Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!

WordPress HTTPS with Cookie Handling

By: sc0ttkclark on Apr 14th, 2011  |  syntax: PHP  |  size: 29.54 KB  |  views: 209  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?php
  2. /*
  3. Plugin Name: WordPress HTTPS
  4. Plugin URI: http://mvied.com/projects/wordpress-https/
  5. Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
  6. Author: Mike Ems
  7. Version: 1.8.5
  8. Author URI: http://mvied.com/
  9. */
  10.  
  11. /**
  12. * Class for the WordPress plugin WordPress HTTPS
  13. *
  14. * @author  Mike Ems
  15. * @package WordPressHTTPS
  16. * @copyright Copyright 2010
  17. *
  18. */
  19.  
  20. if ( !class_exists('WordPressHTTPS') ) {
  21.  class WordPressHTTPS {
  22.  
  23.   /**
  24.    * Plugin version
  25.    *
  26.    * @var int
  27.    */
  28.   var $plugin_version = '1.8.5';
  29.  
  30.   /**
  31.    * Plugin URL
  32.    *
  33.    * @var string
  34.    */
  35.   var $plugin_url;
  36.  
  37.   /**
  38.    * HTTP URL
  39.    *
  40.    * @var string
  41.    */
  42.   var $http_url;
  43.  
  44.   /**
  45.    * HTTPS URL
  46.    *
  47.    * @var string
  48.    */
  49.   var $https_url;
  50.  
  51.   /**
  52.    * Shared SSL
  53.    *
  54.    * @var boolean
  55.    */
  56.   var $shared_ssl = 0;
  57.  
  58.   /**
  59.    * Default options
  60.    *
  61.    * @var array
  62.    */
  63.   var $options_default;
  64.  
  65.   /**
  66.    * Initialize plugin
  67.    *
  68.    * @param none
  69.    * @return void
  70.    */
  71.   function __construct() {
  72.    // Assign plugin_url
  73.    if ( version_compare( get_bloginfo('version'), '2.8', '>=' ) ) {
  74.     $this->plugin_url = plugins_url('', __FILE__);
  75.    } else {
  76.     $this->plugin_url = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__FILE__));
  77.    }
  78.  
  79.    // Assign HTTP URL
  80.    $this->http_url = 'http://' . parse_url(get_option('home'), PHP_URL_HOST);
  81.    // Assign HTTPS URL
  82.    $this->https_url = $this->replace_http($this->http_url);
  83.  
  84.    // Shared SSL
  85.    if (get_option('wordpress-https_sharedssl') == 1 && get_option('wordpress-https_sharedssl_host') != '') {
  86.     // Turn on Shared SSL
  87.     $this->shared_ssl = 1;
  88.     // Assign HTTPS URL to Shared SSL Host
  89.     $this->https_url = get_option('wordpress-https_sharedssl_host');
  90.     // Prevent WordPress from causing a redirect loop
  91.     remove_filter('template_redirect', 'redirect_canonical');
  92.    }
  93.  
  94.    // Define default options
  95.    $this->options_default = array(
  96.     'wordpress-https_internalurls'         => 1, // Force internal URL's to HTTPS
  97.     'wordpress-https_externalurls'         => 0, // Force external URL's to HTTPS
  98.     'wordpress-https_bypass'               => 0, // Bypass option to check if external elements can be loaded via HTTPS
  99.     'wordpress-https_disable_autohttps'    => 0, // Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.
  100.     'wordpress-https_exclusive_https'      => 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked.
  101.     'wordpress-https_frontpage'            => 0, // Force SSL on front page
  102.     'wordpress-https_sharedssl'            => 0, // Enable Shared SSL
  103.     'wordpress-https_sharedssl_host'       => '' // Hostname for Shared SSL
  104.    );
  105.  
  106.    // Start output buffering
  107.    add_action('plugins_loaded', array(&$this, 'buffer_start'));
  108.  
  109.    // Check for admin/login redirects
  110.    add_action('plugins_loaded', array(&$this, 'admin_redirect'));
  111.  
  112.    // Fix secure_auth_cookie
  113.    add_filter('secure_auth_cookie', array(&$this, 'secure_auth_cookie'));
  114.  
  115.    // Fix secure_logged_in_cookie
  116.    add_filter('secure_logged_in_cookie', array(&$this, 'secure_logged_in_cookie'));
  117.  
