Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Plugin Name: Stealth Login
- Plugin URI: http://www.skullbit.com/
- Description: Create custom URL's for logging in, logging out and registering for your WordPress blog.
- Author: skullbit, devbit
- Version: 1.3
- Author URI: http://www.skullbit.com
- */
- /* CHANGELOG
- 03-04-2009 - v1.3
- * Added compatibility fix with WordPress installations in a directory like www.blog.com/wordpress/
- * Added ability to disable plugin
- * Added ability to attempt to change .htaccess permissions to make writeable
- * Added wp-admin slug option (can't login with it yet though)
- * htaccess Output rules will always show even if htaccess is not writeable
- * added ability to create custom htaccess rules
- 29-03-2008 - v1.2
- * Added Register slug option so you can still allow registrations with the stealth-login. (If registration is not allowed, this option will not be available.)
- * Stealth Key now seperate for each slug so that those registering cannot reuse the key for use on login or logout
- 28-03-2008 - v1.1
- * Added better rewrite rules for a stealthier login system.
- * Removed wp-login.php refresh redirect in favor of using rewrite rules for prevention of direct access to the file.
- * Added Stealth Key for added security - key is random and changes on every settings update.
- */
- include_once(ABSPATH.'wp-admin/admin-functions.php');
- if( !class_exists( 'StealthLoginPlugin' ) ){
- class StealthLoginPlugin{
- function StealthLoginPlugin(){ //Constructor
- add_action( 'admin_menu', array($this,'AddPanel') );
- if( $_POST['action'] == 'stealth_login_update' )
- add_action( 'init', array($this,'SaveSettings') );
- add_filter( 'mod_rewrite_rules', array($this, 'AddRewriteRules'), 999 );
- register_activation_hook( __FILE__, array($this, "DefaultSettings") );
- register_deactivation_hook( __FILE__, array($this, "UnsetSettings") );
- }
- function AddPanel(){
- add_options_page( 'Stealth Login', 'Stealth Login', 10, __FILE__, array($this, 'StealthSettings') );
- }
- function DefaultSettings () {
- if( !get_option("stealth_enable") )
- add_option("stealth_enable","0");
- if( !get_option("stealth_login_slug") )
- add_option("stealth_login_slug","login");
- if( !get_option("stealth_admin_slug") )
- add_option("stealth_admin_slug","admin");
- if( !get_option("stealth_login_redirect") )
- add_option("stealth_login_redirect", get_option('siteurl').'/wp-admin/');
- if( !get_option("stealth_logout_slug") )
- add_option("stealth_logout_slug", "logout");
- if( !get_option("stealth_login_custom") )
- add_option("stealth_login_custom", "");
- if( !get_option("stealth_register_slug") )
- add_option("stealth_register_slug","register");
- if( !get_option("stealth_mode") )
- add_option("stealth_mode", "0");
- if( get_option("stealth_key") )
- delete_option("stealth_key");
- save_mod_rewrite_rules();
- }
- function UnsetSettings () {
- delete_option("stealth_enable");
- delete_option("stealth_login_slug");
- delete_option("stealth_login_redirect");
- delete_option("stealth_logout_slug");
- delete_option("stealth_admin_slug");
- delete_option("stealth_login_custom");
- delete_option("stealth_register_slug");
- delete_option("stealth_mode");
- delete_option("stealth_htaccess");
- delete_option("stealth_custom_rules");
- save_mod_rewrite_rules();
- delete_option("stealth_htaccess");
- }
- function SaveSettings(){
- check_admin_referer('stealth-login-update-options');
- update_option("stealth_enable", $_POST['stealth_enable']);
- update_option("stealth_login_slug", $_POST['stealth_login_slug']);
- update_option("stealth_login_redirect", $_POST['stealth_login_redirect']);
- update_option("stealth_logout_slug", $_POST['stealth_logout_slug']);
- update_option("stealth_admin_slug", $_POST['stealth_admin_slug']);
- update_option("stealth_login_custom", $_POST['stealth_login_custom']);
