段。
配置
默认值
以下是默认/可能的配置值。
/** * Default configuration for Sage Password Protected * * @return array */ add_filter('password_protected', function () { return [ 'active' => false, 'password' => false, 'secret' => $this->secret, 'allowFeeds' => false, 'allowAdmins' => false, 'allowUsers' => false, 'allowIpAddresses' => false, 'allowedIpAddresses' => [], 'title' => $this->name() ]; });
示例
以下是个人示例,说明我是如何与ACF和ACF Fluent一起处理配置的。
/** * Configuration for Sage Password Protected. * * @return array */ add_filter('password_protected', function () { return [ 'active' => Acf::option('password_protected')->get(), 'password' => Acf::option('password')->get(), 'allowFeeds' => Acf::option('password_show_feeds')->get(), 'allowAdmins' => Acf::option('password_allow_administrators')->get(), 'allowUsers' => Acf::option('password_allow_users')->get(), 'allowIpAddresses' => Acf::option('password_allow_by_ip_address')->get(), 'allowedIpAddresses' => Acf::option('password_allowed_ip_addresses')->get(), ]; });
ACF Builder
如果您正在使用ACF Builder,则可以使用我上面的过滤器以及
<?php namespace App; use StoutLogic\AcfBuilder\FieldsBuilder; $config = (object) [ 'ui' => 1, 'wrapper' => ['width' => 30], 'ip' => $_SERVER['X-Forwarded-For'] ?? $_SERVER['REMOTE_ADDR'], ]; $password = new FieldsBuilder('password_protected'); $password ->addTab('password_protected', ['placement' => 'left']); $password ->addTrueFalse('password_protected', ['ui' => $config->ui]) ->setInstructions('Enable site-wide password protection?') ->addField('password', 'encrypted_password', ['wrapper' => $config->wrapper]) ->setInstructions('Enter the login password.') ->conditional('password_protected', '==', '1') ->addTrueFalse('password_show_feeds', ['label' => 'Show Feeds?', 'ui' => $config->ui]) ->setInstructions('Enable RSS Feeds without a password?') ->conditional('password_protected', '==', '1') ->addTrueFalse('password_allow_ip_address', ['label' => 'Allow by IP Address', 'ui' => $config->ui]) ->setInstructions('Enable whitelisting users by their IP Address.') ->conditional('password_protected', '==', '1') ->addRepeater('password_allowed_ip_addresses', ['label' => 'Allowed IP Addresses', 'button_label' => 'Add IP Address']) ->conditional('password_protected', '==', '1') ->and('password_allow_ip_address', '==', '1') ->setInstructions('Current IP Address: ' . $config->ip) ->addText('ip_address', ['label' => 'IP Address', 'placeholder' => $config->ip]) ->setInstructions('The IP Address of the user to allow through password protection.') ->addText('ip_address_comment', ['label' => 'Comment', 'placeholder' => 'John Doe\'s Home']) ->setInstructions('A comment containing an identifier for this IP address. This is strictly for organization purposes.') ->endRepeater() ->addTrueFalse('password_allow_users', ['ui' => $config->ui]) ->setInstructions('Allow bypassing password protection while logged in as a user.') ->conditional('password_protected', '==', '1') ->addTrueFalse('password_allow_administrators', ['ui' => $config->ui]) ->conditional('password_protected', '==', '1') ->and('password_allow_users', '==', '0') ->setInstructions('Allow bypassing password protection while logged in as an administrator.'); return $password;
安全
显然,cookie并不绝对安全,我传递给openssl_encrypt()
的默认哈希令人发笑,将加密密码的MD5作为哈希存储也是令人发笑的——但让我们面对现实,这是一个简单的密码保护包,用于在诸如预览(防止网络爬虫)等情况下保护您的面向公众的网站,并且我个人认为我为此付出的努力已经足够过头了。
贡献
任何贡献都受到赞赏。还有一些事情尚未触及,例如自定义cookie哈希、过滤Blade视图位置等。
❤️