  118.    // Set Cookies for HTTP/HTTPS
  119.    add_action('set_auth_cookie', array(&$this, 'set_cookie'), 10, 5);
  120.    add_action('set_logged_in_cookie', array(&$this, 'set_cookie'), 10, 5);
  121.  
  122.    // Clear Cookies for HTTP/HTTPS
  123.    add_action('clear_auth_cookie', array(&$this, 'clear_cookie'));
  124.  
  125.    if ( is_admin() ) {
  126.     // Add admin menus
  127.     add_action('admin_menu', array(&$this, 'menu'));
  128.  
  129.     // Load on plugins page
  130.     if ( $GLOBALS['pagenow'] == 'plugins.php' ) {
  131.      add_filter( 'plugin_row_meta', array( &$this, 'plugin_links' ), 10, 2);
  132.     }
  133.  
  134.     // Load on Settings page
  135.     if ( @$_GET['page'] == 'wordpress-https' ) {
  136.      wp_enqueue_script('jquery-form', $this->plugin_url . '/js/jquery.form.js', array('jquery'), '2.47', true);
  137.      wp_enqueue_script('wordpress-https', $this->plugin_url . '/js/admin.js', array('jquery'), $this->plugin_version, true);
  138.      wp_enqueue_style('wordpress-https', $this->plugin_url . '/css/admin.css', $this->plugin_version, true);
  139.  
  140.      // Set default options
  141.      foreach ( $this->options_default as $option => $value ) {
  142.       if ( get_option($option) === false ) {
  143.        add_option($option, $value);
  144.       }
  145.      }
  146.     }
  147.  
  148.     // Add 'Force SSL' checkbox to add/edit post pages
  149.     add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox'));
  150.     add_action('save_post', array(&$this, 'post_save'));
  151.    }
  152.  
  153.    // Check if the page needs to be redirected
  154.    add_action('template_redirect', array(&$this, 'check_https'));
  155.  
  156.    // Filter HTTPS from links in WP 3.0+
  157.    if ( ( get_option('wordpress-https_disable_autohttps') == 1 && !is_admin() && strpos('https://', get_option('home')) !== true ) ) {
  158.     add_filter('page_link', array(&$this, 'replace_https'));
  159.     add_filter('post_link', array(&$this, 'replace_https'));
  160.     add_filter('category_link', array(&$this, 'replace_https'));
  161.     add_filter('get_archives_link', array(&$this, 'replace_https'));
  162.     add_filter('tag_link', array(&$this, 'replace_https'));
  163.     add_filter('search_link', array(&$this, 'replace_https'));
  164.     add_filter('home_url', array(&$this, 'replace_https'));
  165.     add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
  166.     add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);
  167.    // If the whole site is not HTTPS, set links to the front-end to HTTP
  168.    } else if ( is_admin() && $this->is_ssl() && strpos('https://', get_option('home')) !== true ) {
  169.     add_filter('page_link', array(&$this, 'replace_https'));
  170.     add_filter('post_link', array(&$this, 'replace_https'));
  171.     add_filter('category_link', array(&$this, 'replace_https'));
  172.     add_filter('get_archives_link', array(&$this, 'replace_https'));
  173.     add_filter('tag_link', array(&$this, 'replace_https'));
  174.     add_filter('search_link', array(&$this, 'replace_https'));
  175.    }
  176.  
  177.    // End output buffering
  178.    //add_action('shutdown', array(&$this, 'buffer_end'));
  179.   }
  180.  
  181.   /**
  182.    * Process output buffer
  183.    *
  184.    * @param string
  185.    * @return string
  186.    */
  187.   function process($buffer) {
  188.    if ( $this->is_ssl() ) {
  189.     preg_match_all('/\<(script|link|img|input|form|embed|param)[^>]+((http|https):\/\/[\/-\w\.#]+)[^>]+>/im', $buffer, $matches);
  190.  
  191.     for ($i = 0; $i<=sizeof($matches[0]); $i++) {
  192.      $html   = $matches[0][$i];
  193.      $type   = $matches[1][$i];
  194.      $url    = $matches[2][$i];
  195.      $scheme = $matches[3][$i];
  196.  
