=' ) ) { $this->plugin_url = plugins_url('', __FILE__); } else { $this->plugin_url = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__FILE__)); } // Assign HTTP URL $this->http_url = 'http://' . parse_url(get_option('home'), PHP_URL_HOST); // Assign HTTPS URL $this->https_url = $this->replace_http($this->http_url); // Shared SSL if (get_option('wordpress-https_sharedssl') == 1 && get_option('wordpress-https_sharedssl_host') != '') { // Turn on Shared SSL $this->shared_ssl = 1; // Assign HTTPS URL to Shared SSL Host $this->https_url = get_option('wordpress-https_sharedssl_host'); // Prevent WordPress from causing a redirect loop remove_filter('template_redirect', 'redirect_canonical'); } // Define default options $this->options_default = array( 'wordpress-https_internalurls' => 1, // Force internal URL's to HTTPS 'wordpress-https_externalurls' => 0, // Force external URL's to HTTPS 'wordpress-https_bypass' => 0, // Bypass option to check if external elements can be loaded via HTTPS 'wordpress-https_disable_autohttps' => 0, // Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page. 'wordpress-https_exclusive_https' => 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked. 'wordpress-https_frontpage' => 0, // Force SSL on front page 'wordpress-https_sharedssl' => 0, // Enable Shared SSL 'wordpress-https_sharedssl_host' => '' // Hostname for Shared SSL ); // Start output buffering add_action('plugins_loaded', array(&$this, 'buffer_start')); // Check for admin/login redirects add_action('plugins_loaded', array(&$this, 'admin_redirect')); // Fix secure_auth_cookie add_filter('secure_auth_cookie', array(&$this, 'secure_auth_cookie')); // Fix secure_logged_in_cookie add_filter('secure_logged_in_cookie', array(&$this, 'secure_logged_in_cookie')); // Set Cookies for HTTP/HTTPS add_action('set_auth_cookie', array(&$this, 'set_cookie'), 10, 5); add_action('set_logged_in_cookie', array(&$this, 'set_cookie'), 10, 5); // Clear Cookies for HTTP/HTTPS add_action('clear_auth_cookie', array(&$this, 'clear_cookie')); if ( is_admin() ) { // Add admin menus add_action('admin_menu', array(&$this, 'menu')); // Load on plugins page if ( $GLOBALS['pagenow'] == 'plugins.php' ) { add_filter( 'plugin_row_meta', array( &$this, 'plugin_links' ), 10, 2); } // Load on Settings page if ( @$_GET['page'] == 'wordpress-https' ) { wp_enqueue_script('jquery-form', $this->plugin_url . '/js/jquery.form.js', array('jquery'), '2.47', true); wp_enqueue_script('wordpress-https', $this->plugin_url . '/js/admin.js', array('jquery'), $this->plugin_version, true); wp_enqueue_style('wordpress-https', $this->plugin_url . '/css/admin.css', $this->plugin_version, true); // Set default options foreach ( $this->options_default as $option => $value ) { if ( get_option($option) === false ) { add_option($option, $value); } } } // Add 'Force SSL' checkbox to add/edit post pages add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox')); add_action('save_post', array(&$this, 'post_save')); } // Check if the page needs to be redirected add_action('template_redirect', array(&$this, 'check_https')); // Filter HTTPS from links in WP 3.0+ if ( ( get_option('wordpress-https_disable_autohttps') == 1 && !is_admin() && strpos('https://', get_option('home')) !== true ) ) { add_filter('page_link', array(&$this, 'replace_https')); add_filter('post_link', array(&$this, 'replace_https')); add_filter('category_link', array(&$this, 'replace_https')); add_filter('get_archives_link', array(&$this, 'replace_https')); add_filter('tag_link', array(&$this, 'replace_https')); add_filter('search_link', array(&$this, 'replace_https')); add_filter('home_url', array(&$this, 'replace_https')); add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2); add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2); // If the whole site is not HTTPS, set links to the front-end to HTTP } else if ( is_admin() && $this->is_ssl() && strpos('https://', get_option('home')) !== true ) { add_filter('page_link', array(&$this, 'replace_https')); add_filter('post_link', array(&$this, 'replace_https')); add_filter('category_link', array(&$this, 'replace_https')); add_filter('get_archives_link', array(&$this, 'replace_https')); add_filter('tag_link', array(&$this, 'replace_https')); add_filter('search_link', array(&$this, 'replace_https')); } // End output buffering //add_action('shutdown', array(&$this, 'buffer_end')); } /** * Process output buffer * * @param string * @return string */ function process($buffer) { if ( $this->is_ssl() ) { preg_match_all('/\<(script|link|img|input|form|embed|param)[^>]+((http|https):\/\/[\/-\w\.