Configuration Version: 4.1 Author: AskApache Author URI: http://www.askapache.com == Installation == 1. Extract zip in plugins directory 2. Activate the Plugin 3. Setup plugin options */ /* /--------------------------------------------------------------------\ | | | License: GPL | | | | AskApache Password Protect Plugin - Adds HTTP Basic Authentication | | Copyright (C) 2008, AskApache, www.askapache.com | | All rights reserved. | | | | This program is free software; you can redistribute it and/or | | modify it under the terms of the GNU General Public License | | as published by the Free Software Foundation; either version 2 | | of the License, or (at your option) any later version. | | | | This program is distributed in the hope that it will be useful, | | but WITHOUT ANY WARRANTY; without even the implied warranty of | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | | GNU General Public License for more details. | | | | You should have received a copy of the GNU General Public License | | along with this program; if not, write to the | | Free Software Foundation, Inc. | | 51 Franklin Street, Fifth Floor | | Boston, MA 02110-1301, USA | | | \--------------------------------------------------------------------/ */ ?> ', 'Order Deny,Allow', 'Deny from All', 'Satisfy Any', 'AuthName "'.$aa_PP['realm'].'"', 'AuthUserFile '.$aa_PP['htpasswd'], 'AuthType Basic', 'Require valid-user', '', '# END sid800'); break; case 'sid900': $sidrules=array( '# BEGIN sid900', 'Order Deny,Allow', 'Deny from All', 'AuthName "'.$aa_PP['realm'].'"', 'AuthUserFile '.$aa_PP['htpasswd'], 'AuthType Basic', 'Require valid-user', '', 'Allow from All', '', '', 'Allow from All', '', 'Satisfy Any', '# END sid900'); break; case 'sid1000': $sidrules=array( '# BEGIN sid1000', 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ '.$aa_PP['root_path'].'wp-content/.*$ [NC]', 'RewriteCond %{REQUEST_FILENAME} ^.+\.php$', 'RewriteRule .* - [F,NS]', '# END sid1000'); break; case 'sid1010': $sidrules=array( '# BEGIN sid1010', 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ '.$aa_PP['root_path'].'wp-includes/.*$ [NC]', 'RewriteCond %{REQUEST_FILENAME} ^.+\.php$', 'RewriteRule .* - [F,NS]', '# END sid1010'); break; case 'sid1015': $sidrules=array( '# BEGIN sid1015', 'RewriteCond %{REQUEST_METHOD} !^(GET|POST|OPTIONS|PUT|HEAD)$ [NC]', 'RewriteRule .* - [F,L]', '# END sid1015'); break; case 'sid1030': $sidrules=array( '# BEGIN sid1030', 'RewriteCond %{HTTPS} !=on [NC]', 'RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]', '# END sid1030'); break; } if($t!='0'){ $sidrules=array_slice($sidrules,1,-1); } return $sidrules; } function aa_pp_get_post_values(){ global $aa_PP; $aa_PP=get_option('askapache_password_protect'); if(isset($_POST['resetaapp']))aa_pp_activate(); if(isset($_POST['aapptestingdone']))$aa_PP['config_step']='2'; if(isset($_POST['aappsetupcomplete']))$aa_PP['config_step']='3'; if(isset($_POST['adduser'])){ if(isset($_POST['addhtaccessuser'])&&isset($_POST['addhtaccesspass']) && isset($_POST['aapassformat'])){ $aa_current_htpasswd_users=aa_pp_extract_mark($aa_PP['htpasswd'],'AskApache PassPro'); $aa_PP['HTPASSWD_RULES']=array_merge($aa_current_htpasswd_users,array(aa_pp_hashit($_POST['aapassformat'],$_POST['addhtaccessuser'],$_POST['addhtaccesspass']))); if(!aa_pp_insert_mark($aa_PP['htpasswd'],'AskApache PassPro',$aa_PP['HTPASSWD_RULES'])) die('Error Creating '.$aa_PP['htpasswd']); } } else if(isset($_POST['changepasswordsettings'])){ if(isset($_POST['htaccessrealm']) && $aa_PP['realm']=$_POST['htaccessrealm']) { $newrealm1=$_POST['htaccessrealm']; if(strlen($newrealm1)>35)$newrealm1=substr($newrealm1, 0, 35); $aa_PP['realm']=$newrealm1; if($aa_PP['S']['sid900']['ON']=='1'){ if(!aa_pp_insert_mark($aa_PP['S']['sid900']['FILE'],'sid900',aa_pp_generate_sid_rules('sid900','1'))) die('Error Creating '.$aa_PP['S']['sid900']['FILE']); } if($aa_PP['S']['sid800']['ON']=='1'){ if(!aa_pp_insert_mark($aa_PP['S']['sid800']['FILE'],'sid800',aa_pp_generate_sid_rules('sid800','1'))) die('Error Creating '.$aa_PP['S']['sid800']['FILE']); } } if(isset($_POST['htpasswdfile']) && $_POST['htpasswdfile']!=$aa_PP['htpasswd']){ if(!is_writable(dirname($_POST['htpasswdfile'])) && !touch($_POST['htpasswdfile'])) die($_POST['htpasswdfile'].' location is not writable!'); else { if(!aa_pp_insert_mark($_POST['htpasswdfile'],'AskApache PassPro',aa_pp_extract_mark($aa_PP['htpasswd'],'AskApache PassPro')))die('error writing new password file.'); else aa_pp_unlink($aa_PP['htpasswd']); $aa_PP['htpasswd']=$_POST['htpasswdfile']; if($aa_PP['S']['sid900']['ON']=='1'){ if(!aa_pp_insert_mark($aa_PP['S']['sid900']['FILE'],'sid900',aa_pp_generate_sid_rules('sid900','1'))) die('Error Creating '.