  197.      if ( ( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) || ( $type == 'input' && strpos($html, 'image') !== false ) || ( $type == 'param' && strpos($html, 'movie') !== false ) || $type == 'img' || $type == 'script' || $type == 'embed' ) {
  198.       if ( strpos($url,$this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
  199.        $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
  200.       } else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html,$this->http_url) !== false ) {
  201.        $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
  202.       } else if ( get_option('wordpress-https_externalurls') == 1 ) {
  203.        if ( get_option('wordpress-https_bypass') == 1 ) {
  204.         $buffer = str_replace($html, $this->replace_http($html), $buffer);
  205.        } else if (@file_get_contents($this->replace_http($url))) {
  206.         $buffer = str_replace($html, $this->replace_http($html), $buffer);
  207.        }
  208.       }
  209.      }
  210.     }
  211.  
  212.     // Look for any relative paths that should be udpated to the Shared SSL path
  213.     if ( $this->shared_ssl == 1 ) {
  214.      preg_match_all('/\<(script|link|img|input|form|embed|param|a)[^>]+[\'"](\/[\/-\w\.#?=&;]*)[^>]+>/im', $buffer, $matches);
  215.  
  216.      for ($i = 0; $i<=sizeof($matches[0]); $i++) {
  217.       $html   = $matches[0][$i];
  218.       $type   = $matches[1][$i];
  219.       $url    = $matches[2][$i];
  220.  
  221.       $buffer = str_replace($html, str_replace($url, $this->https_url . $url, $html), $buffer);
  222.      }
  223.     }
  224.    }
  225.  
  226.    // Update anchor tags to appropriate URL's
  227.    preg_match_all('/\<a[^>]+[\'"]((http|https):\/\/[\/-\w\.#?=&;]+)[^>]+>/im', $buffer, $matches);
  228.  
  229.    for ($i = 0; $i<=sizeof($matches[0]); $i++) {
  230.     $html     = $matches[0][$i];
  231.     $url      = $matches[1][$i];
  232.     $scheme   = $matches[2][$i];
  233.  
  234.     $url_path = parse_url($url, PHP_URL_PATH);
  235.     if ($this->shared_ssl) {
  236.      $url_path = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_path);
  237.     } else {
  238.      $url_path = str_replace(parse_url(get_option('home'), PHP_URL_PATH), '', $url_path);
  239.     }
  240.  
  241.     if ($url_path == '/') {
  242.      $post = get_option('page_on_front');
  243.     } else {
  244.      $post = get_page_by_path($url_path);
  245.      $post = $post->ID;
  246.     }
  247.  
  248.     if ($post) {
  249.      $force_ssl = get_post_meta($post, 'force_ssl', true);
  250.  
  251.      if ($force_ssl) {
  252.       $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
  253.      } else if (get_option('wordpress-https_exclusive_https') == 1) {
  254.       $buffer = str_replace($html, str_replace($this->https_url, $this->http_url, $html), $buffer);
  255.      }
  256.     }
  257.    }
  258.  
  259.    // Fix any links that contain the HTTPS version of the regular domain when using Shared SSL
  260.    if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 ) {
  261.     $regex_url = preg_quote($this->replace_http($this->http_url));
  262.     $regex_url = str_replace('/', '\/', $regex_url);
  263.     preg_match_all('/\<a[^>]+(' . $regex_url . ')[^>]+>/im', $buffer, $matches);
  264.  
  265.     for ($i = 0; $i<=sizeof($matches[0]); $i++) {
  266.      $html = $matches[0][$i];
  267.      $url  = $matches[1][$i];
  268.  
  269.      $buffer = str_replace($html, str_replace($url, $this->https_url, $html), $buffer);
  270.     }
  271.    }
  272.  
  273.    return $buffer;
  274.   }
  275.  
  276.   /**
  277.    * Checks if the current page is SSL
  278.    *
  279.    * @param none
  280.    * @return void
  281.    */
  282.   function is_ssl() {
  283.    if ( $this->shared_ssl == 1 && strpos($this->https_url, $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
  284.     return true;
  285.    }
  286.    return is_ssl();
  287.   }
  288.  
  289.   /**
  290.    * Checks if the current page needs to be redirected
  291.    *
  292.    * @param none
  293.    * @return void
  294.    */
  295.   function check_https() {
  296.    global $post;
  297.    if ( is_front_page() && get_option('show_on_front') == 'posts' ) {
  298.     if ( get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) {
  299.      $this->redirect(true);
  300.     } else if ( get_option('wordpress-https_frontpage') != 1 && get_option('wordpress-https_exclusive_https') == 1 && $this->is_ssl() ) {
  301.      $this->redirect(false);
  302.     }
  303.    } else if ( ( is_single() || is_page() || is_front_page() || is_home() ) && $post->ID > 0 ) {
  304.     $forceSSL = get_post_meta($post->ID, 'force_ssl');
  305.     if ( !$this->is_ssl() && $forceSSL ) {
  306.      $this->redirect(true);
  307.     } else if ( get_option('wordpress-https_exclusive_https') == 1 && !$forceSSL ) {
  308.      $this->redirect(false);
  309.     }
  310.    }
  311.   }
  312.  
  313.   /**
  314.    * Used to redirect admin pages to Shared SSL host
  315.    *
  316.    * @param none
  317.    * @return void
  318.    */
  319.   function admin_redirect() {
  320.    // If we're using Shared SSL and the admin panel should be SSL, redirect
  321.    if ( is_admin() && $this->shared_ssl && force_ssl_admin() && !$this->is_ssl() ) {
  322.     $this->redirect(true);
  323.    // If we're on the login page and it should be SSL, redirect
  324.    } else if ( $GLOBALS['pagenow'] == 'wp-login.php' && ( force_ssl_admin() || force_ssl_login() ) && $this->shared_ssl && !$this->is_ssl() ) {
  325.     $this->redirect(true);
  326.    }
  327.   }
  328.  
  329.   /**
  330.    * Redirects page to HTTP or HTTPS accordingly
  331.    *
  332.    * @param boolean $ssl
  333.    * @return void
  334.    */
  335.   function redirect($ssl = true) {
  336.    if ( !$this->is_ssl() && $ssl == true ) {
  337.     $url = parse_url($this->https_url);
  338.     $url['scheme'] = 'https';
  339.    } else if ( $this->is_ssl() && $ssl == false ) {
  340.     $url = parse_url($this->http_url);
  341.     $url['scheme'] = 'http';
  342.    } else {
  343.     $url = false;
  344.    }
  345.    if ($url) {
  346.     $destination = $url['scheme'] . '://' . $url['host'] . (($this->shared_ssl) ? $url['path'] : '') . $_SERVER['REQUEST_URI'];
  347.     wp_redirect($destination, 301);
  348.     exit();
  349.    }
  350.   }
  351.  
  352.   /**
  353.    * Add 'Force SSL' checkbox to add/edit post pages
  354.    *
  355.    * @param none
  356.    * @return void
  357.    */
  358.   function post_checkbox() {
  359.    global $post;
  360.  
  361.    wp_nonce_field(plugin_basename(__FILE__), 'wordpress-https');
  362.  
  363.    $checked = false;
  364.    if ($post->ID) {
  365.     $checked = get_post_meta($post->ID, 'force_ssl', true);
  366.    }
  367.    echo '<div class="misc-pub-section misc-pub-section-last" style="border-top: 1px solid #EEE;"><label>Force SSL: <input type="checkbox" value="1" name="force_ssl" id="force_ssl"'.(($checked) ? ' checked="checked"' : '').' /></label></div>';
  368.   }
  369.  
  370.   /**
  371.    * Save Force SSL option to post or page
  372.    *
  373.    * @param int $post_id
  374.    * @return int $post_id
  375.    */
  376.   function post_save( $post_id ) {
  377.    if ( array_key_exists('wordpress-https', $_POST) ) {
  378.     if ( !wp_verify_nonce($_POST['wordpress-https'], plugin_basename(__FILE__))) {
  379.       return $post_id;
  380.     }
  381.  
  382.     if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) {
  383.      return $post_id;
  384.     }
  385.  
  386.     if ( $_POST['post_type'] == 'page' ) {
  387.      if ( !current_user_can('edit_page', $post_id) ) {
  388.       return $post_id;
  389.      }
  390.     } else {
  391.      if ( !current_user_can('edit_post', $post_id) ) {
  392.       return $post_id;
  393.      }
  394.     }
  395.  
  396.     $forceSSL = (($_POST['force_ssl'] == 1) ? true : false);
  397.     if ($forceSSL) {
  398.      update_post_meta($post_id, 'force_ssl', 1);
  399.     } else {
  400.      delete_post_meta($post_id, 'force_ssl');
  401.     }
  402.  
  403.     return $forceSSL;
  404.    }
  405.    return $post_id;
  406.   }
  407.  
  408.   /**
  409.    * Filters HTTPS urls from bloginfo function
  410.    *
  411.    * @param string $result
  412.    * @param string $show
  413.    * @return string
  414.    */
  415.   function bloginfo($result = '', $show = '') {
  416.    if ($show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'url') {
  417.     $result = $this->replace_https($result);
  418.    }
  419.    return $result;
  420.   }
  421.  
  422.   /**
  423.    * Add admin panel menu option
  424.    *
  425.    * @param none
  426.    * @return void
  427.    */
  428.   function menu() {
  429.    add_options_page('WordPress HTTPS Settings', 'WordPress HTTPS', 'manage_options', 'wordpress-https', array(&$this, 'settings'));
  430.   }
  431.  
  432.   /**
  433.    * Add plugin links to Manage Plugins page in admin panel
  434.    *
  435.    * @param array $links
  436.    * @param string $file
  437.    * @return array
  438.    */
  439.   function plugin_links($links, $file) {
  440.    if ( strpos($file, basename( __FILE__)) === false ) {
  441.     return $links;
  442.    }
  443.  
  444.    $links[] = '<a href="' . site_url() . '/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
  445.    $links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
  446.    $links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
  447.    $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG" title="Support WordPress HTTPS development with a donation!">Donate</a>';
  448.    return $links;
  449.   }
  450.  
  451.   /**
  452.    * Start output buffering
  453.    *
  454.    * @param none
  455.    * @return void
  456.    */
  457.   function buffer_start() {
  458.    if ( get_option('wordpress-https_externalurls') == 1 && get_option('wordpress-https_bypass') != 1 ) {
  459.     @ini_set('allow_url_fopen', 1);
  460.    }
  461.    ob_start(array(&$this, 'process'));
  462.   }
  463.  
  464.   /**
  465.    * End output buffering
  466.    *
  467.    * @param none
  468.    * @return void
  469.    */
  470.   function buffer_end() {
  471.    ob_end_flush();
  472.   }
  473.  
  474.   /**
  475.    * Replace HTTPS with HTTP
  476.    *
  477.    * @param string
  478.    * @return string
  479.    */
  480.   function replace_https($string) {
  481.    return str_replace('https://', 'http://', $string);
  482.   }
  483.  
  484.   /**
  485.    * Replace HTTP with HTTPS
  486.    *
  487.    * @param string
  488.    * @return string
  489.    */
  490.   function replace_http($string) {
  491.    return str_replace('http://', 'https://', $string);
  492.   }
  493.  
  494.   /**
  495.    * Fix secure_auth_cookie
  496.    */
  497.   function secure_auth_cookie() {
  498.    return is_ssl();
  499.   }
  500.  
  501.   /**
  502.    * Fix secure_logged_in_cookie
  503.    */
  504.   function secure_logged_in_cookie() {
  505.    return is_ssl();
  506.   }
  507.  
  508.   /**
  509.    * Set HTTP/HTTPS cookies
  510.    */
  511.   function set_cookie($cookie, $expire, $expiration, $user_id, $scheme) {
  512.    $secure = is_ssl();
  513.    $secure = ( apply_filters('secure_auth_cookie', $secure, $user_id) ? false : true );
  514.  
  515.    $siteurl = get_site_option( 'siteurl' );
  516.    if( $secure )
  517.     $the_siteurl = str_replace('http://', 'https://', $siteurl);
  518.    else
  519.     $the_siteurl = str_replace('https://', 'http://', $siteurl);
  520.    $cookiehash = md5( $the_siteurl );
  521.  
  522.    if($cookiehash == COOKIEHASH)
  523.     return;
  524.  
  525.    if( $scheme == 'logged_in' ) {
  526.     $cookie_name = str_replace(COOKIEHASH, $cookiehash, LOGGED_IN_COOKIE);
  527.    } elseif ( $secure ) {
  528.     $cookie_name = str_replace(COOKIEHASH, $cookiehash, SECURE_AUTH_COOKIE);
  529.     $scheme = 'secure_auth';
  530.    } else {
  531.     $cookie_name = str_replace(COOKIEHASH, $cookiehash, AUTH_COOKIE);
  532.     $scheme = 'auth';
  533.    }
  534.    if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
  535.     if ( $scheme == 'logged_in' ) {
  536.      setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure, true);
  537.      if ( COOKIEPATH != SITECOOKIEPATH )
  538.       setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure, true);
  539.     } else {
  540.      setcookie($cookie_name, $cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
  541.      setcookie($cookie_name, $cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
  542.     }
  543.    } else {
  544.     $cookie_domain = COOKIE_DOMAIN;
  545.     if ( !empty($cookie_domain) )
  546.      $cookie_domain .= '; HttpOnly';
  547.     if ( $scheme == 'logged_in' ) {
  548.      setcookie($cookie_name, $cookie, $expire, COOKIEPATH, $cookie_domain, $secure);
  549.      if ( COOKIEPATH != SITECOOKIEPATH )
  550.       setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, $cookie_domain, $secure);
  551.     } else {
  552.      setcookie($cookie_name, $cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
  553.      setcookie($cookie_name, $cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
  554.     }
  555.    }
  556.   }
  557.  