#]+)[^>]+>/im', $buffer, $matches); for ($i = 0; $i<=sizeof($matches[0]); $i++) { $html = $matches[0][$i]; $type = $matches[1][$i]; $url = $matches[2][$i]; $scheme = $matches[3][$i]; if ( ( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) || ( $type == 'input' && strpos($html, 'image') !== false ) || ( $type == 'param' && strpos($html, 'movie') !== false ) || $type == 'img' || $type == 'script' || $type == 'embed' ) { if ( strpos($url,$this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) { $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer); } else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html,$this->http_url) !== false ) { $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer); } else if ( get_option('wordpress-https_externalurls') == 1 ) { if ( get_option('wordpress-https_bypass') == 1 ) { $buffer = str_replace($html, $this->replace_http($html), $buffer); } else if (@file_get_contents($this->replace_http($url))) { $buffer = str_replace($html, $this->replace_http($html), $buffer); } } } } // Look for any relative paths that should be udpated to the Shared SSL path if ( $this->shared_ssl == 1 ) { preg_match_all('/\<(script|link|img|input|form|embed|param|a)[^>]+[\'"](\/[\/-\w\.#?=&;]*)[^>]+>/im', $buffer, $matches); for ($i = 0; $i<=sizeof($matches[0]); $i++) { $html = $matches[0][$i]; $type = $matches[1][$i]; $url = $matches[2][$i]; $buffer = str_replace($html, str_replace($url, $this->https_url . $url, $html), $buffer); } } } // Update anchor tags to appropriate URL's preg_match_all('/\]+[\'"]((http|https):\/\/[\/-\w\.#?=&;]+)[^>]+>/im', $buffer, $matches); for ($i = 0; $i<=sizeof($matches[0]); $i++) { $html = $matches[0][$i]; $url = $matches[1][$i]; $scheme = $matches[2][$i]; $url_path = parse_url($url, PHP_URL_PATH); if ($this->shared_ssl) { $url_path = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_path); } else { $url_path = str_replace(parse_url(get_option('home'), PHP_URL_PATH), '', $url_path); } if ($url_path == '/') { $post = get_option('page_on_front'); } else { $post = get_page_by_path($url_path); $post = $post->ID; } if ($post) { $force_ssl = get_post_meta($post, 'force_ssl', true); if ($force_ssl) { $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer); } else if (get_option('wordpress-https_exclusive_https') == 1) { $buffer = str_replace($html, str_replace($this->https_url, $this->http_url, $html), $buffer); } } } // Fix any links that contain the HTTPS version of the regular domain when using Shared SSL if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 ) { $regex_url = preg_quote($this->replace_http($this->http_url)); $regex_url = str_replace('/', '\/', $regex_url); preg_match_all('/\]+(' . $regex_url . ')[^>]+>/im', $buffer, $matches); for ($i = 0; $i<=sizeof($matches[0]); $i++) { $html = $matches[0][$i]; $url = $matches[1][$i]; $buffer = str_replace($html, str_replace($url, $this->https_url, $html), $buffer); } } return $buffer; } /** * Checks if the current page is SSL * * @param none * @return void */ function is_ssl() { if ( $this->shared_ssl == 1 && strpos($this->https_url, $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) { return true; } return is_ssl(); } /** * Checks if the current page needs to be redirected * * @param none * @return void */ function check_https() { global $post; if ( is_front_page() && get_option('show_on_front') == 'posts' ) { if ( get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) { $this->redirect(true); } else if ( get_option('wordpress-https_frontpage') != 1 && get_option('wordpress-https_exclusive_https') == 1 && $this->is_ssl() ) { $this->redirect(false); } } else if ( ( is_single() || is_page() || is_front_page() || is_home() ) && $post->ID > 0 ) { $forceSSL = get_post_meta($post->ID, 'force_ssl'); if ( !$this->is_ssl() && $forceSSL ) { $this->redirect(true); } else if ( get_option('wordpress-https_exclusive_https') == 1 && !$forceSSL ) { $this->redirect(false); } } } /** * Used to redirect admin pages to Shared SSL host * * @param none * @return void */ function admin_redirect() { // If we're using Shared SSL and the admin panel should be SSL, redirect if ( is_admin() && $this->shared_ssl && force_ssl_admin() && !