- update_option("stealth_register_slug", $_POST['stealth_register_slug']);
- update_option("stealth_custom_rules", $_POST['stealth_custom_rules']);
- update_option("stealth_mode", $_POST['stealth_mode']);
- $htaccess = trailingslashit(ABSPATH).'.htaccess';
- $this->CreateRewriteRules();
- if( $_POST['stealth_enable'] == 0 ):
- save_mod_rewrite_rules();
- $_POST['notice'] = __('Settings saved. Plugin is disabled.','stealthlogin');
- elseif( save_mod_rewrite_rules() ):
- $_POST['notice'] = __('Settings saved and .htaccess file updated.','stealthlogin');
- elseif( chmod($htaccess,0644) ):
- if( save_mod_rewrite_rules() ){
- $_POST['notice'] = __('Settings saved and .htaccess file now writeable and updated.','stealthlogin');
- }else{
- $_POST['notice'] = __('Settings saved but .htaccess file could not be updated.'.$htaccess,'stealthlogin');
- }
- else :
- $_POST['notice'] = __('Settings saved but .htaccess file is not writeable.'.$htaccess,'stealthlogin');
- endif;
- }
- function StealthSettings(){
- if( $_POST['notice'] )
- echo '<div id="message" class="updated fade"><p><strong>' . $_POST['notice'] . '</strong></p></div>';
- ?>
- <div class="wrap">
- <h2><?php _e('Stealth Login Settings', 'stealthlogin')?></h2>
- <form method="post" action="">
- <?php if( function_exists( 'wp_nonce_field' )) wp_nonce_field( 'stealth-login-update-options'); ?>
- <table class="form-table">
- <tbody>
- <tr valign="top">
- <th scope="row"><label for="enable"><?php _e('Enable Plugin', 'stealthlogin');?></label></th>
- <td><label><input name="stealth_enable" id="enable" value="1" <?php if(get_option('stealth_enable') == 1) echo 'checked="checked"';?> type="radio" /> On</label> <label><input name="stealth_enable" value="0" <?php if(get_option('stealth_enable') == 0) echo 'checked="checked"';?> type="radio" /> Off</label></td>
- </tr>
- <tr valign="top">
- <th scope="row"><label for="login_slug"><?php _e('Login Slug', 'stealthlogin');?></label></th>
- <td><input name="stealth_login_slug" id="login_slug" value="<?php echo get_option('stealth_login_slug');?>" type="text"><br />
- <strong style="color:#777;font-size:12px;">Login URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_login_slug');?></span></span></td>
- </tr>
- <tr valign="top">
- <th scope="row"><label for="login_redirect"><?php _e('Login Redirect', 'stealthlogin');?></label></th>
- <td><select name="stealth_login_redirect" id="login_redirect">
- <option value="<?php echo get_option('siteurl');?>/wp-admin/" <?php if(get_option('stealth_login_redirect') == get_option('siteurl').'/wp-admin/'){echo 'selected="selected"';} ?>">WordPress Admin</option>
- <option value="<?php echo get_option('siteurl');?>/wp-login.php?redirect_to=<?php echo get_option('siteurl');?>" <?php if(get_option('stealth_login_redirect') == get_option('siteurl').'/wp-login.php?redirect_to='.get_option('siteurl')){echo 'selected="selected"';} ?>">WordPress Address</option>
- <option value="<?php echo get_option('siteurl');?>/wp-login.php?redirect_to=<?php echo get_option('home');?>" <?php if(get_option('stealth_login_redirect') == get_option('siteurl').'/wp-login.php?redirect_to='.get_option('home')){echo 'selected="selected"';} ?>">Blog Address </option>
- <option value="Custom" <?php if(get_option('stealth_login_redirect') == "Custom"){echo 'selected="selected"';} ?>">Custom URL (Enter Below)</option>
- </select><br />
- <input type="text" name="login_custom" size="40" value="<?php echo get_option('stealth_login_custom');?>" /><br />
- <strong style="color:#777;font-size:12px;">Redirect URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php if( get_option('stealth_login_redirect') != 'Custom' ) { echo get_option('stealth_login_redirect'); } else { echo get_option('stealth_login_custom'); } ?></span></td>
- </tr>
- <tr valign="top">
