log1x/sage-password-protected

该包已废弃,不再维护。未建议替代包。

一个简单的Roots Sage密码保护包,可使用过滤器自定义。

安装: 108

依赖: 0

建议者: 0

安全: 0

星星: 17

关注者: 4

分支: 4

类型:package

v1.0.1 2018-11-18 07:49 UTC

This package is auto-updated.

Last update: 2024-02-08 13:05:39 UTC


README

Latest Stable Version Total Downloads

Sage Password Protected是一个简单的密码保护包,用于与开发者使用的Sage 9配合使用。没有管理页面、没有样式、没有JavaScript、没有冗余。只需将您自己的配置传递给提供的过滤器即可。

您可以使用ACF在主题选项内轻松构建自己的字段组,或者传递一个过滤器,使其仅在WP_ENV不等于production时启用。

要求

安装

通过Composer安装

composer require log1x/sage-password-protected

使用

开箱即用,此包绝对不做任何事情,因为所有值默认为false。要开始,请通过提供的过滤器传递一个包含您值的数组。在传递密码时,您必须通过password_hash()传递它,或者如果您使用ACF,请使用我的acf-encrypted-password字段。

配置

默认值

以下是默认/可能的配置值。

/**
 * Default configuration for Sage Password Protected
 * 
 * @return array
 */
add_filter('password_protected', function () {
    return [
        'active'             => false,
        'password'           => false,
        'secret'             => $this->secret,
        'allowFeeds'         => false,
        'allowAdmins'        => false,
        'allowUsers'         => false,
        'allowIpAddresses'   => false,
        'allowedIpAddresses' => [],
        'title'              => $this->name()
    ];
});

示例

以下是个人示例,说明我是如何与ACF和ACF Fluent一起处理配置的。

/**
 * Configuration for Sage Password Protected.
 * 
 * @return array
 */
add_filter('password_protected', function () {
    return [
        'active'             => Acf::option('password_protected')->get(),
        'password'           => Acf::option('password')->get(),
        'allowFeeds'         => Acf::option('password_show_feeds')->get(),
        'allowAdmins'        => Acf::option('password_allow_administrators')->get(),
        'allowUsers'         => Acf::option('password_allow_users')->get(),
        'allowIpAddresses'   => Acf::option('password_allow_by_ip_address')->get(),
        'allowedIpAddresses' => Acf::option('password_allowed_ip_addresses')->get(),
    ];
});

ACF Builder

如果您正在使用ACF Builder,则可以使用我上面的过滤器以及

<?php

namespace App;

use StoutLogic\AcfBuilder\FieldsBuilder;

$config = (object) [
    'ui'      => 1,
    'wrapper' => ['width' => 30],
    'ip'      => $_SERVER['X-Forwarded-For'] ?? $_SERVER['REMOTE_ADDR'],
];

$password = new FieldsBuilder('password_protected');

$password
    ->addTab('password_protected', ['placement' => 'left']);

$password
    ->addTrueFalse('password_protected', ['ui' => $config->ui])
        ->setInstructions('Enable site-wide password protection?')

    ->addField('password', 'encrypted_password', ['wrapper' => $config->wrapper])
        ->setInstructions('Enter the login password.')
        ->conditional('password_protected', '==', '1')

    ->addTrueFalse('password_show_feeds', ['label' => 'Show Feeds?', 'ui' => $config->ui])
        ->setInstructions('Enable RSS Feeds without a password?')
        ->conditional('password_protected', '==', '1')

    ->addTrueFalse('password_allow_ip_address', ['label' => 'Allow by IP Address', 'ui' => $config->ui])
        ->setInstructions('Enable whitelisting users by their IP Address.')
        ->conditional('password_protected', '==', '1')

    ->addRepeater('password_allowed_ip_addresses', ['label' => 'Allowed IP Addresses', 'button_label' => 'Add IP Address'])
        ->conditional('password_protected', '==', '1')
            ->and('password_allow_ip_address', '==', '1')
        ->setInstructions('Current IP Address: ' . $config->ip)

        ->addText('ip_address', ['label' => 'IP Address', 'placeholder' => $config->ip])
            ->setInstructions('The IP Address of the user to allow through password protection.')

        ->addText('ip_address_comment', ['label' => 'Comment', 'placeholder' => 'John Doe\'s Home'])
            ->setInstructions('A comment containing an identifier for this IP address. This is strictly for organization purposes.')
    ->endRepeater()

    ->addTrueFalse('password_allow_users', ['ui' => $config->ui])
        ->setInstructions('Allow bypassing password protection while logged in as a user.')
        ->conditional('password_protected', '==', '1')

    ->addTrueFalse('password_allow_administrators', ['ui' => $config->ui])
        ->conditional('password_protected', '==', '1')
            ->and('password_allow_users', '==', '0')
        ->setInstructions('Allow bypassing password protection while logged in as an administrator.');

return $password;

安全

显然,cookie并不绝对安全,我传递给openssl_encrypt()的默认哈希令人发笑,将加密密码的MD5作为哈希存储也是令人发笑的——但让我们面对现实,这是一个简单的密码保护包,用于在诸如预览(防止网络爬虫)等情况下保护您的面向公众的网站,并且我个人认为我为此付出的努力已经足够过头了。

贡献

任何贡献都受到赞赏。还有一些事情尚未触及,例如自定义cookie哈希、过滤Blade视图位置等。

❤️