$this->is_ssl() ) { $this->redirect(true); // If we're on the login page and it should be SSL, redirect } else if ( $GLOBALS['pagenow'] == 'wp-login.php' && ( force_ssl_admin() || force_ssl_login() ) && $this->shared_ssl && !$this->is_ssl() ) { $this->redirect(true); } } /** * Redirects page to HTTP or HTTPS accordingly * * @param boolean $ssl * @return void */ function redirect($ssl = true) { if ( !$this->is_ssl() && $ssl == true ) { $url = parse_url($this->https_url); $url['scheme'] = 'https'; } else if ( $this->is_ssl() && $ssl == false ) { $url = parse_url($this->http_url); $url['scheme'] = 'http'; } else { $url = false; } if ($url) { $destination = $url['scheme'] . '://' . $url['host'] . (($this->shared_ssl) ? $url['path'] : '') . $_SERVER['REQUEST_URI']; wp_redirect($destination, 301); exit(); } } /** * Add 'Force SSL' checkbox to add/edit post pages * * @param none * @return void */ function post_checkbox() { global $post; wp_nonce_field(plugin_basename(__FILE__), 'wordpress-https'); $checked = false; if ($post->ID) { $checked = get_post_meta($post->ID, 'force_ssl', true); } echo ''; } /** * Save Force SSL option to post or page * * @param int $post_id * @return int $post_id */ function post_save( $post_id ) { if ( array_key_exists('wordpress-https', $_POST) ) { if ( !wp_verify_nonce($_POST['wordpress-https'], plugin_basename(__FILE__))) { return $post_id; } if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) { return $post_id; } if ( $_POST['post_type'] == 'page' ) { if ( !current_user_can('edit_page', $post_id) ) { return $post_id; } } else { if ( !current_user_can('edit_post', $post_id) ) { return $post_id; } } $forceSSL = (($_POST['force_ssl'] == 1) ? true : false); if ($forceSSL) { update_post_meta($post_id, 'force_ssl', 1); } else { delete_post_meta($post_id, 'force_ssl'); } return $forceSSL; } return $post_id; } /** * Filters HTTPS urls from bloginfo function * * @param string $result * @param string $show * @return string */ function bloginfo($result = '', $show = '') { if ($show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'url') { $result = $this->replace_https($result); } return $result; } /** * Add admin panel menu option * * @param none * @return void */ function menu() { add_options_page('WordPress HTTPS Settings', 'WordPress HTTPS', 'manage_options', 'wordpress-https', array(&$this, 'settings')); } /** * Add plugin links to Manage Plugins page in admin panel * * @param array $links * @param string $file * @return array */ function plugin_links($links, $file) { if ( strpos($file, basename( __FILE__)) === false ) { return $links; } $links[] = 'Settings'; $links[] = 'FAQ'; $links[] = 'Support'; $links[] = 'Donate'; return $links; } /** * Start output buffering * * @param none * @return void */ function buffer_start() { if ( get_option('wordpress-https_externalurls') == 1 && get_option('wordpress-https_bypass') != 1 ) { @ini_set('allow_url_fopen', 1); } ob_start(array(&$this, 'process')); } /** * End output buffering * * @param none * @return void */ function buffer_end() { ob_end_flush(); } /** * Replace HTTPS with HTTP * * @param string * @return string */ function replace_https($string) { return str_replace('https://', 'http://', $string); } /** * Replace HTTP with HTTPS * * @param string * @return string */ function replace_http($string) { return str_replace('http://', 'https://', $string); } /** * Fix secure_auth_cookie */ function secure_auth_cookie() { return is_ssl(); } /** * Fix secure_logged_in_cookie */ function secure_logged_in_cookie() { return is_ssl(); } /** * Set HTTP/HTTPS cookies */ function set_cookie($cookie, $expire, $expiration, $user_id, $scheme) { $secure = is_ssl(); $secure = ( apply_filters('secure_auth_cookie', $secure, $user_id) ? false : true ); $siteurl = get_site_option( 'siteurl' ); if( $secure ) $the_siteurl = str_replace('http://', 'https://', $siteurl); else $the_siteurl = str_replace('https://', 'http://', $siteurl); $cookiehash = md5( $the_siteurl ); if($cookiehash == COOKIEHASH) return; if( $scheme == 'logged_in' ) { $cookie_name = str_replace(COOKIEHASH, $cookiehash, LOGGED_IN_COOKIE); } elseif ( $secure ) { $cookie_name = str_replace(COOKIEHASH, $cookiehash, SECURE_AUTH_COOKIE); $scheme = 'secure_auth'; } else { $cookie_name = str_replace(COOKIEHASH, $cookiehash, AUTH_COOKIE); $scheme = 'auth'; } if ( version_compare(phpversion(), '5.2.0', 'ge') ) { if ( $scheme == 'logged_in' ) { setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure, true); if ( COOKIEPATH != SITECOOKIEPATH ) setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure, true); } else { setcookie($cookie_name, $cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); setcookie($cookie_name, $cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); } } else { $cookie_domain = COOKIE_DOMAIN; if ( !empty($cookie_domain) ) $cookie_domain .