$aa_PP['S']['sid900']['FILE']); } if($aa_PP['S']['sid800']['ON']=='1'){ if(!aa_pp_insert_mark($aa_PP['S']['sid800']['FILE'],'sid800',aa_pp_generate_sid_rules('sid800','1'))) die('Error Creating '.$aa_PP['S']['sid800']['FILE']); } } } } else if(isset($_POST['aappsetupcomplete'])){ if(isset($_POST['aapassformat']))$aa_PP['format']=$_POST['aapassformat']; if(isset($_POST['htaccessuser']) && isset($_POST['htaccesspass'])) $aa_PP['user']=$_POST['htaccessuser']; if(isset($_POST['htaccessrealm']) && $aa_PP['realm']!=$_POST['htaccessrealm']) { if(strlen($aa_PP['realm'])>35)$aa_PP['realm']=substr($aa_PP['realm'], 0, 35); } if(isset($_POST['htpasswdfile'])){ if(!is_writable(dirname($_POST['htpasswdfile'])) && !touch($_POST['htpasswdfile'])) die($_POST['htpasswdfile'].' location is not writable!'); else $aa_PP['htpasswd']=$_POST['htpasswdfile']; } $aa_PP['HTPASSWD_RULES']=array(aa_pp_hashit($_POST['aapassformat'],$_POST['htaccessuser'],$_POST['htaccesspass'])); if(!aa_pp_insert_mark($aa_PP['htpasswd'],'AskApache PassPro',$aa_PP['HTPASSWD_RULES'])) die('Error Creating '.$aa_PP['htpasswd']); if(isset($_POST['sid900'])) { $aa_PP['S']['sid900']['ON']='1'; if(!aa_pp_insert_mark($aa_PP['S']['sid900']['FILE'], 'AskApache PassPro', aa_pp_generate_sid_rules('sid900'))) die("Couldnt create ".$aa_PP['S']['sid900']['FILE']." file!"); } else { @ aa_pp_unlink($aa_PP['S']['sid900']['FILE']); $aa_PP['S']['sid900']['ON']='0'; } } else if(isset($_POST['updatemodules'])){ if( isset($_POST['sid1000']) || isset($_POST['sid800']) || isset($_POST['sid1010']) || isset($_POST['sid1015']) || isset($_POST['sid1030']) || isset($_POST['sid700'])){ $aa_PP['mod_rewrite_on']='1'; $aa_PP['blog_root_htaccess_RULES']=array( '', 'RewriteEngine On', 'RewriteBase /', ''); } else $aa_PP['mod_rewrite_on']='0'; if(isset($_POST['sid700'])) { $aa_PP['S']['sid700']['ON']='1'; $aa_PP['blog_root_htaccess_RULES']=array_merge($aa_PP['blog_root_htaccess_RULES'],aa_pp_generate_sid_rules('sid700')); } else $aa_PP['S']['sid700']['ON']='0'; if(isset($_POST['sid1015'])) { $aa_PP['S']['sid1015']['ON']='1'; $aa_PP['blog_root_htaccess_RULES']=array_merge($aa_PP['blog_root_htaccess_RULES'],aa_pp_generate_sid_rules('sid1015')); } else $aa_PP['S']['sid1015']['ON']='0'; if(isset($_POST['sid1030'])) { $aa_PP['S']['sid1030']['ON']='1'; $aa_PP['S']['sid1030']['RULES']=array_merge($aa_PP['blog_root_htaccess_RULES'],aa_pp_generate_sid_rules('sid1030')); } else $aa_PP['S']['sid1030']['ON']='0'; if(isset($_POST['sid1000'])) { $aa_PP['S']['sid1000']['ON']='1'; $aa_PP['blog_root_htaccess_RULES']=array_merge($aa_PP['blog_root_htaccess_RULES'],aa_pp_generate_sid_rules('sid1000')); } else $aa_PP['S']['sid1000']['ON']='0'; if(isset($_POST['sid1010'])) { $aa_PP['S']['sid1010']['ON']='1'; $aa_PP['blog_root_htaccess_RULES']=array_merge($aa_PP['blog_root_htaccess_RULES'],aa_pp_generate_sid_rules('sid1010')); } else $aa_PP['S']['sid1010']['ON']='0'; if(isset($_POST['sid800'])) { $aa_PP['S']['sid800']['ON']='1'; $aa_PP['blog_root_htaccess_RULES']=array_merge($aa_PP['blog_root_htaccess_RULES'],aa_pp_generate_sid_rules('sid800')); } else $aa_PP['S']['sid800']['ON']= '0'; if($aa_PP['mod_rewrite_on']=='1'){ $aa_PP['blog_root_htaccess_RULES'][]=''; if(!aa_pp_insert_mark($aa_PP['blog_root_htaccess'], 'AskApache PassPro', $aa_PP['blog_root_htaccess_RULES'])) die("Couldnt create ".$aa_PP['blog_root_htaccess']." file!"); } if(isset($_POST['sid900'])) { $aa_PP['S']['sid900']['ON']='1'; if(!aa_pp_insert_mark($aa_PP['S']['sid900']['FILE'], 'AskApache PassPro', aa_pp_generate_sid_rules('sid900'))) die("Couldnt create ".$aa_PP['S']['sid900']['FILE']." file!"); } else { @ aa_pp_unlink($aa_PP['S']['sid900']['FILE']); $aa_PP['S']['sid900']['ON']='0'; } } if(AA_PP_DEBUG){echo '
';print_r($_POST);echo '
';} update_option('askapache_password_protect',$aa_PP); } // aa_pp_admin_header function aa_pp_admin_header(){ global $aa_PP; if (!current_user_can(8)||!current_user_can('upload_files')) die(__("You are not allowed to be here")); $aa_PP=get_option('askapache_password_protect'); if($_SERVER['REQUEST_METHOD']==='POST') { check_admin_referer('askapache-password-protect-update_modify'); aa_pp_get_post_values(); } update_option('askapache_password_protect',$aa_PP); } // aa_pp_main_page function aa_pp_main_page() { global $aa_PP; if (! user_can_access_admin_page()) die( __('You do not have sufficient permissions to access this page.') ); if (!current_user_can(8)||!current_user_can('upload_files'))die(__("You are not allowed to be here")); ?>