- <th scope="row"><label for="logout_slug"><?php _e('Logout Slug', 'stealthlogin');?></label></th>
- <td><input type="text" name="stealth_logout_slug" id="logout_slug" value="<?php echo get_option('stealth_logout_slug');?>" /><br />
- <strong style="color:#777;font-size:12px;">Logout URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_logout_slug');?></span></span></td>
- </tr>
- <?php if( get_option('users_can_register') ){ ?>
- <tr valign="top">
- <th scope="row"><label for="register_slug"><?php _e('Register Slug', 'stealthlogin');?></label></th>
- <td><input type="text" name="stealth_register_slug" id="register_slug" value="<?php echo get_option('stealth_register_slug');?>" /><br />
- <strong style="color:#777;font-size:12px;">Register URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_register_slug');?></span></span></td>
- </tr>
- <?php } ?>
- <tr valign="top">
- <th scope="row"><label for="admin_slug"><?php _e('Admin Slug', 'stealthlogin');?></label></th>
- <td><input name="stealth_admin_slug" id="admin_slug" value="<?php echo get_option('stealth_admin_slug');?>" type="text"><br />
- <strong style="color:#777;font-size:12px;">Admin URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_admin_slug');?></span></span></td>
- </tr>
- <tr valign="top">
- <th scope="row"><label for="custom_rules"><?php _e('Custom Rules', 'stealthlogin');?></label></th>
- <td><textarea name="stealth_custom_rules" id="custom_rules" rows="5" cols="50"><?php echo get_option('stealth_custom_rules');?></textarea><br /><span style="font-size:0.9em;color:#999999;">Add at your own risk, will appear just above # END STEALTH-LOGIN</span></td>
- </tr>
- <tr valign="top">
- <th scope="row"><?php _e('Stealth Mode', 'stealthlogin'); ?></th>
- <td><label><input type="radio" name="stealth_mode" value="1" <?php if(get_option('stealth_mode') ) echo 'checked="checked" ';?> /> Enable</label><br />
- <label><input type="radio" name="stealth_mode" value="0" <?php if(!get_option('stealth_mode') ) echo 'checked="checked" ';?>/> Disable</label><br />
- <small><?php _e('Prevent users from being able to access wp-login.php directly','stealthlogin');?></small></td>
- </tr>
- <tr valign="top">
- <th scope="row"><?php _e('.htaccess Output', 'stealthlogin');?></th>
- <td><pre><?php echo get_option('stealth_htaccess');?></pre></td>
- </tr>
- </tbody>
- </table>
- <p class="submit"><input name="Submit" value="<?php _e('Save Changes','stealthlogin');?>" type="submit" />
- <input name="action" value="stealth_login_update" type="hidden" />
- </form>
- </div>
- <?php
- }
- function CreateRewriteRules(){
- $logout_uri = str_replace(trailingslashit(get_option('siteurl')), '', wp_logout_url());
- $siteurl = explode('/',trailingslashit(get_option('siteurl')));
- unset($siteurl[0]); unset($siteurl[1]); unset($siteurl[2]);
- $dir = implode('/',$siteurl);
- if(get_option('stealth_login_slug')){
- if(get_option('stealth_login_redirect') != "Custom"){
- $login_url = get_option('stealth_login_redirect');
- }else{
- $login_url = get_option('stealth_login_custom');
- }
- $login_slug = get_option('stealth_login_slug');
- $logout_slug = get_option('stealth_logout_slug');
- $admin_slug = get_option('stealth_admin_slug');
- $login_key = $this->Key();
- $logout_key = $this->Key();
- $register_key = $this->Key();
- $admin_key = $this->Key();
- if( get_option('users_can_register') ){
- $register_slug = get_option( 'stealth_register_slug' );
- $reg_rule_stealth = "RewriteRule ^" . $register_slug . " ".$dir."wp-login.php?stealth_reg_key=" . $register_key . "&action=register [R,L]\n" ;//Redirect Register slug to registration page with stealth_key
- $reg_rule = "RewriteRule ^" . $register_slug . " ".$dir."wp-login.php?action=register [L]\n" ;//Redirect Register slug to registration page
- }
- if( get_option( 'stealth_mode' ) ){
- $insert = "# STEALTH-LOGIN \n" .
