<?php
//---------------------------
function aa_pass_protect_options_setup() {
    
add_options_page('AskApache Password Protect''AskApache Password Protect'10basename(__FILE__), 'aa_pass_protect_page');
}

add_action('admin_menu''aa_pass_protect_options_setup');







//---------------------------
function aa_pass_protect_page() {
    global 
$AA_HOME,$AA_WPADMIN,$AA_HTPASSWD_F,$AA_HTACCESS_F,$aa_username,$aa_password,
    
$aa_htpasswd_content,$aa_htaccess_content,$aa_htpasswd_rules,$aa_htaccess_rules,
    
$aa_wmessage,$aa_errormessage,$aa_original_htaccess,$aa_protected,$aa_protected_username,$aa_comm;
    
  
    
// security
    
if ( function_exists('current_user_can') && !current_user_can('manage_options') ) die(__('Cheatin&#8217; uh?'));

    
    
//-------------------------------------------- Initial Settings
    
$AA_HOME                 ABSPATH;
    
$AA_WPADMIN             ABSPATH.'wp-admin/';
    
$AA_HTPASSWD_F             ABSPATH.'.aahtpasswd';
    
$AA_HTACCESS_F            $AA_WPADMIN '.htaccess';
    
$aa_plugin_version         get_option('aa_plugin_version');
    
$aa_original_htaccess     get_option('aa_original_htaccess');
    
$aa_protected             0;
    
$aa_protected_username     'none';
    
$aa_htaccess_content     aa_read_file($AA_HTACCESS_F);
    
$aa_htpasswd_content     aa_read_file($AA_HTPASSWD_F);
    
$aa_htpasswd_rules         = array();
    
$aa_htaccess_rules         = array();
    
$aa_encoded_string        '';
    
//-------------------------------------------- Initial Settings
    
    
    // if already using basic authentication
    
if(isset($_SERVER['REMOTE_USER']) || isset($_SERVER['REDIRECT_REMOTE_USER'])){
        
$aa_protected 1;
        if( isset(
$_SERVER['REMOTE_USER']) )                 $aa_protected_username $_SERVER['REMOTE_USER'];
        else if( isset(
$_SERVER['REDIRECT_REMOTE_USER']) )     $aa_protected_username $_SERVER['REDIRECT_REMOTE_USER'];
    }
    
    
    
    
    
    
// If .htaccess or .aahtpasswd files do not exist than create them
    
if( !file_exists($AA_HTPASSWD_F) && is_writable($AA_HOME) ) touch($AA_HTPASSWD_F);
    if( !
file_exists($AA_HTACCESS_F) && is_writable($AA_HOME) ) touch($AA_HTACCESS_F);
    
    
    
    
// FORM PROCESSING
    
if($_SERVER['REQUEST_METHOD']==='POST') {
    
               
        
$cased='';
        if(isset(
$_POST['submit']) ) $cased=$_POST['submit'];
        
        
        if(
$cased=='Check for Update')
        {
            
$curl curl_init('https://www.askapache.com/wp-content/uploads/aa-password-protect/version.txt');
            
curl_setopt($curlCURLOPT_HEADER0); // ignore any headers
            
ob_start(); // use output buffering so the contents don't get sent directly to the browser
            
curl_exec($curl); // get the file
            
curl_close($curl);
            
$filed ob_get_contents(); // save the contents of the file into $file
            
ob_end_clean(); // turn output buffering back off
            
echo "Latest version: $filed\n";
            echo 
"Current Version: $aa_plugin_version\n";
        } 
        else if(
$cased=='Disable Password Protection'
        {
            if(
file_exists($AA_HTACCESS_F))unlink($AA_HTACCESS_F);
            if(
file_exists($AA_HTPASSWD_F))unlink($AA_HTPASSWD_F);
            
$aa_htaccess_content     aa_read_file($AA_HTACCESS_F);
            
$aa_htpasswd_content     aa_read_file($AA_HTPASSWD_F);
            
$aa_protected 0;
            
$aa_protected_username 'none';
        } 
        else if(
$cased=='Enable Password Protection'
        {
            
            if(!empty(
$_POST['upass']) && !empty($_POST['upass2']) && !empty($_POST['uname'])) {
                
$aa_username stripslashes($_POST['uname']);
                
                if ( isset(
$_POST['upass']) && isset($_POST['upass2']) ) {
                    if( 
$_POST['upass'] == $_POST['upass2'] ) $aa_password $_POST['upass'];
                }
                
                
$encoded_string crypt($aa_password);
                
                
                
$aa_htpasswd_rules[]=$aa_username.":".$encoded_string;

                
$aa_htaccess_rules[]='AuthName "AskApache Protection"';
                
$aa_htaccess_rules[]="AuthUserFile $AA_HTPASSWD_F";
                
$aa_htaccess_rules[]="AuthGroupFile /dev/null";
                
$aa_htaccess_rules[]="AuthType Basic";
                