by    |  Google 404 Plugin - .htaccess tutorial - .htaccess help forum


NOTE: This is an incredibly powerful plugin as it modifies your server as opposed to modifying wordpress. This can easily take your site down. If you experience a bad error, delete the .htaccess files on the server using ftp, ssh, webftp, contact support, etc.. If everything works, you will love this plugin and what it will do for you.

" method="post"> '; print_r($aa_PP); //$g=aa_pp_extract_mark($aa_PP['blog_root_htaccess'],'WordPress');print_r($g); //if(function_exists('apache_get_modules'))print_r(apache_get_modules()); //ob_start();phpinfo(8);$g=ob_get_clean();echo $g; echo ''; } ?>


Installation

Create User and Pass for .htpasswd

Try to pick an .htpasswd location above your document_root, in other words, not in site.com/htdocs/.htpasswda1 but site.com/.htpasswda1

AskApache PassPro Encryption Algorithm Descriptions

CRYPT

SHA1

MD5

PLAIN TEXT

Modify Main Password Settings

Add User

Username

Manage .htaccess Security Modules

$sid){?> >
SID Protection Description Response Enable

/>

New modules added with every upgrade. Submit your module suggestions/bugs here.

Delete .htaccess files if you ever have a problem.

View

View wp-admin .htaccess


View root .htaccess


Set Default Password Encryption Algorithm

*/?>

About This Plugin

'.$aa_PP['plugin_data']['Version'].''; ?>

:

AskApache Links

· Google 401.php Plugin

· .htpasswd Generator

· htaccess tutorial

Security Articles

· Hardening WordPress

· mod_security tricks

· WordPress File Permissions

0){ foreach($cu as $key){ $CURRENT_USERS[]=preg_replace('/(.+):(.+)/', "\\1", $key, 1); } } return $CURRENT_USERS; } // aa_pp_unlink function aa_pp_unlink($f) { @ unlink($f); if(!file_exists($f))return true; @ chmod($f,0777); @ unlink($f);if(!file_exists($f))return true; $stat = stat(dirname($f)); $dir_perms = $stat['mode'] & 0007777; @ chmod(dirname($f),$dir_perms); @ unlink($f); if(!file_exists($f))return true; else { die("Couldnt delete $f"); return false; } if(AA_PP_DEBUG){aa_pp_mess('deleted '.$f);} } // aa_pp_file_put_c function aa_pp_file_put_c($filename,$content){ if (function_exists("file_put_contents")) { @ file_put_contents($filename, $content); return true; } else { $fh = @ fopen($filename, 'wb'); if ($fh) { @ fwrite($fh, $content); @ fclose($fh); } else return false; } if(AA_PP_DEBUG){aa_pp_mess('created '.$filename);} return true; } // aa_pp_readfile function aa_pp_readfile($fn,$g=0){ if(file_exists($fn) && filesize($fn)>0) { if(!$f = @fopen($fn, 'rb'))return false; $filecontent = fread($f, filesize($fn)); }else return false; if(fclose($f)){ if($g!==0)return $filecontent; else echo htmlspecialchars($filecontent); } } // aa_pp_mktempdir function aa_pp_mktempdir($dirname,$prefix){ $old=umask(0); $TRpdirname=tempnam(ABSPATH.'wp-content', $prefix); $stat = stat(ABSPATH.'wp-content'); $dir_perms = $stat['mode'] & 0007777; @ chmod($TRpdirname, $dir_perms); aa_pp_unlink($TRpdirname); if (! mkdir($TRpdirname, 0777)) die("Error creating directory $dirname with $prefix"); umask($old); if(AA_PP_DEBUG){aa_pp_mess('Created temporary directory at'.$TRpdirname);} return $TRpdirname; } function aa_pp_run_tests(){ global $aa_PP; echo "

Test for read/write permissions"; if(!is_writable(ABSPATH) || !is_writable(ABSPATH.'wp-admin/') || !is_writable(ABSPATH.'wp-content/')) { echo " [ FAILED ]

"; if(!is_writable(ABSPATH))echo ABSPATH.' needs to be writable by php
'; if(!is_writable(ABSPATH.'wp-admin/'))echo ABSPATH.'wp-admin/ needs to be writable by php
'; if(!is_writable(ABSPATH.'wp-content/'))echo ABSPATH.'wp-content/ needs to be writable by php
'; echo "

NOTE: Never chmod 777 anything, if you must, for directories use 766 but only if 755 will not work and 750 is even better. Likewise the highest you should ever set a file is 666.

"; echo "

Please make the required directories writable by php and reload this page.

"; } else { echo ' [ SUCCESS ]'; $error401='eNqFUU1PwkAQvTfpfxgbDnCgQ40nKIsIGEhQG60HT2RpV7bhY9fdIRV/vdtSEi/E05vMvDdvJi8'. 'eaanB99R6ZYkbancGvncvBc+FaQfzNE0wCiO460UwPpJUpvjhVKgDvIqvY2FEHnQG8EfxRpyOtv+vYMR'. '8L76ZvkzSj2QG8/RpCcn7w3IxgaCLuJilj4jTdHqe3IY9xNlzUGkk7Xc1OsMKqaCdYNftYjwzHBUvmrX'. 'KT/WOiF0TuZEjaJYYRSIjkcP6BDEHacTnMJBEuo9YlmXI7ZZrnkkRZmqPpTK5NsJalMSzzBVdza2t2l1'. '9XhVWHwRsbLfjWgdJQ4DGyx0SI2cx6vroy7F4+bxKzPdam6HLbCNole0EP9S5iUwqaG2q6rugBurJiP0CaXaZXQ=='; $testimage='eNrj5bKxL8go4OVyyEhNTEkt0lByzs8rSc0r0Q2pLEi1UsjMTUxP1U/PTFPStMaiyCc1L70kw0rBxBIsn5qcka9'. 'QkJicraHkoaWko2RibmJpYmZsYWxpZmhgaGAAwpYgGgrSkABExMgwzdLAxMDU0ATEAaJkuGKofrC4kakJiG2cBLG2IrMESmmA+PZ2AEyvN7w='; $testerror401file=gzuncompress(base64_decode($error401)); if(AA_PP_DEBUG){ aa_pp_mess('Test File 401.php'); aa_pp_mess('
'.htmlentities($testerror401file).'
'); } $testimagefile=ltrim(gzuncompress(base64_decode($testimage))); if(AA_PP_DEBUG){ aa_pp_mess('Test File test.php'); aa_pp_mess('
'.htmlentities($testimagefile).'
'); } $absolute_to_root_modrewrite=aa_pp_mktempdir(ABSPATH.'wp-content/', 'askapache'); $rel_to_docroot_mod_rewrite=$aa_PP['root_path'].basename($absolute_to_root_modrewrite).'/'; $testing_mods=$aa_PP['root_path'].'wp-content/'.basename($absolute_to_root_modrewrite).'/test.php'; $testing_mods_401=$aa_PP['root_path'].'wp-content/'.basename($absolute_to_root_modrewrite).'/401.php'; $testing_mods_root=$aa_PP['root_path'].'wp-content/'.basename($absolute_to_root_modrewrite).'/'; if(!aa_pp_file_put_c("$absolute_to_root_modrewrite/401.php",$testerror401file)) die("Error Creating test pages for HTTP Authentication Enabled Test files!"); if(!aa_pp_file_put_c("$absolute_to_root_modrewrite/test.php",$testimagefile)) die("Error Creating test pages for HTTP Authentication Enabled Test files!"); $modrewritetesthtaccess=array( "DirectoryIndex $rel_to_docroot_mod_rewrite401.php 401.php", "ErrorDocument 401 $rel_to_docroot_mod_rewrite401.php", "ErrorDocument 403 $rel_to_docroot_mod_rewrite401.php", "", "RewriteEngine On", "RewriteBase /", 'RewriteCond %{QUERY_STRING} !^$ [NC]', 'RewriteCond %{QUERY_STRING} !askapachetest1 [NC]', 'RewriteRule .* /? [R=307,L]', "", "", "SecFilterEngine On", 'SecFilter askapachetest1 "deny,nolog,noauditlog,status:503"', "", "", "RedirectMatch 305 ^.*askapacheredirecttest$ http://".$_SERVER['HTTP_HOST']."/", ""); echo "

