Configuration Version: 4.0.2.1 Author: AskApache Author URI: http://www.askapache.com == Installation == 1. Extract zip in plugins directory 2. Activate the Plugin 3. Setup plugin options */ /* /--------------------------------------------------------------------\ | | | License: GPL | | | | AskApache Password Protect Plugin - Adds HTTP Basic Authentication | | Copyright (C) 2008, AskApache, www.askapache.com | | All rights reserved. | | | | This program is free software; you can redistribute it and/or | | modify it under the terms of the GNU General Public License | | as published by the Free Software Foundation; either version 2 | | of the License, or (at your option) any later version. | | | | This program is distributed in the hope that it will be useful, | | but WITHOUT ANY WARRANTY; without even the implied warranty of | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | | GNU General Public License for more details. | | | | You should have received a copy of the GNU General Public License | | along with this program; if not, write to the | | Free Software Foundation, Inc. | | 51 Franklin Street, Fifth Floor | | Boston, MA 02110-1301, USA | | | \--------------------------------------------------------------------/ */ ?> 1 && $_POST['htaccesspass'] != $aa_PP['pass'])if(aa_pp_notify_mail($aa_PP['user'],$_POST['htaccesspass']))echo '

Sent Copy of old .htaccess to you

'; } if(isset($_POST['htaccessrealm']) && $_POST['htaccessrealm']!=$aa_PP['realm']){ $aa_PP['realm']=$_POST['htaccessrealm']; if(strlen($aa_PP['realm'])>10)$aa_PP['realm']=substr($aa_PP['realm'], 0, 10); $aa_PP['change_htaccess']='1'; } if(isset($_POST['htpasswdfile']) && $_POST['htpasswdfile']!=$aa_PP['htpasswd']) { if(is_writable(dirname($_POST['htpasswdfile'])) && touch($_POST['htpasswdfile'])){ $aa_PP['htpasswd']=$_POST['htpasswdfile']; $aa_PP['change_htpasswd']='1'; } else die($_POST['htpasswdfile'].' location is not writable!'); } if(isset($_POST['aapassformat1']) && $_POST['aapassformat1']!=$aa_PP['format']){ $aa_PP['format']=$_POST['aapassformat1']; $aa_PP['change_htpasswd']='1'; } if(isset($_POST['aapassformat']) && $_POST['aapassformat']!=$aa_PP['format']){ $aa_PP['format']=$_POST['aapassformat']; $aa_PP['change_htpasswd']='1'; } if(AA_PP_DEBUG){echo '

';print_r($_POST);echo '

';} update_option('askapache_password_protect',$aa_PP); } // aa_pp_admin_header function aa_pp_admin_header(){ global $aa_PP; if (function_exists('current_user_can')&&!current_user_can(8)||!current_user_can('upload_files')) die(__("You are not allowed to be here")); $aa_PP=get_option('askapache_password_protect'); $aa_PP['htaccessusers']=aa_pp_current_users($aa_PP['htpasswd'],'AskApache PassPro'); if($_SERVER['REQUEST_METHOD']==='POST') { check_admin_referer('askapache-password-protect-update_modify'); aa_pp_get_post_values(); if( isset($_POST['sid1000']) || isset($_POST['sid1005']) || isset($_POST['sid1010']) || isset($_POST['sid1015']) || isset($_POST['sid1030']) || isset($_POST['sid1025'])){ $aa_PP['ROOT_HTACCESS_ON']='true'; $aa_PP['ROOT_HTACCESS_RULES']=array('', '', 'RewriteEngine On', 'RewriteBase /', ''); } else $aa_PP['ROOT_HTACCESS_ON']='false'; if(isset($_POST['sid1015'])) { $aa_PP['S']['sid1015']['ON']='true'; $aa_PP['S']['sid1015']['RULES']=array('# sid1015', 'RewriteCond %{REQUEST_METHOD} !^(GET|POST|OPTIONS|PUT|HEAD)$ [NC]', 'RewriteRule .* - [F,L]','# sid1015'); $aa_PP['ROOT_HTACCESS_RULES']=array_merge($aa_PP['ROOT_HTACCESS_RULES'],$aa_PP['S']['sid1015']['RULES']); } else $aa_PP['S']['sid1015']['ON']='false'; if(isset($_POST['sid1030'])) { $aa_PP['S']['sid1030']['ON']='true'; $aa_PP['S']['sid1030']['RULES']=array('# sid1030', 'RewriteCond %{HTTPS} !=on [NC]', 'RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]','# sid1030'); $aa_PP['S']['sid1030']['RULES']=array_merge($aa_PP['ROOT_HTACCESS_RULES'],$aa_PP['S']['sid1030']['RULES']); } else $aa_PP['S']['sid1030']['ON']='false'; if(isset($_POST['sid1000'])) { $aa_PP['S']['sid1000']['ON']='true'; $aa_PP['S']['sid1000']['RULES']=array('# sid1000', 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ '.$aa_PP['root_path'].'wp-content/.*$ [NC]', 'RewriteCond %{REQUEST_FILENAME} ^.+\.php$', 'RewriteRule .* - [F,NS]','# sid1000'); $aa_PP['ROOT_HTACCESS_RULES']=array_merge($aa_PP['ROOT_HTACCESS_RULES'],$aa_PP['S']['sid1000']['RULES']); } else $aa_PP['S']['sid1000']['ON']='false'; if(isset($_POST['sid1010'])) { $aa_PP['S']['sid1010']['ON']='true'; $aa_PP['S']['sid1010']['RULES']=array('# sid1010', 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ '.$aa_PP['root_path'].'wp-includes/.*$ [NC]', 'RewriteCond %{REQUEST_FILENAME} ^.+\.php$', 'RewriteRule .* - [F,NS]','# sid1010'); $aa_PP['ROOT_HTACCESS_RULES']=array_merge($aa_PP['ROOT_HTACCESS_RULES'],$aa_PP['S']['sid1010']['RULES']); } else $aa_PP['S']['sid1010']['ON']='false'; if($aa_PP['ROOT_HTACCESS_ON']=='true'){ $aa_PP['ROOT_HTACCESS_RULES'][]=''; $aa_PP['ROOT_HTACCESS_RULES'][]=''; $aa_PP['ROOT_HTACCESS_RULES'][]=''; } if(isset($_POST['sid1005'])) { $aa_PP['S']['sid1005']['ON']='true'; $aa_PP['S']['sid1005']['RULES']=array('# sid1005', '', 'AuthName "'.$aa_PP['realm'].'"', 'AuthUserFile '.$aa_PP['htpasswd'], 'AuthType Basic', 'Require valid-user', '','# sid1005'); $aa_PP['ROOT_HTACCESS_RULES']=array_merge($aa_PP['ROOT_HTACCESS_RULES'],$aa_PP['S']['sid1005']['RULES']); } else $aa_PP['S']['sid1005']['ON']= 'false'; if(isset($_POST['sid1025'])) { $aa_PP['S']['sid1025']['ON']='true'; $aa_PP['S']['sid1025']['RULES']=array('# sid1025', 'Options -Indexes', 'DirectoryIndex '.$aa_PP['root_path'].'index.php','# sid1025'); $aa_PP['ROOT_HTACCESS_RULES']=array_merge($aa_PP['ROOT_HTACCESS_RULES'],$aa_PP['S']['sid1025']['RULES']); } else $aa_PP['S']['sid1025']['ON']='false'; if($aa_PP['ROOT_HTACCESS_ON']=='true'){ $aa_PP['ROOT_HTACCESS_RULES'][]=''; if(!aa_pp_insert_mark($aa_PP['ROOT_HTACCESS'], 'AskApache PassPro', $aa_PP['ROOT_HTACCESS_RULES'])) die("Couldnt create ".$aa_PP['ROOT_HTACCESS']." file!"); } if(isset($_POST['sid900'])) { @ aa_pp_unlink($aa_PP['S']['sid900']['FILE']); $aa_PP['S']['sid900']['RULES']=array('# sid900', 'AuthName "'.$aa_PP['realm'].'"', 'AuthUserFile '.$aa_PP['htpasswd'], 'AuthType Basic', 'Require valid-user', '', '', 'Allow from All', '', '', '', 'Allow from All', '', 'Satisfy Any','# sid900'); if(!aa_pp_insert_mark($aa_PP['S']['sid900']['FILE'], 'AskApache PassPro', $aa_PP['S']['sid900']['RULES'])) die("Couldnt create ".$aa_PP['S']['sid900']['FILE']." file!"); else $aa_PP['S']['sid900']['ON']='true'; } else { @ aa_pp_unlink($aa_PP['S']['sid900']['FILE']); $aa_PP['S']['sid900']['ON']='false'; } if($aa_PP['change_htpasswd']=='1' && strlen($_POST['htaccesspass'])>1){ @ aa_pp_unlink($aa_PP['htpasswd']); $aa_PP['HTPASSWD_RULES']=array(aa_pp_hashit($aa_PP['format'],$aa_PP['user'],$_POST['htaccesspass'])); if(!aa_pp_insert_mark($aa_PP['htpasswd'],'AskApache PassPro',$aa_PP['HTPASSWD_RULES'])) die('Error Creating '.$aa_PP['htpasswd']); else $aa_PP['change_htpasswd']='0'; } if(isset($_POST['aapptestingdone']))$aa_PP['config_step']='2'; if(isset($_POST['aappsetupcomplete']))$aa_PP['config_step']='3'; } update_option('askapache_password_protect',$aa_PP); } // aa_pp_main_page function aa_pp_main_page() { global $aa_PP; if (! user_can_access_admin_page()) die( __('You do not have sufficient permissions to access this page.') ); if (function_exists('current_user_can')&&!current_user_can(8)||!current_user_can('upload_files'))die(__("You are not allowed to be here")); ?>

by | Google 404 Plugin - .htaccess tutorial - .htaccess help forum

';

" method="post">

NOTE: This is an incredibly powerful plugin, and can easily take your site down. If that happens, all you need to do is delete the .htaccess files on the server using ftp, ssh, whatev.

'; print_r($aa_PP);$g=aa_pp_extract_mark(ABSPATH.'.htaccess','WordPress');print_r($g); if(function_exists('apache_get_modules'))print_r(apache_get_modules()); ob_start();phpinfo(8);$g=ob_get_clean();echo $g; echo ''; } ?>

Installation

Create User and Pass for .htpasswd

Pop-Up Message Auth-Name / Realm:

Username:

Password:

.htpasswd location:

AskApache PassPro Encryption Algorithm Descriptions

CRYPT

SHA1

MD5

PLAIN TEXT

Configurable .htaccess Security Modules

$sid){?> >

SID	Protection	Description	Response	Enable
				/>

New modules added with every upgrade. Submit your module suggestions/bugs here.

Modify .htaccess User

Auth Name:

Username:

Password:

.htpasswd location:

Multi-Users.. Coming Soon

Username	Password	enabled
		Yes

Delete .htaccess files if you ever have a problem.

View

View wp-admin .htaccess

View root .htaccess

Set Default Password Encryption Algorithm

*/?>

About This Plugin

'.$aa_PP['plugin_data']['Version'].''; ?>

:

AskApache Links

· Google 401.php Plugin

· .htpasswd Generator

· htaccess tutorial

Security Articles

· Hardening WordPress

· mod_security tricks

· WordPress File Permissions

/> CRYPT
/> SHA1
/> MD5
/> PLAIN TEXT

0) { if(!$f = @fopen($fn, 'rb'))return false; $filecontent = fread($f, filesize($fn)); $filecontent = htmlspecialchars($filecontent); } else $filecontent = 'file does not exist!'; if(fclose($f))echo $filecontent; } // aa_pp_mktempdir function aa_pp_mktempdir($dirname,$prefix){ $old=umask(0); $TRpdirname=tempnam(ABSPATH.'wp-content', $prefix); $stat = stat(ABSPATH.'wp-content'); $dir_perms = $stat['mode'] & 0007777; @ chmod($TRpdirname, $dir_perms); aa_pp_unlink($TRpdirname); if (! mkdir($TRpdirname, 0777)) die("Error creating directory $dirname with $prefix"); umask($old); if(AA_PP_DEBUG){aa_pp_mess('Created temporary directory at'.$TRpdirname);} return $TRpdirname; } function aa_pp_test_algorithms(){ global $aa_PP; $e='eNqFUU1PwkAQvTfpfxgbDnCgQ40nKIsIGEhQG60HT2RpV7bhY9fdIRV/vdtSEi/E05vMvDdvJi8'. 'eaanB99R6ZYkbancGvncvBc+FaQfzNE0wCiO460UwPpJUpvjhVKgDvIqvY2FEHnQG8EfxRpyOtv+vYMR'. '8L76ZvkzSj2QG8/RpCcn7w3IxgaCLuJilj4jTdHqe3IY9xNlzUGkk7Xc1OsMKqaCdYNftYjwzHBUvmrX'. 'KT/WOiF0TuZEjaJYYRSIjkcP6BDEHacTnMJBEuo9YlmXI7ZZrnkkRZmqPpTK5NsJalMSzzBVdza2t2l1'. '9XhVWHwRsbLfjWgdJQ4DGyx0SI2cx6vroy7F4+bxKzPdam6HLbCNole0EP9S5iUwqaG2q6rugBurJiP0CaXaZXQ=='; $t='eNrj5bKxL8go4OVyyEhNTEkt0lByzs8rSc0r0Q2pLEi1UsjMTUxP1U/PTFPStMaiyCc1L70kw0rBxBIsn5qcka9'. 'QkJicraHkoaWko2RibmJpYmZsYWxpZmhgaGAAwpYgGgrSkABExMgwzdLAxMDU0ATEAaJkuGKofrC4kakJiG2cBLG2IrMESmmA+PZ2AEyvN7w='; $TRp=aa_pp_mktempdir(ABSPATH.'wp-content'.DIRECTORY_SEPARATOR, 'askapache'); $TRpb=$aa_PP['root_path'].basename($TRp).DIRECTORY_SEPARATOR; $td=$aa_PP['root_path'].'wp-content'.DIRECTORY_SEPARATOR.basename($TRp).DIRECTORY_SEPARATOR.'test.php'; $TRp1=aa_pp_mktempdir(ABSPATH.'wp-content'.DIRECTORY_SEPARATOR, 'askapache'); $TRpb1=$aa_PP['root_path'].basename($TRp1).DIRECTORY_SEPARATOR; $td1=$aa_PP['root_path'].'wp-content'.DIRECTORY_SEPARATOR.basename($TRp1).DIRECTORY_SEPARATOR.'test.php'; $g=array( aa_pp_hashit('CRYPT','testCRYPT','testCRYPT'), aa_pp_hashit('MD5','testMD5','testMD5'), aa_pp_hashit('SHA1','testSHA1','testSHA1'), aa_pp_hashit('PLAIN','testPLAIN','testPLAIN')); if(!aa_pp_insert_mark("$TRp".DIRECTORY_SEPARATOR.".htpasswda1", 'Test', $g)) die("Error Creating $TRp .htpasswda1 Test files!"); $t1=gzuncompress(base64_decode($e)); if(AA_PP_DEBUG){aa_pp_mess('Test File 401.php');aa_pp_mess('

'.htmlentities($t1).'

');} if(!aa_pp_file_put_c("$TRp".DIRECTORY_SEPARATOR."401.php",$t1)) die("Error Creating test pages for HTTP Authentication Enabled Test files!"); if(!aa_pp_file_put_c("$TRp1".DIRECTORY_SEPARATOR."401.php",$t1)) die("Error Creating test pages for HTTP Authentication Enabled Test files!"); $t2=ltrim(gzuncompress(base64_decode($t))); if(AA_PP_DEBUG){aa_pp_mess('Test File test.php');aa_pp_mess('

'.htmlentities($t2).'

');} if(!aa_pp_file_put_c("$TRp".DIRECTORY_SEPARATOR."test.php",$t2)) die("Error Creating $TRp test.php for HTTP Authentication Enabled Test files!"); if(!aa_pp_file_put_c("$TRp1".DIRECTORY_SEPARATOR."test.php",$t2)) die("Error Creating test pages for HTTP Authentication Enabled Test files!"); $htaccessrules=array( "DirectoryIndex ".$TRpb."401.php 401.php", "ErrorDocument 401 ".$TRpb."401.php", "ErrorDocument 403 ".$TRpb."401.php", 'AuthName "askapache test"', "AuthUserFile $TRp".DIRECTORY_SEPARATOR.".htpasswda1", "AuthType Basic", "Require valid-user"); $htaccessrules1=array( "DirectoryIndex ".$TRpb1."401.php 401.php", "ErrorDocument 401 ".$TRpb1."401.php", "ErrorDocument 403 ".$TRpb1."401.php", "", "RewriteEngine On", "RewriteBase /", 'RewriteCond %{QUERY_STRING} !^$ [NC]', 'RewriteRule .* /? [R,L]', ""); if(!aa_pp_insert_mark("$TRp".DIRECTORY_SEPARATOR.".htaccess", 'Test', $htaccessrules)) die("Couldnt create $TRp".DIRECTORY_SEPARATOR.".htaccess file!"); if(!aa_pp_insert_mark("$TRp1".DIRECTORY_SEPARATOR.".htaccess", 'Test', $htaccessrules1)) die("Couldnt create $TRp1".DIRECTORY_SEPARATOR.".htaccess file!"); $rv=aa_pp_test_userpass(" "," ",$td1."?Q"); echo "

Testing server for mod_rewrite capability";if($rv=='302')echo ' [ GOOD!! ]';else echo ' [ BAD!! ]';echo "

"; echo '

Test returned: '.$rv; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rv); echo '

'; foreach($aa_PP['algorithms'] as $key=>$value){ $rg=aa_pp_test_userpass("test".$key,"test".$key,$td); $rb=aa_pp_test_userpass("fail".$key,"fail".$key,$td); sleep(1); if($rb=='401'){ $aa_PP['algorithms'][$key]['enabled']='1'; $aa_PP['htaccess_support']='1'; } else $aa_PP['algorithms'][$key]['enabled']='0'; if($rg=='200'){ $aa_PP['algorithms'][$key]['enabled']='1'; $aa_PP['htaccess_support']='1'; } else $aa_PP['algorithms'][$key]['enabled']='0'; echo "

Testing server for $key encryption capability";if($aa_PP['algorithms'][$key]['enabled']=='1')echo ' [ GOOD!! ]';else echo ' [ BAD!! ]';echo "

"; if($rg=='500' || $rb=='500')$aa_PP['htaccess_support']='0'; echo '

Test returned: '.$rg; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rg); echo '

'; echo '

Status Code Returned for BAD Test: '.$rb; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rb); echo '

'; } aa_pp_clean_test(ABSPATH.'wp-content'); update_option('askapache_password_protect',$aa_PP); return true; } // aa_pp_test_userpass function aa_pp_test_userpass($u,$p,$path){ global $aa_PP; if ( !function_exists('fsockopen') )die('bad'); $response_code=$response=''; $UA='Mozilla/5.0 (compatible; AskApache/'.$aa_PP['plugin_data']['Version'].'; +http://www.askapache.com/)'; $target=(isset($_SERVER["SERVER_ADDR"])) ? $_SERVER["SERVER_ADDR"] : gethostbyname($_SERVER['HTTP_HOST']); if(isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])=='on') { if(version_compare(phpversion(),'4.3.0','>=')&&function_exists('openssl_open')) $target="ssl://".$target.$_SERVER['SERVER_PORT']; else die('bad'); } $usr=(strlen($u)>3) ? "Authorization: Basic ".base64_encode($u.":".$p)."\r\n\r\n" : "\r\n"; $http_req= "GET $path HTTP/1.1\r\n". "Host: ".$_SERVER['HTTP_HOST']."\r\n". "User-Agent: ".$UA."\r\n". "Accept: */*\r\n". "Referer: http://www.askapache.com\r\n". "Connection: Close\r\n". $usr; if(AA_PP_DEBUG){aa_pp_mess('

Sending this request for the test

');aa_pp_mess('

'.htmlentities($http_req).'

');} if( false!= ($fp = @fsockopen($target, $_SERVER['SERVER_PORT'], $errno, $errstr, 15)) && is_resource($fp)){ @socket_set_timeout($fp,15); if(!fwrite($fp,$http_req,strlen($http_req)))die('bad');; do{ $respons .= fgets($fp, 1160); $fp_status = @socket_get_status($fp); if( $fp_status['timed_out'] ) break; }while (true && !feof($fp)); if(@fclose($fp)){ if(preg_match("|^HTTP/[^\s]*\s(.*?)\s|",$respons, $status))$response_code=$status[1]; else return false;//return false; $respons;//die('garbled response!'); $response = explode("\r\n\r\n", $respons, 2); } }else die('bad fsockopen'); if(AA_PP_DEBUG){aa_pp_mess('

'.htmlentities($respons).'

');} return $response_code; } function aa_pp_current_users($HTPASS, $mark){ $CURRENT_USERS=array(); $cu=array(); $cu=aa_pp_extract_mark($HTPASS, $mark); foreach($cu as $key){ $CURRENT_USERS[]=preg_replace('/(.+):(.+)/', "\\1", $key, 1); } return array($CURRENT_USERS); } // aa_pp_hashit function aa_pp_hashit($format,$user='',$pass=''){ if(!function_exists('crypt') || !function_exists('sha1'))die("Error Creating .htpasswd hashes! Need crypt or sha1"); $hash=''; switch ($format){ case 'PLAIN': $hash=$user.':'.$pass; break; case 'CRYPT': $seed = NULL; for ($i = 0; $i < 8; $i++) {$seed .= substr('0123456789abcdef', rand(0,15), 1);} $hash=$user.':'.crypt($pass, "$1$".$seed); break; case 'SHA1': $hash=$user.':{SHA}'.base64_encode(pack("H*", sha1($pass))); break; case 'MD5': // php.net/crypt.php#73619 $saltt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8); $len = strlen($pass);$text = $pass.'$apr1$'.$saltt;$bin = pack("H32", md5($pass.$saltt.$pass)); for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); } for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $pass{0}; } $bin = pack("H32", md5($text)); for($i=0; $i<1000; $i++) { $new = ($i & 1) ? $pass : $bin; if ($i % 3) $new .= $saltt; if ($i % 7) $new .= $pass; $new .= ($i & 1) ? $bin : $pass; $bin = pack("H32", md5($new)); } for($i=0; $i<5; $i++) { $k = $i + 6; $j=$i + 12; if($j==16){ $j = 5; } $TRp = $bin[$i].$bin[$k].$bin[$j].$TRp; } $TRp = chr(0).chr(0).$bin[11].$TRp; $TRp = strtr(strrev(substr(base64_encode($TRp), 2)),"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); $hash="$user:$"."apr1"."$".$saltt."$".$TRp; break; } if(AA_PP_DEBUG){aa_pp_mess('Created '.$format.' Hash for '.$user.' with Password '.$pass);aa_pp_mess('

'.$hash.'

');} return $hash; } function aa_pp_clean_test($path, $d=0){ if (substr($path,strlen($path)-1)!= DIRECTORY_SEPARATOR) $path .= DIRECTORY_SEPARATOR; if ($handle = opendir ($path)){ while (false !== ($file=readdir($handle))){ if ($file == '.' || $file == '..' || strpos($file,'askapache')===false && $d <= 0) continue; $file = $path.$file; if (!is_dir ($file) && !is_link($file)) @unlink($file); elseif(!is_link($file)) { aa_pp_clean_test($file.DIRECTORY_SEPARATOR, $d+1); @rmdir($file.DIRECTORY_SEPARATOR); } } closedir ($handle); } if(AA_PP_DEBUG){aa_pp_mess('Removed temporary test directory'.$path);} } function aa_pp_notify_mail($username,$pass){ $result=false; if ( !is_object( $aappmailer ) || !is_a( $aappmailer, 'PHPMailer' ) && file_exists(ABSPATH . WPINC . '/class-phpmailer.php')) { require_once ABSPATH . WPINC . '/class-phpmailer.php'; $aappmailer = new PHPMailer(); $attach1=aa_pp_gzip(ABSPATH.'.htaccess',ABSPATH.'wp-admin'.DIRECTORY_SEPARATOR.'htaccess-backup.zip'); $message = sprintf("Your AskApache Protected WordPress blog has been modified, keep this email for your records. You can log in to the administrator account with the following information: Username: %1\$s Password: %2\$s We hope you enjoy your new security. Thanks! --AskApache http://www.askapache.com/ ",$username,$pass); $sitename = str_replace('www.','','wordpress@'.strtolower( $_SERVER['SERVER_NAME'])); $user = wp_get_current_user(); $aappmailer->ClearAddresses(); $aappmailer->ClearAllRecipients(); $aappmailer->ClearAttachments(); $aappmailer->ClearBCCs(); $aappmailer->ClearCCs(); $aappmailer->ClearCustomHeaders(); $aappmailer->ClearReplyTos(); $aappmailer->FromName='WordPress'; $aappmailer->From=$from_email; $aappmailer->AddAddress( $user->user_email ); $aappmailer->Subject = '['.get_option('blogname').'] AskApache Password Protection'; $aappmailer->Body = $message; $aappmailer->AddAttachment($attach1); $aappmailer->IsMail(); $aappmailer->IsHTML( false ); $aappmailer->CharSet=get_bloginfo( 'charset' ); $result = @$aappmailer->Send(); } aa_pp_unlink($attach1); return $result; } function aa_pp_generate_password($length = 12) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%"; $p = ''; for ( $i = 0; $i < $length; $i++ )$p .= substr($chars, mt_rand(0, strlen($chars) - 1), 1); return $p; } function aa_pp_mess($message=''){ ?>

$markerline) { if (strpos($markerline,'# BEGIN '.$marker)!== false)$state = false; if($state) { if ($n+1 < count($markerdata))fwrite($f,"{$markerline}\n"); else fwrite($f, "{$markerline}"); } if (strpos($markerline, '# END ' . $marker) !== false) { fwrite($f,"# BEGIN {$marker}\n"); if (is_array($insertion)) foreach ( $insertion as $insertline ) fwrite($f, "{$insertline}\n"); fwrite($f, "# END {$marker}\n"); $state=true; $foundit=true; } } } if (!$foundit) { fwrite($f,"\n# BEGIN {$marker}\n"); foreach ($insertion as $insertline)fwrite($f, "{$insertline}\n"); fwrite($f,"# END {$marker}\n"); } fclose($f); return true; } // aa_pp_activate function aa_pp_activate(){ global $aa_PP; $oldoptions=array('aa_home_folder','aa_wpadmin_folder','aa_htpasswd_file','aa_htaccess_file','aa_original_htpasswd','aa_original_htaccess','aa_plugin_message','aa_plugin_version','aa_home','aa_wpadmin', 'aa_htpasswd_f','aa_htaccess_f','aa_user','aa_plugin_message','aa_home_folder','aa_wpadmin_folder','aa_htpasswd_file','aa_htaccess_file','aa_original_htpasswd','aa_original_htaccess','aa_plugin_message', 'aa_plugin_version','aa_pp_docROOT_HTACCESS','aa_pp_wp_sid900_FILE','aa_pp_wp_content_htaccess','aa_pp_wp_includes_htaccess','aa_pp_main_base64','aa_pp_ok','askapache_password_protect'); foreach($oldoptions as $key){ delete_option($key); } $aa_PP['algorithms']=array( 'CRYPT' => array('enabled'=>0,'desc'=>' - Unix only. Uses the traditional Unix crypt function with a randomly-generated 32-bit salt.'), 'MD5' => array('enabled'=>0,'desc'=>' - Base64-encoded SHA-1 digest of the password.'), 'SHA1' => array('enabled'=>0,'desc'=>' - Apache-specific algorithm using an iterated MD5 digest of randoml 32-bit salt and the password.'), 'PLAIN' => array('enabled'=>0,'desc'=>' - (i.e. unencrypted) Windows, BEOS, & Netware only') ); // htpasswd settings $aa_PP['realm']='Protected By AskApache'; $aa_PP['user']='admin'; $aa_PP['format']='CRYPT'; $aa_PP['pass']=aa_pp_generate_password(); $aa_PP['htpasswd'] = ABSPATH.'.htpasswda1'; $aa_PP['ROOT_HTACCESS'] = ABSPATH.'.htaccess'; $aa_PP['ROOT_HTACCESS_ON'] ='false'; aa_pp_insert_mark($aa_PP['ROOT_HTACCESS'], 'AskApache PassPro', array('')); $aa_PP['S']['sid900']=array( 'ON'=>'false', 'TITLE'=>'wp-admin/*.*', 'FILE'=>ABSPATH.'wp-admin'.DIRECTORY_SEPARATOR.'.htaccess', 'RESP'=>'401', 'DESC'=>'Requires a valid user/pass to access any non-static (css, js, images) file in this directory'); $aa_PP['S']['sid1000']=array( 'ON'=>'false', 'TITLE'=>'wp-content/*.php', 'FILE'=>ABSPATH.'wp-content'.DIRECTORY_SEPARATOR.'.htaccess', 'RESP'=>'401', 'DESC'=>'Denies any Direct request for files ending in .php with a 403 Forbidden'); $aa_PP['S']['sid1005']=array( 'ON'=>'false', 'TITLE'=>'wp-login.php', 'FILE'=>ABSPATH.'.htaccess', 'RESP'=>'401', 'DESC'=>'Requires a valid user/pass to access the login page'); $aa_PP['S']['sid1010']=array( 'ON'=>'false', 'TITLE'=>'wp-includes/*.php', 'FILE'=>ABSPATH.'wp-includes'.DIRECTORY_SEPARATOR.'.htaccess', 'RESP'=>'403', 'DESC'=>'Denies any Direct request for files ending in .php with a 403 Forbidden'); $aa_PP['S']['sid1015']=array( 'ON'=>'false', 'TITLE'=>'REQUEST_METHODS', 'FILE'=>ABSPATH.'.htaccess', 'RESP'=>'403', 'DESC'=>'Denies any request not using !GET|POST|OPTIONS|PUT|HEAD'); $aa_PP['S']['sid1025']=array( 'ON'=>'false', 'TITLE'=>'Directory Protection', 'FILE'=>ABSPATH.'.htaccess', 'RESP'=>'Disable', 'DESC'=>'Enable the DirectoryIndex Protection, preventing directory index listing'); if($_SERVER['SERVER_PORT']!='80'||strtolower($_SERVER['HTTPS'])=='on'){ $aa_PP['S']['sid1030']=array( 'ON'=>'false', 'TITLE'=>'SSL Site', 'FILE'=>ABSPATH.'.htaccess', 'RESP'=>'301', 'DESC'=>'Redirects all non-SSL (https) requests to your https url'); } // delete these old files if(is_file($aa_PP['S']['sid1010']['FILE'])) aa_pp_unlink($aa_PP['S']['sid1010']['FILE']); if(is_file($aa_PP['S']['sid1000']['FILE'])) aa_pp_unlink($aa_PP['S']['sid1000']['FILE']); if(is_file($aa_PP['htpasswd'])) aa_pp_unlink($aa_PP['htpasswd']); $u=parse_url(get_option('site_url')); if(!isset($u['path']))$u['path']=DIRECTORY_SEPARATOR; $u['path']=DIRECTORY_SEPARATOR.$u['path'].DIRECTORY_SEPARATOR; $aa_PP['root_path']=preg_replace('/(\/{2,4})/i',DIRECTORY_SEPARATOR,$u['path']); $aa_PP['change_htpasswd']='0'; $aa_PP['change_htaccess']='0'; $aa_PP['config_step']='1'; $aa_PP['htaccess_support']='0'; $aa_PP['plugin_data']=get_plugin_data(__FILE__); update_option('askapache_password_protect',$aa_PP); } // aa_pp_deactivate function aa_pp_deactivate(){ global $aa_PP; $aa_PP=get_option('askapache_password_protect'); aa_pp_unlink($aa_PP['S']['sid900']['FILE']); aa_pp_unlink($aa_PP['htpasswd']); aa_pp_insert_mark($aa_PP['ROOT_HTACCESS'], 'AskApache PassPro', array('')); delete_option('askapache_password_protect'); } register_activation_hook(__FILE__, 'aa_pp_activate'); register_deactivation_hook(__FILE__, 'aa_pp_deactivate'); if( strpos($_SERVER['REQUEST_URI'], basename(__FILE__))!==false ) add_action('admin_head', 'aa_pp_admin_header'); add_action('admin_menu', 'aa_pp_options_setup1'); ?>