= '; HttpOnly'; if ( $scheme == 'logged_in' ) { setcookie($cookie_name, $cookie, $expire, COOKIEPATH, $cookie_domain, $secure); if ( COOKIEPATH != SITECOOKIEPATH ) setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, $cookie_domain, $secure); } else { setcookie($cookie_name, $cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure); setcookie($cookie_name, $cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure); } } } /** * Clear HTTP/HTTPS cookies */ function clear_cookie() { global $user_ID; get_currentuserinfo(); $secure = is_ssl(); $secure = apply_filters('secure_auth_cookie', $secure, $user_ID); $secure = ( $secure ? false : true ); $siteurl = get_site_option( 'siteurl' ); if( $secure ) $the_siteurl = str_replace('http://', 'https://', $siteurl); else $the_siteurl = str_replace('https://', 'http://', $siteurl); $cookiehash = md5( $the_siteurl ); if($cookiehash == COOKIEHASH) return; setcookie(str_replace(COOKIEHASH, $cookiehash, AUTH_COOKIE), ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure); setcookie(str_replace(COOKIEHASH, $cookiehash, SECURE_AUTH_COOKIE), ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure); setcookie(str_replace(COOKIEHASH, $cookiehash, AUTH_COOKIE), ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure); setcookie(str_replace(COOKIEHASH, $cookiehash, SECURE_AUTH_COOKIE), ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure); setcookie(str_replace(COOKIEHASH, $cookiehash, LOGGED_IN_COOKIE), ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, $secure); setcookie(str_replace(COOKIEHASH, $cookiehash, LOGGED_IN_COOKIE), ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, $secure); // Old cookies setcookie(str_replace(COOKIEHASH, $cookiehash, AUTH_COOKIE), ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, $secure); setcookie(str_replace(COOKIEHASH, $cookiehash, AUTH_COOKIE), ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, $secure); setcookie(str_replace(COOKIEHASH, $cookiehash, SECURE_AUTH_COOKIE), ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, $secure); setcookie(str_replace(COOKIEHASH, $cookiehash, SECURE_AUTH_COOKIE), ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, $secure); } /** * Settings page in admin panel * * @param none * @return void */ function settings() { if ( !current_user_can('manage_options') ) { wp_die( __('You do not have sufficient permissions to access this page.') ); } if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) { $errors = array(); foreach ($this->options_default as $key => $default) { if (!array_key_exists($key, $_POST) && $default == 0) { $_POST[$key] = 0; update_option($key, $_POST[$key]); } else { if ( $key == 'wordpress-https_sharedssl' && $_POST['wordpress-https_sharedssl_host'] == '' ) { $errors[] = 'Shared SSL Host - Invalid host.'; $_POST[$key] = 0; update_option($key, $_POST[$key]); } else if ( $key == 'wordpress-https_sharedssl_host' && $_POST[$key] != '' ) { $url = parse_url($_POST[$key]); if ( sizeof($url) > 0 ) { $_POST[$key] = 'https://' . $url['host'] . $url['path']; if ( substr($_POST[$key], -1, 1) == '/' ) { $_POST[$key] = substr($_POST[$key], 0, strlen($_POST[$key])-1); } update_option($key, $_POST[$key]); } else { $errors[] = 'Shared SSL Host - Invalid host.'; update_option($key, ''); } } else if ( $key == 'wordpress-https_externalurls' && @ini_get('allow_url_fopen') != 1 ) { $errors[] = 'External HTTPS Elements - PHP configuration error: allow_url_fopen must be enabled.'; $_POST[$key] = 0; update_option($key, $_POST[$key]); } else if ($key == 'wordpress-https_disable_autohttps' && version_compare(get_bloginfo('version'),'3.0','<')) { $_POST[$key] = 0; update_option($key, $_POST[$key]); } else { update_option($key, $_POST[$key]); } } } if ( @$_POST['ajax'] == 1 ) { ob_clean(); if ( sizeof( $errors ) > 0 ) { echo "
".$error."
Settings saved.
".$error."
Settings saved.