Test for .htaccess capability"; if(!aa_pp_insert_mark("$absolute_to_root_modrewrite/.htaccess", 'Test', $modrewritetesthtaccess)) die("Couldnt create $absolute_to_root_modrewrite/.htaccess file!"); $rv=aa_pp_test_userpass(" "," ",$testing_mods_401); if($rv!='500'){ echo ' [ SUCCESS ]'; $aa_PP['htaccess_support']='1'; }else echo ' [ FAILED ]'; echo "

"; echo '

401 Response: '.$rv; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rv); echo '

'; echo "

Test for mod_alias capability"; $rv=aa_pp_test_userpass(" "," ",$testing_mods_root.'askapacheredirecttest'); if($rv=='305'){ echo ' [ SUCCESS ]'; $aa_PP['mod_alias_support']='1'; }else echo ' [ FAILED ]'; echo "

"; echo '

305 Response: '.$rv; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rv); echo '

'; echo "

Test for mod_rewrite capability"; $rv=aa_pp_test_userpass(" "," ",$testing_mods."?Q"); if($rv=='307'){ echo ' [ SUCCESS ]'; $aa_PP['mod_rewrite_support']='1'; }else echo ' [ FAILED ]'; echo "

"; echo '

307 Response: '.$rv; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rv); echo '

'; echo "

Test for mod_security capability"; $rv=aa_pp_test_userpass(" "," ",$testing_mods."?askapachetest1"); if($rv=='503'){ echo ' [ SUCCESS ]'; $aa_PP['mod_security_support']='1'; } else echo ' [ FAILED ]'; echo "

"; echo '

503 Response: '.$rv; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rv); echo '

'; $htpasswds=array(aa_pp_hashit('CRYPT','testCRYPT','testCRYPT'),aa_pp_hashit('MD5','testMD5','testMD5'),aa_pp_hashit('SHA1','testSHA1','testSHA1'),aa_pp_hashit('PLAIN','testPLAIN','testPLAIN')); $absolute_to_root_encryptions=aa_pp_mktempdir(ABSPATH.'wp-content/', 'askapache'); $rel_to_docroot_encryptions=$aa_PP['root_path'].basename($absolute_to_root_encryptions).'/'; $testing_encryptions=$aa_PP['root_path'].'wp-content/'.basename($absolute_to_root_encryptions).'/test.php'; if(!aa_pp_insert_mark("$absolute_to_root_encryptions/.htpasswda1", 'Test', $htpasswds)) die("Error Creating $absolute_to_root_encryptions .htpasswda1 Test files!"); if(!aa_pp_file_put_c("$absolute_to_root_encryptions/401.php",$testerror401file)) die("Error Creating test pages for HTTP Authentication Enabled Test files!"); if(!aa_pp_file_put_c("$absolute_to_root_encryptions/test.php",$testimagefile)) die("Error Creating $absolute_to_root_encryptions test.php for HTTP Authentication Enabled Test files!"); $encryptiontest=array( "DirectoryIndex $rel_to_docroot_encryptions401.php 401.php", "ErrorDocument 401 $rel_to_docroot_encryptions401.php", "ErrorDocument 403 $rel_to_docroot_encryptions401.php", 'Order Deny,Allow','Deny from All','Satisfy Any', 'AuthName "askapache test"', "AuthUserFile $absolute_to_root_encryptions/.htpasswda1", "AuthType Basic", "Require valid-user"); if(!aa_pp_insert_mark("$absolute_to_root_encryptions/.htaccess", 'Test', $encryptiontest)) die("Couldnt create $absolute_to_root_encryptions/.htaccess file!"); foreach($aa_PP['algorithms'] as $key=>$value){ $rg=aa_pp_test_userpass("test$key","test".$key,$testing_encryptions); $rb=aa_pp_test_userpass("fail$key","fail".$key,$testing_encryptions); sleep(1); if($rb=='401'){ $aa_PP['algorithms'][$key]['enabled']='1'; $aa_PP['htaccess_support']='1'; } else $aa_PP['algorithms'][$key]['enabled']='0'; if($rg=='200'){ $aa_PP['algorithms'][$key]['enabled']='1'; $aa_PP['htaccess_support']='1'; } else $aa_PP['algorithms'][$key]['enabled']='0'; echo "