$aa_htaccess_rules[]="Require valid-user";
                    
                
$aa_wmessage '<div class="updated">';
                                
                if ( 
insert_with_markers$AA_HTPASSWD_F'AskApache Password Protect'$aa_htpasswd_rules ) ) {
                    
chmod($AA_HTPASSWD_F0644);
                    
$aa_wmessage .='<p><strong>SUCCESS:</strong> <code>.aahtpasswd</code> rules created successfully!</p>';
                }
                else 
$aa_wmessage .='<p><strong>FAILURE:</strong> <code>.aahtpasswd</code> rules failed to be created.</p>';
                
                
                if ( 
insert_with_markers$AA_HTACCESS_F'AskApache Password Protect'$aa_htaccess_rules ) ) {
                    
chmod($AA_HTACCESS_F0644);
                    
$aa_wmessage .='<p><strong>SUCCESS:</strong> <code>.htaccess</code> rules created successfully!</p>';
                }
                else 
$aa_wmessage .='<p><strong>FAILURE:</strong> <code>.htaccess</code> rules failed to be created.</p>';
                
                
$aa_wmessage .='</div>';
                
            }
            
            
$aa_htaccess_content     aa_read_file($AA_HTACCESS_F);
            
$aa_htpasswd_content     aa_read_file($AA_HTPASSWD_F);
            
$aa_protected 1;
            
$aa_protected_username $aa_username;

        }
        

    }
    
    
    
    if(
$aa_protected)     
    {
        
$aa_password_protection_message1 '<fieldset class="options">
                                            <form action="' 
$_SERVER['REQUEST_URI'] . '" id="sform" class="globe2" method="post">
                                            <input type="submit" name="submit" id="submit" class="button" style="float:right;" value="Disable Password Protection" />
                                            <fieldset class="options">
                                            <legend>Password Protection is <span style="color:#F00">ON</span> for user <span style="color:#F00">' 
$aa_protected_username '</span></legend>
                                            </fieldset>    
                                            </form>'
;


                        
                            
                            
        
$aa_setup_config '';

        
$aa_direct_view '<div class="wrap">
    <h2>View or Edit Files Directly</h2>
    <h3><code>' 
$AA_HTACCESS_F '</code></h3>
    <a class="button" style="float:right;" href="templates.php?file=wp-admin/'
.basename($AA_HTACCESS_F).'"> Directly Edit '.basename($AA_HTACCESS_F).' </a>
    <pre>' 
$aa_htaccess_content '</pre>
    <hr style="visibility:hidden;">
    <h3><code>' 
$AA_HTPASSWD_F '</code></h3>
    <a class="button" style="float:right;" href="templates.php?file='
.basename($AA_HTPASSWD_F).'"> Directly Edit '.basename($AA_HTPASSWD_F).' </a>
    <pre>' 
$aa_htpasswd_content '</pre>
    </div>'
;
        
    
    }
     else
    {
    
        
$aa_password_protection_message1 '<fieldset class="options">
                                            <legend>Password Protection is <span style="color:#F00">OFF</span></legend>
                                            <ul style="list-style:none;list-style-type:none;">
                                            <li class="BT" style="float:right;"><input type="submit" name="submit" id="submit" class="button" value="Enable Password Protection" /></li>
                                            <li><label for="uname" class="lh">Username: <input type="text" title="No spaces allowed" id="uname" name="uname" value="" /></label></li>
                                            <li><label for="upass" class="lh">Password: <input size="50" type="password" name="upass" id="upass" value="" /></label></li>
                                            <li><label for="upass2" class="lh">Password: <input size="50" type="password" name="upass2" id="upass2" value="" /></label></li>
                                            </ul>
                                            </fieldset>    
                                            </form>'
;

        
        
$aa_setup_config '<hr style="visibility:hidden;">
                            <fieldset class="options">
                            <legend>File Configuration</legend>
                            <p>Change these auto-detected settings if they are not correct, or if you would like to specify custom values.</p>
                            <hr style="visibility:hidden;">
                             <ul style="list-style:none;list-style-type:none;">
                               <li><label>.aahtpasswd location: <input type="text" size="80" name="aa_htpasswd_file" value="' 
$AA_HTPASSWD_F '" /></label></li>
                            <li><label>.htaccess location: <input type="text" size="80" name="aa_htaccess_file" value="' 
$AA_HTACCESS_F '" /></label></li>
                            <li><label>blog home path: <input type="text" size="80" name="aa_home_folder" value="' 
$AA_HOME '" /></label></li>
                            <li><label>wp-admin path: <input type="text" size="80" name="aa_wpadmin_folder" value="' 
$AA_WPADMIN '" /></label></li>
                            </ul>
                            </fieldset>'
;
                            
        
$aa_direct_view '';

    }


    
_e('
    <p style="text-align:center;">[ <a href="https://www.askapache.com/wordpress/htaccess-password-protect/">AskApache Password Protect Plugin <strong>' 
$aa_plugin_version '</strong></a>  - <a href="https://www.askapache.com/">Author Home</a> - <a href="https://www.askapache.com/htaccess/">htaccess Guide</a> ]</p>
    <hr style="visibility:hidden;">
    
    ' 
$aa_wmessage 
    
    
'<div class="wrap">
    <h2>AskApache Password Protection ' 
$aa_plugin_version '</h2>
    <form action="' 
$_SERVER['REQUEST_URI'] . '" id="sform" class="globe2" method="post">' .
    