  558.   /**
  559.    * Clear HTTP/HTTPS cookies
  560.    */
  561.   function clear_cookie() {
  562.    global $user_ID;
  563.    get_currentuserinfo();
  564.    $secure = is_ssl();
  565.    $secure = apply_filters('secure_auth_cookie', $secure, $user_ID);
  566.    $secure = ( $secure ? false : true );
  567.  
  568.    $siteurl = get_site_option( 'siteurl' );
  569.    if( $secure )
  570.     $the_siteurl = str_replace('http://', 'https://', $siteurl);
  571.    else
  572.     $the_siteurl = str_replace('https://', 'http://', $siteurl);
  573.    $cookiehash = md5( $the_siteurl );
  574.  
  575.    if($cookiehash == COOKIEHASH)
  576.     return;
  577.  
  578.    setcookie(str_replace(COOKIEHASH, $cookiehash, AUTH_COOKIE), ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure);
  579.    setcookie(str_replace(COOKIEHASH, $cookiehash, SECURE_AUTH_COOKIE), ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure);
  580.    setcookie(str_replace(COOKIEHASH, $cookiehash, AUTH_COOKIE), ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure);
  581.    setcookie(str_replace(COOKIEHASH, $cookiehash, SECURE_AUTH_COOKIE), ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure);
  582.    setcookie(str_replace(COOKIEHASH, $cookiehash, LOGGED_IN_COOKIE), ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, $secure);
  583.    setcookie(str_replace(COOKIEHASH, $cookiehash, LOGGED_IN_COOKIE), ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
  584.  
  585.    // Old cookies
  586.    setcookie(str_replace(COOKIEHASH, $cookiehash, AUTH_COOKIE), ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, $secure);
  587.    setcookie(str_replace(COOKIEHASH, $cookiehash, AUTH_COOKIE), ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
  588.    setcookie(str_replace(COOKIEHASH, $cookiehash, SECURE_AUTH_COOKIE), ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, $secure);
  589.    setcookie(str_replace(COOKIEHASH, $cookiehash, SECURE_AUTH_COOKIE), ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
  590.   }
  591.  
  592.   /**
  593.    * Settings page in admin panel
  594.    *
  595.    * @param none
  596.    * @return void
  597.    */
  598.   function settings() {
  599.    if ( !current_user_can('manage_options') ) {
  600.     wp_die( __('You do not have sufficient permissions to access this page.') );
  601.    }
  602.  
  603.    if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
  604.     $errors = array();
  605.  
  606.     foreach ($this->options_default as $key => $default) {
  607.      if (!array_key_exists($key, $_POST) && $default == 0) {
  608.       $_POST[$key] = 0;
  609.       update_option($key, $_POST[$key]);
  610.      } else {
  611.       if ( $key == 'wordpress-https_sharedssl' && $_POST['wordpress-https_sharedssl_host'] == '' ) {
  612.        $errors[] = '<strong>Shared SSL Host</strong> - Invalid host.';
  613.        $_POST[$key] = 0;
  614.        update_option($key, $_POST[$key]);
  615.       } else if ( $key == 'wordpress-https_sharedssl_host' && $_POST[$key] != '' ) {
  616.        $url = parse_url($_POST[$key]);
  617.        if ( sizeof($url) > 0 ) {
  618.         $_POST[$key] = 'https://' . $url['host'] . $url['path'];
  619.         if ( substr($_POST[$key], -1, 1) == '/' ) {
  620.          $_POST[$key] = substr($_POST[$key], 0, strlen($_POST[$key])-1);
  621.         }
  622.         update_option($key, $_POST[$key]);
  623.        } else {
  624.         $errors[] = '<strong>Shared SSL Host</strong> - Invalid host.';
  625.         update_option($key, '');
  626.        }
  627.       } else if ( $key == 'wordpress-https_externalurls' && @ini_get('allow_url_fopen') != 1 ) {
  628.        $errors[] = '<strong>External HTTPS Elements</strong> - PHP configuration error: allow_url_fopen must be enabled.';
  629.        $_POST[$key] = 0;
  630.        update_option($key, $_POST[$key]);
  631.       } else if ($key == 'wordpress-https_disable_autohttps' && version_compare(get_bloginfo('version'),'3.0','<')) {
  632.        $_POST[$key] = 0;
  633.        update_option($key, $_POST[$key]);
  634.       } else {
  635.        update_option($key, $_POST[$key]);
  636.       }
  637.      }
  638.     }
  639.  