Test for $key encryption capability"; if($aa_PP['algorithms'][$key]['enabled']=='1')echo ' [ SUCCESS ]'; else echo ' [ FAILED ]'; echo "

"; echo '

200 Response: '.$rg; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rg); echo ''; echo '
401 Response:: '.$rb; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rb); echo '

'; } aa_pp_clean_test(ABSPATH.'wp-content'); update_option('askapache_password_protect',$aa_PP); } return true; } // aa_pp_test_userpass function aa_pp_test_userpass($u,$p,$path){ global $aa_PP; if ( !function_exists('fsockopen') )die('bad'); $response_code=$response=''; $UA='Mozilla/5.0 (compatible; AskApache/'.$aa_PP['plugin_data']['Version'].'; +http://www.askapache.com/)'; $target=(isset($_SERVER["SERVER_ADDR"])) ? $_SERVER["SERVER_ADDR"] : gethostbyname($_SERVER['HTTP_HOST']); if(isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])=='on') { if(version_compare(phpversion(),'4.3.0','>=')&&function_exists('openssl_open')) $target="ssl://".$target.$_SERVER['SERVER_PORT']; else die('bad'); } $usr=(strlen($u)>3) ? "Authorization: Basic ".base64_encode($u.":".$p)."\r\n\r\n" : "\r\n"; $http_req= "GET $path HTTP/1.1\r\n". "Host: ".$_SERVER['HTTP_HOST']."\r\n". "User-Agent: ".$UA."\r\n". "Accept: */*\r\n". "Referer: http://www.askapache.com\r\n". "Connection: Close\r\n". $usr; if(AA_PP_DEBUG){aa_pp_mess('
Sending this request for the test
');aa_pp_mess('
'.htmlentities($http_req).'
');} if( false!= ($fp = @fsockopen($target, $_SERVER['SERVER_PORT'], $errno, $errstr, 15)) && is_resource($fp)){ @socket_set_timeout($fp,15); if(!fwrite($fp,$http_req,strlen($http_req)))die('bad');; do{ $respons .= fgets($fp, 1160); $fp_status = @socket_get_status($fp); if( $fp_status['timed_out'] ) break; }while (true && !feof($fp)); if(@fclose($fp)){ if(preg_match("|^HTTP/[^\s]*\s(.*?)\s|",$respons, $status))$response_code=$status[1]; else return false;//return false; $respons;//die('garbled response!'); $response = explode("\r\n\r\n", $respons, 2); } }else die('bad fsockopen'); if(AA_PP_DEBUG){aa_pp_mess('
'.htmlentities($respons).'
');} return $response_code; } function aa_pp_clean_test($path, $d=0){ if (substr($path,strlen($path)-1)!= '/') $path .= '/'; if ($handle = opendir ($path)){ while (false !== ($file=readdir($handle))){ if ($file == '.' || $file == '..' || strpos($file,'askapache')===false && $d <= 0) continue; $file = $path.$file; if (!is_dir ($file) && !is_link($file)) @unlink($file); elseif(!is_link($file)) { aa_pp_clean_test($file.'/', $d+1); @rmdir($file.'/'); } } closedir ($handle); } if(AA_PP_DEBUG){aa_pp_mess('Removed temporary test directory'.$path);} } function aa_pp_notify_mail($username,$pass){ $result=false; if ( !is_object( $aappmailer ) || !is_a( $aappmailer, 'PHPMailer' ) && file_exists(ABSPATH . WPINC . '/class-phpmailer.php')) { require_once ABSPATH . WPINC . '/class-phpmailer.php'; $aappmailer = new PHPMailer(); $attach1=aa_pp_gzip($aa_PP['blog_root_htaccess'],ABSPATH.'wp-admin/htaccess-backup.zip'); $attach2=aa_pp_gzip(ABSPATH.'wp-admin/.htaccess',ABSPATH.'wp-admin/wpadmin-htaccess-backup.zip'); $message = sprintf("Your AskApache Protected WordPress blog has been modified, keep this email for your records. You can log in to the administrator account with the following information: Username: %1\$s Password: %2\$s We hope you enjoy your new security. Thanks! --AskApache http://www.askapache.com/ ",$username,$pass); $sitename = str_replace('www.','','wordpress@'.strtolower( $_SERVER['SERVER_NAME'])); $user = wp_get_current_user(); $aappmailer->ClearAddresses(); $aappmailer->ClearAllRecipients(); $aappmailer->ClearAttachments(); $aappmailer->ClearBCCs(); $aappmailer->ClearCCs(); $aappmailer->ClearCustomHeaders(); $aappmailer->ClearReplyTos(); $aappmailer->FromName='WordPress'; $aappmailer->From=$from_email; $aappmailer->AddAddress( $user->user_email ); $aappmailer->Subject = '['.get_option('blogname').'] AskApache Password Protection'; $aappmailer->Body = $message; $aappmailer->AddAttachment($attach1); $aappmailer->AddAttachment($attach2); $aappmailer->IsMail(); $aappmailer->IsHTML( false ); $aappmailer->CharSet=get_bloginfo( 'charset' ); $result = @$aappmailer->Send(); } aa_pp_unlink($attach1); aa_pp_unlink($attach2); return $result; } function aa_pp_generate_password($length = 5) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$!"; $p = ''; for ( $i = 0; $i < $length; $i++ )$p .= substr($chars, mt_rand(0, strlen($chars) - 1), 1); return $p; } function aa_pp_mess($message=''){ ?>

$markerline) { if (strpos($markerline,'# BEGIN '.$marker)!== false)$state = false; if($state) { if ($n+1 < count($markerdata))fwrite($f,"{$markerline}\n"); else fwrite($f, "{$markerline}"); } if (strpos($markerline, '# END ' . $marker) !== false) { fwrite($f,"# BEGIN {$marker}\n"); if (is_array($insertion)) foreach ( $insertion as $insertline ) fwrite($f, "{$insertline}\n"); fwrite($f, "# END {$marker}\n"); $state=true; $foundit=true; } } } if (!$foundit) { fwrite($f,"\n# BEGIN {$marker}\n"); foreach ($insertion as $insertline)fwrite($f, "{$insertline}\n"); fwrite($f,"# END {$marker}\n"); } fclose($f); return true; } // aa_pp_hashit function aa_pp_hashit($format,$user='',$pass=''){ if(!function_exists('crypt') || !function_exists('sha1'))die("Error Creating .htpasswd hashes! Need crypt or sha1"); $hash=''; switch ($format){ case 'PLAIN': $hash=$user.':'.$pass; break; case 'CRYPT': $seed = NULL; for ($i = 0; $i < 8; $i++) {$seed .= substr('0123456789abcdef', rand(0,15), 1);} $hash=$user.':'.crypt($pass, "$1$".$seed); break; case 'SHA1': $hash=$user.':{SHA}'.base64_encode(pack("H*", sha1($pass))); break; case 'MD5': // php.net/crypt.php#73619 $saltt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8); $len = strlen($pass);$text = $pass.'$apr1$'.$saltt;$bin = pack("H32", md5($pass.$saltt.$pass)); for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); } for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $pass{0}; } $bin = pack("H32", md5($text)); for($i=0; $i<1000; $i++) { $new = ($i & 1) ? $pass : $bin; if ($i % 3) $new .= $saltt; if ($i % 7) $new .= $pass; $new .= ($i & 1) ? $bin : $pass; $bin = pack("H32", md5($new)); } for($i=0; $i<5; $i++) { $k = $i + 6; $j=$i + 12; if($j==16){ $j = 5; } $TRp = $bin[$i].$bin[$k].$bin[$j].$TRp; } $TRp = chr(0).chr(0).$bin[11].$TRp; $TRp = strtr(strrev(substr(base64_encode($TRp), 2)),"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); $hash="$user:$"."apr1"."$".$saltt."$".$TRp; break; } if(AA_PP_DEBUG){aa_pp_mess('Created '.$format.' Hash for '.$user.' with Password '.$pass);aa_pp_mess('
'.$hash.'
');} return $hash; } // aa_pp_activate function aa_pp_activate(){ global $aa_PP; $oldoptions=array('aa_home_folder','aa_wpadmin_folder','aa_htpasswd_file','aa_htaccess_file','aa_original_htpasswd','aa_original_htaccess','aa_plugin_message','aa_plugin_version','aa_home','aa_wpadmin', 'aa_htpasswd_f','aa_htaccess_f','aa_user','aa_plugin_message','aa_home_folder','aa_wpadmin_folder','aa_htpasswd_file','aa_htaccess_file','aa_original_htpasswd','aa_original_htaccess','aa_plugin_message', 'aa_plugin_version','aa_pp_docroot_htaccess','aa_pp_wp_includes_htaccess','aa_pp_wp_content_htaccess','aa_pp_wp_includes_htaccess','aa_pp_main_base64','aa_pp_ok'); foreach($oldoptions as $key){ delete_option($key); } $aa_PP['htpasswd'] = ABSPATH.'.htpasswda1'; $aa_PP['htaccessusers']=aa_pp_current_users($aa_PP['htpasswd'],'AskApache PassPro'); $aa_PP['realm']='Protected By AskApache'; $aa_PP['user']='admin'; $aa_PP['format']='SHA1'; $home_path = parse_url(get_option('home')); $aa_PP['plugin_data'] =get_plugin_data(__FILE__); $aa_PP['pass'] =aa_pp_generate_password(); $aa_PP['blog_root_htaccess'] = ABSPATH.'.htaccess'; $aa_PP['root_path'] =$home_path['path'].'/'; $aa_PP['change_htpasswd'] ='0'; $aa_PP['change_htaccess'] ='0'; $aa_PP['config_step'] ='1'; $aa_PP['htaccess_support'] ='0'; $aa_PP['mod_alias_support'] ='0'; $aa_PP['mod_security_support'] ='0'; $aa_PP['mod_rewrite_support'] ='0'; $aa_PP['mod_rewrite_on'] ='0'; $aa_PP['algorithms']=array( 'CRYPT' => array('enabled'=>0,'desc'=>' - Unix only. Uses the traditional Unix crypt function with a randomly-generated 32-bit salt.'), 'MD5' => array('enabled'=>0,'desc'=>' - Base64-encoded SHA-1 digest of the password.'), 'SHA1' => array('enabled'=>0,'desc'=>' - Apache-specific algorithm using an iterated MD5 digest of randoml 32-bit salt and the password.'), 'PLAIN' => array('enabled'=>0,'desc'=>' - (i.e. unencrypted) Windows, BEOS, & Netware only') ); $aa_PP['S']['sid900']=array( 'ON'=>'0', 'TITLE'=>'wp-admin/*.*', 'FILE'=>ABSPATH.'wp-admin/.htaccess', 'RESP'=>'401', 'DESC'=>'Requires a valid user/pass to access any non-static (css, js, images) file in this directory'); $aa_PP['S']['sid1000']=array( 'ON'=>'0', 'TITLE'=>'wp-content/*.php', 'FILE'=>ABSPATH.'wp-content/.htaccess', 'RESP'=>'401', 'DESC'=>'Denies any Direct request for files ending in .php with a 403 Forbidden'); $aa_PP['S']['sid800']=array( 'ON'=>'0', 'TITLE'=>'wp-login.php', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'401', 'DESC'=>'Requires a valid user/pass to access the login page'); $aa_PP['S']['sid1010']=array( 'ON'=>'0', 'TITLE'=>'wp-includes/*.php', 'FILE'=>ABSPATH.'wp-includes/.htaccess', 'RESP'=>'403', 'DESC'=>'Denies any Direct request for files ending in .php with a 403 Forbidden'); $aa_PP['S']['sid1015']=array( 'ON'=>'0', 'TITLE'=>'REQUEST_METHODS', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'403', 'DESC'=>'Denies any request not using !GET|POST|OPTIONS|PUT|HEAD'); $aa_PP['S']['sid700']=array( 'ON'=>'0', 'TITLE'=>'Directory Protection', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'Disable', 'DESC'=>'Enable the DirectoryIndex Protection, preventing directory index listing'); $aa_PP['S']['sid1030']=array( 'ON'=>'0', 'TITLE'=>'SSL Site', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'301', 'DESC'=>'Redirects all non-SSL (https) requests to your https url'); // delete these old files if(is_file($aa_PP['S']['sid1010']['FILE'])) aa_pp_unlink($aa_PP['S']['sid1010']['FILE']); if(is_file($aa_PP['S']['sid1000']['FILE'])) aa_pp_unlink($aa_PP['S']['sid1000']['FILE']); aa_pp_insert_mark($aa_PP['blog_root_htaccess'], 'AskApache PassPro', array('')); //if(is_file($aa_PP['htpasswd'])) aa_pp_unlink($aa_PP['htpasswd']); update_option('askapache_password_protect',$aa_PP); } // aa_pp_deactivate function aa_pp_deactivate(){ global $aa_PP; $aa_PP=get_option('askapache_password_protect'); aa_pp_unlink($aa_PP['S']['sid900']['FILE']); //aa_pp_unlink($aa_PP['htpasswd']); aa_pp_insert_mark($aa_PP['blog_root_htaccess'], 'AskApache PassPro', array('')); delete_option('askapache_password_protect'); } register_activation_hook(__FILE__, 'aa_pp_activate'); register_deactivation_hook(__FILE__, 'aa_pp_deactivate'); if( strpos($_SERVER['REQUEST_URI'], basename(__FILE__))!==false ) add_action('admin_head', 'aa_pp_admin_header'); add_action('admin_menu', 'aa_pp_options_setup1'); ?>