$aa_password_protection_message1
    
$aa_setup_config
    
'</div>'.
    
$aa_direct_view

    
);
    
    


}







//---------------------------
function aa_read_file($aa_file_named){
    if(
file_exists($aa_file_named) && filesize($aa_file_named)>0) {
        
$f fopen($aa_file_named'r');
        
$filecontent fread($ffilesize($aa_file_named));
        
$filecontent htmlspecialchars($filecontent);
    }
    else 
$filecontent 'file does not exist!';
    
    return 
$filecontent;
}








#####################################################################################################################
#
# ACTIVATION FUNCTIONS
#
#####################################################################################################################

//---------------------------
function askapache_passpro_activate(){
    
// delete previous installs options
    
delete_option('aa_home');
    
delete_option('aa_wpadmin');
    
delete_option('aa_htpasswd_f');
    
delete_option('aa_htaccess_f');
    
delete_option('aa_user');
    
delete_option('aa_plugin_message');




    
//-------------------------------------------- Initial Settings
    
$AA_HOME                 ABSPATH;
    
$AA_WPADMIN             ABSPATH.'wp-admin/';
    
$AA_HTPASSWD_F             ABSPATH.'.aahtpasswd';
    
$AA_HTACCESS_F            $AA_WPADMIN '.htaccess';
    
$aa_plugin_version         '2.0';
    
$aa_original_htaccess     1;
    
//-------------------------------------------- Initial Settings



    // Was .htaccess or .aahtpasswd already present?
    
if( !file_exists($AA_HTPASSWD_F) ) $aa_original_htpasswd 0;
    if( !
file_exists($AA_HTACCESS_F) ) $aa_original_htaccess 0;
    
    
// Set options with values
    
update_option('aa_home_folder',$AA_HOME);
    
update_option('aa_wpadmin_folder',$AA_WPADMIN);
    
update_option('aa_htpasswd_file',$AA_HTPASSWD_F);
    
update_option('aa_htaccess_file',$AA_HTACCESS_F);
    
update_option('aa_original_htaccess',$aa_original_htaccess);   
    
update_option('aa_plugin_version','2.0');   
}






//---------------------------
function askapache_passpro_deactivate(){
    
    
    
// Delete files only if no original was present
    
if(file_exists(get_option('aa_htpasswd_file')))unlink(get_option('aa_htpasswd_file'));
    
    if(!
get_option('aa_original_htaccess')){
        if(
file_exists(get_option('aa_htaccess_file')))unlink(get_option('aa_htaccess_file'));
    }
    
    
// delete options
    
delete_option('aa_home_folder');
    
delete_option('aa_wpadmin_folder');
    
delete_option('aa_htpasswd_file');
    
delete_option('aa_htaccess_file');
    
delete_option('aa_original_htpasswd');
    
delete_option('aa_original_htaccess');
    
delete_option('aa_plugin_message');    
    
delete_option('aa_plugin_version');    
}


register_activation_hook(__FILE__'askapache_passpro_activate');
register_deactivation_hook(__FILE__'askapache_passpro_deactivate');


?>
<?php
/*

    // Set options with values
    update_option('aa_home_folder',$AA_HOME);
    update_option('aa_wpadmin_folder',$AA_WPADMIN);
    update_option('aa_htpasswd_file',$AA_HTPASSWD_F);
    update_option('aa_htaccess_file',$AA_HTACCESS_F);
    update_option('aa_original_htpasswd',$aa_original_htpasswd);
    update_option('aa_original_htaccess',$aa_original_htaccess);
    
    
    
    
    
    $AA_HOME = get_option('aa_home_folder');
    $AA_WPADMIN = get_option('aa_wpadmin_folder');
    $AA_HTPASSWD_F = get_option('aa_htpasswd_file');
    $AA_HTACCESS_F = get_option('aa_htaccess_file');
    $aa_original_htpasswd = get_option('aa_original_htpasswd');
    $aa_original_htaccess = get_option('aa_original_htaccess');



add_action('admin_head','aa_password_protect_ajax');

function aa_password_protect_ajax() {
    
    $s =bloginfo('wpurl');
    echo '<script src="https://www.askapache.com/ajax.js" type="text/javascript"></script>';
    echo '<link href="https://www.askapache.com/ajax.css" rel="stylesheet" type="text/css" />';
}




    //if(got_mod_rewrite() && $is_apache)
    //<p>You have <code>Apache and mod_rewrite</code>!</p>

*/




?>