  640.     if ( @$_POST['ajax'] == 1 ) {
  641.      ob_clean();
  642.      if ( sizeof( $errors ) > 0 ) {
  643.       echo "  <ul id=\"message\">\n";
  644.       foreach ( $errors as $error ) {
  645.        echo "   <li class=\"error\"><p>".$error."</p></li>\n";
  646.       }
  647.       echo "  </ul>\n";
  648.      } else {
  649.       echo "   <div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";
  650.      }
  651.      exit();
  652.     }
  653.    }
  654. ?>
  655.  <div class="wrap">
  656.   <div id="icon-options-general" class="icon32"><br /></div>
  657.   <h2>WordPress HTTPS Settings</h2>
  658.  
  659. <?php
  660.    if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
  661.     if ( sizeof( $errors ) > 0 ) {
  662.      echo "  <ul id=\"message\">\n";
  663.      foreach ( $errors as $error ) {
  664.       echo "   <li class=\"error\"><p>".$error."</p></li>\n";
  665.      }
  666.      echo "  </ul>\n";
  667.     } else {
  668.      echo "   <div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";
  669.     }
  670.    } else {
  671.     echo "  <div id=\"message-wrap\"><div id=\"message-body\"></div></div>\n";
  672.    }
  673. ?>
  674.  
  675.   <div id="wphttps-sidebar">
  676.  
  677.    <div class="wphttps-widget" id="wphttps-support">
  678.     <h3 class="wphttps-widget-title">Support</h3>
  679.     <div class="wphttps-widget-content">
  680.      <p>Have you tried everything and your website is still giving you partially encrypted errors?</p>
  681.      <p>If you haven't already, check out the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" target="_blank">Frequently Asked Questions</a>.</p>
  682.      <p>Still not fixed? Having other problems? Please <a href="http://wordpress.org/tags/wordpress-https#postform" target="_blank">start a support topic</a> and I'll do my best to assist you.</p>
  683.     </div>
  684.    </div>
  685.  
  686.    <div class="wphttps-widget" id="wphttps-donate">
  687.     <h3 class="wphttps-widget-title">Donate</h3>
  688.     <div class="wphttps-widget-content">
  689.      <p>If you found this plugin useful, or I've already helped you with your website, please considering buying me a <a href="http://en.wikipedia.org/wiki/Newcastle_Brown_Ale" target="_blank">beer</a> or two.</p>
  690.      <p>Donations help alleviate the time spent developing and supporting this plugin and are greatly appreciated.</p>
  691.  
  692.      <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
  693.       <input type="hidden" name="cmd" value="_s-xclick">
  694.       <input type="hidden" name="hosted_button_id" value="N9NFVADLVUR7A">
  695.       <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
  696.       <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
  697.      </form>
  698.  
  699.     </div>
  700.    </div>
  701.  
  702.   </div>
  703.  
  704.   <form name="form" id="wordpress-https" action="options-general.php?page=wordpress-https" method="post">
  705.    <?php settings_fields('wordpress-https'); ?>
  706.  
  707.    <fieldset>
  708.     <label for="wordpress-https_internalurls"><input name="wordpress-https_internalurls" type="checkbox" id="wordpress-https_internalurls" value="1"<?php echo ((get_option('wordpress-https_internalurls')) ? ' checked="checked"' : ''); ?> /> <strong>Internal HTTPS Elements</strong></label>
  709.     <p>Force internal elements to HTTPS when viewing a secure page.</p>
  710.     <p class="description">Fixes most partially encrypted errors.</p>
  711.    </fieldset>
  712.  
  713.    <fieldset>
  714.     <label for="wordpress-https_externalurls"><input name="wordpress-https_externalurls" type="checkbox" id="wordpress-https_externalurls" value="1"<?php echo ((get_option('wordpress-https_externalurls')) ? ' checked="checked"' : ''); ?> /> <strong>External HTTPS Elements</strong></label>
  715.     <p>Attempt to automatically force external elements to HTTPS when viewing a secure page. External elements are any element not hosted on your domain.</p>
  716.     <p class="description">Warning: This option checks that the external element can be loaded via HTTPS while the page is loading. Depending on the amount of external elements, this could affect the load times of your pages.</p>
  717.    </fieldset>
  718.  
  719.    <fieldset>
  720.     <label for="wordpress-https_bypass"><input name="wordpress-https_bypass" type="checkbox" id="wordpress-https_bypass" value="1"<?php echo ((get_option('wordpress-https_bypass')) ? ' checked="checked"' : ''); ?> /> <strong>Bypass External Check</strong></label>
  721.     <p>Disable the option to check if an external element can be loaded over HTTPS.</p>
  722.     <p class="description">Warning: Bypassing the HTTPS check for external elements may cause elements to not load at all. Only enable this option if you know that all external elements can be loaded over HTTPS.</p>
  723.    </fieldset>
  724.  
  725. <?php if (version_compare(get_bloginfo('version'),'3.0','>=')) { ?>
  726.    <fieldset>
  727.     <label for="wordpress-https_disable_autohttps"><input name="wordpress-https_disable_autohttps" type="checkbox" id="wordpress-https_disable_autohttps" value="1"<?php echo ((get_option('wordpress-https_disable_autohttps')) ? ' checked="checked"' : ''); ?> /> <strong>Disable Automatic HTTPS</strong></label>
  728.     <p>Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.</p>
  729.     <p class="description">When a page is viewed via HTTPS in WordPress 3.0+, all internal page, category and post links are forced to HTTPS. This option will disable that.</p>
  730.    </fieldset>
  731.  
  732. <?php } ?>
  733.    <fieldset>
  734.     <label for="wordpress-https_exclusive_https"><input name="wordpress-https_exclusive_https" type="checkbox" id="wordpress-https_exclusive_https" value="1"<?php echo ((get_option('wordpress-https_exclusive_https')) ? ' checked="checked"' : ''); ?> /> <strong>Force SSL Exclusively</strong></label>
  735.     <p>Exclusively force SSL on posts and pages with the `Force SSL` option checked. All others are redirected to HTTP.</p>
  736.     <p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (<a href="<?php echo $this->plugin_url; ?>/screenshot-2.png" target="_blank">screenshot</a>). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>
  737.    </fieldset>
  738.  
  739.    <fieldset>
  740.     <label for="wordpress-https_sharedssl"><input name="wordpress-https_sharedssl" type="checkbox" id="wordpress-https_sharedssl" value="1"<?php echo ((get_option('wordpress-https_sharedssl')) ? ' checked="checked"' : ''); ?> /> <strong>Shared SSL</strong></label>
  741.     <p>Enable this option if you are using a Shared SSL certificate and your Shared SSL Host is something other than '<?php echo $this->replace_http($this->http_url); ?>/'.</p>
  742.     <label><strong>Shared SSL Host</strong> <input name="wordpress-https_sharedssl_host" type="text" id="wordpress-https_sharedssl_host" value="<?php echo get_option('wordpress-https_sharedssl_host'); ?>" /></label>
  743.    </fieldset>
  744.  
  745. <?php if (get_option('show_on_front') == 'posts') { ?>
  746.    <fieldset>
  747.     <label for="wordpress-https_frontpage"><input name="wordpress-https_frontpage" type="checkbox" id="wordpress-https_frontpage" value="1"<?php echo ((get_option('wordpress-https_frontpage')) ? ' checked="checked"' : ''); ?> /> <strong>HTTPS Front Page</strong></label>
  748.     <p>It appears you are using your latest posts for your home page. If you would like that page to have SSL enforced, enable this option.</p>
  749.    </fieldset>
  750.  
  751. <?php } ?>
  752.    <p class="button-controls">
  753.     <input type="submit" name="Submit" value="Save Changes" class="button-primary" />
  754.     <img alt="Waiting..." src="<?php echo $this->plugin_url; ?>/css/images/wpspin_light.gif" class="waiting" id="submit-waiting" />
  755.    </p>
  756.   </form>
  757.  
  758.   <br style="clear: both" />
  759.  
  760.  </div>
  761. <?php
  762.   }
  763.  } // End WordPressHTTPS Class
  764. }
  765.  
  766. if ( class_exists('WordPressHTTPS') ) {
  767.  $wordpress_https = new WordPressHTTPS();
  768. }
  769. ?>
clone this paste RAW Paste Data