- "RewriteRule ^" . $logout_slug . " ".$dir.$logout_uri."&stealth_out_key=" . $logout_key . " [L]\n" . //Redirect Logout slug to logout with stealth_key
- "RewriteRule ^" . $login_slug . " ".$dir."wp-login.php?stealth_in_key=" . $login_key . "&redirect_to=" . $login_url . " [R,L]\n" . //Redirect Login slug to show wp-login.php with stealth_key
- "RewriteRule ^" . $admin_slug . " ".$dir."wp-admin/?stealth_admin_key=" . $admin_key . " [R,L]\n" . //Redirect Admin slug to show Dashboard with stealth_key
- $reg_rule_stealth .
- "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/wp-admin \n" . //if did not come from WP Admin
- "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/wp-login\.php \n" . //if did not come from wp-login.php
- "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/" . $login_slug . " \n" . //if did not come from Login slug
- "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/" . $admin_slug . " \n" . //if did not come from Admin slug
- "RewriteCond %{QUERY_STRING} !^stealth_in_key=" . $login_key . " \n" . //if no stealth_key query
- "RewriteCond %{QUERY_STRING} !^stealth_out_key=" . $logout_key . " \n" . //if no stealth_key query
- "RewriteCond %{QUERY_STRING} !^stealth_reg_key=" . $register_key . " \n" . //if no stealth_key query
- "RewriteCond %{QUERY_STRING} !^stealth_admin_key=" . $admin_key . " \n" . //if no stealth_key query
- "RewriteRule ^wp-login\.php " . get_option('siteurl') . " [L]\n" . //Send to home page
- "RewriteCond %{QUERY_STRING} ^loggedout=true \n" . // if logout confirm query is true
- "RewriteRule ^wp-login\.php " . get_option('siteurl') . " [L]\n" . //Send to home page
- get_option('stealth_custom_rules')." \n".
- "# END STEALTH-LOGIN\n";
- }else{
- $insert = "# STEALTH-LOGIN\n" .
- "RewriteRule ^" . $logout_slug . " ".$dir.$logout_uri." [L]\n" . //Redirect Logout slug to logout
- "RewriteRule ^" . $admin_slug . " ".$dir."wp-admin/ [R,L]\n" . //Redirect Admin slug to show Dashboard with stealth_key
- "RewriteRule ^" . $login_slug . " ".$dir."wp-login.php?&redirect_to=" . $login_url . " [R,L]\n" . //Redirect Login slug to show wp-login.php
- $reg_rule .
- get_option('stealth_custom_rules')." \n".
- "# END STEALTH-LOGIN\n" ;
- }
- }
- $sample = str_replace('<', '<', $insert);
- $sample = str_replace('>', '>', $sample);
- update_option('stealth_htaccess', $sample);
- return $insert;
- }
- function AddRewriteRules($rewrite){
- global $wp_version;
- if( get_option('stealth_enable') == 1 ):
- $insert = $this->CreateRewriteRules();
- $lines = explode('RewriteCond %{REQUEST_FILENAME} !-f', $rewrite);
- $fn = "RewriteCond %{REQUEST_FILENAME} !-f";
- $rewrite = $lines[0] . $insert . $fn . $lines[1];
- endif;
- return $rewrite;
- }
- function Key() {
- $chars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
- srand((double)microtime()*1000000);
- $i = 0;
- $pass = '' ;
- while ($i <= 25) {
- $num = rand() % 33;
- $tmp = substr($chars, $num, 1);
- $pass = $pass . $tmp;
- $i++;
- }
- return $pass;
- }
- }
- } // END Class StealthLoginPlugin
- if( class_exists( 'StealthLoginPlugin' ) ){
- $stealthlogin = new StealthLoginPlugin();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement