Enable WPML support for Page Security v1.5.4 by Contexture

1. <?php
2.  
3. if(!class_exists('CTXPS_Security')){
4. /**
5.  * Handles security-related actions.
6.  */
7. class CTXPS_Security{
8.     /**
9.      * Top-level method for running security check on content, then displaying
10.      * Access Denied message when appropriate. Overall, this is the core
11.      * validation method for PSC.
12.      *
13.      * @global object $post Gets db information about this post (used to determind post_type)
14.      * @global object $current_user Info for the currently logged in user
15.      * @param string $content
16.      * @return string
17.      */
18.     public static function protect_content(){
19.         global $post,$page,$id,$current_user,$is_IIS;
20.         $secureallowed = true;
21.         $plugin_opts = get_option('contexture_ps_options');
22.  
23.         //SET 401 CODE IF ON AD PAGE (AND NEVER BLOCK)
24.         if(!is_admin() && CTXPS_Queries::check_ad_status()){
25.             if ( !$is_IIS && php_sapi_name() != 'cgi-fcgi' ){
26.                 status_header(401); // This causes problems on IIS and some FastCGI setups
27.             }
28.             return;//Exit the function, no further checks are needed
29.         }
30.  
31.         //CONDITIONS WHERE USER SHOULD BE LET THROUGH
32.         if(current_user_can('edit_others_posts')){
33.             return;//Exit the function, no further checks are needed
34.         }
35.  
36.         //SITE-WIDE PROTECTION
37.         if($plugin_opts['ad_opt_protect_site']==='true'){
38.  
39.             /**Groups that this user is a member of*/
40.             $siteaccess = CTXPS_Queries::get_user_groups($current_user->ID,true);
41.             //User isnt in any groups, no more checking necessary
42.             if(empty($siteaccess)){
43.                 self::deny_access($plugin_opts);
44.             }
45.             //If $siteaccess returned anything, we can safely assume user has "Limited"
46.             //Since "Full" isn't implemented yet, we don't have to make that check or change the way get_user_groups works
47.         }
48.  
49.         //POST/PAGE-SPECIFIC PROTECTION
50.         if(!is_home() && !is_category() && !is_tag() && !is_feed() && !is_tax() && !is_admin() && !is_404() && !is_archive() && !is_search()) {
51.  
52.             //We may want to use a global override, so check first...
53.             if(!isset($useraccess)){
54.                 /**Groups that this user is a member of*/
55.                 $useraccess = CTXPS_Queries::get_user_groups($current_user->ID);
56.             }
57.  
58.             /**PAGE/SECTION CHECK**********************************************/
59.             $pagereqs = self::get_post_protection($post->ID);
60.  
61.             if($pagereqs !== false && is_array($pagereqs)){
62.                 //Determine if user can access this content
63.                 $pageallowed = self::check_access($useraccess,$pagereqs);
64.  
65.                 //NOT ALLOWED TO ACCESS!
66.                 if(!$pageallowed){
67.                     self::deny_access($plugin_opts);
68.                 }
69.             }
70.  
71.  
72.             /**TERM CHECK******************************************************/
73.             //Ensure the term branch is protected before getting the array
74.             $termreqs = false;
75.             //If this term branch is protected...
76.             if(CTXPS_Queries::check_post_term_protection($post->ID)){
77.                 //Branch is protected, get attached groups
78.                 $termreqs = CTXPS_Queries::get_groups_by_post_terms($post->ID);
79.             }
80.  
81.             //wp_die('<pre>'.print_r($termreqs,true).'</pre>');
82.  
83.             if($termreqs !== false && is_array($termreqs)){
84.                 //Determine if user can access this content
85.                 $termallowed = CTXPS_Security::check_access($useraccess,$termreqs);
86.  
87.                 //wp_die('<pre>'.(string)$termallowed.'</pre>');
88.  
89.                 //NOT ALLOWED TO ACCESS!
90.                 if(!$termallowed){
91.                     self::deny_access($plugin_opts);
92.                 }
93.             }
94.  
95.             //If we reach this point, there's no reason to deny access
96.         }
97.     }
98.  
99.  
100.     /**
101.      * Hooks to the loop and removes data for posts that are protected when the security
102.      * doesn't pass muster.
103.      *
104.      * @global object $current_user
105.      * @param array $content
106.      * @return <type>
107.      */
108.     public static function filter_loops($content){
109.         global $current_user;
110.  
111.         //Get plugin options
112.         $dbOpts = get_option('contexture_ps_options');
113.  
114.         if(is_feed() && $dbOpts['ad_msg_usefilter_rss']=='false'){
115.             //If this is a feed and it's filtering is explicitly disabled, do no filtering. Otherwise... filter as normal (below)
116.             return $content;
117.         }else{
118.             //Do this only if user is not an admin, or if this is the blog page, category page, tag page, or feed (and isnt an admin page)
119.             if( !current_user_can('edit_others_posts') && ( is_home() || is_category() || is_tag() || is_tax() || is_feed() || is_author() || is_search() || is_archive() )  && !is_admin()) {
120.                 foreach($content as $post->key => $post->value){
121.  
122.                     /**Groups that this user is a member of*/
123.                     $useraccess = CTXPS_Queries::get_user_groups($current_user->ID);
124.                     /**Groups required to access this post*/
125.                     $pagereqs = self::get_post_protection($post->value->ID);
126.                     /**Term groups required to access this post - default is false (no protection) */
127.                     $termreqs = false;
128.  
129.                     //First, check if the post has any protected terms
130.                     if(CTXPS_Queries::check_post_term_protection($post->value->ID)){
131.                         //If the term-branch is protected, get an array of groups
132.                         $termreqs = CTXPS_Queries::get_groups_by_post_terms($post->value->ID);
133.                     }
134.  
135.                     //If necessary, validate group membership for page
136.                     if($pagereqs !== false && is_array($pagereqs)){
137.                         $secureallowed = self::check_access($useraccess,$pagereqs);
138.                         //NOT ALLOWED TO ACCESS!!
139.                         if(!$secureallowed){
140.                             //If we're NOT allowed to access this page
141.                             unset($content[$post->key]);
142.                         }
143.                     }
144.  
145.                     //If necessary, validate group membership for page's terms
146.                     if($termreqs !== false && is_array($termreqs)){
147.  
148.                         //Determine if user can access this content
149.                         $termallowed = CTXPS_Security::check_access($useraccess,$termreqs);
150.  
151.                         //NOT ALLOWED TO ACCESS!
152.                         if(!$termallowed){
153.                             unset($content[$post->key]);
154.                         }
155.                     }//End if
156.                 }//End foreach
157.             }//End appropriate section check
158.         }
159.  
160.         //Adjust top-level array key numbers to be concurrent (since a gap between numbers can cause wp to freak out)
161.         $content = array_merge($content,array());
162.  
163.         return $content;
164.     }
165.  
166.  
167.     /**
168.      * When the default menu is being used, this checks restrictions for each page
169.      * in the menu and removes it if it's restricted for the current user.
170.      *
171.      * @global object $current_user
172.      * @param array $content
173.      * @return The array of wordpress posts used to build the default menu
174.      */
175.     public static function filter_auto_menus($content){
176.         global $current_user;
177.  
178.         $dbOpts = get_option('contexture_ps_options');//ad_msg_usefilter_menus
179.  
180.         //Do this filtering only if the user isn't an admin (and isn't in admin section)... and provided the user hasn't explicitly set menu filtering to false
181.         if( !current_user_can('edit_others_posts')  && !is_admin() && $dbOpts['ad_msg_usefilter_menus']!='false') {
182.  
183.             //NO MENU!!! If site protect is on, menu filtering is on, and user is anon, remove EVERYTHING
184.             if($dbOpts['ad_opt_protect_site']==='true' &&
185.                (!is_user_logged_in() || $current_user->ID==0)){
186.                 return array();
187.             }
188.  
189.             //Loop through the content array
190.             foreach($content as $post->key => $post->value){
191.  
192.                 //Get groups that this user is a member of
193.                 $useraccess = CTXPS_Queries::get_user_groups($current_user->ID);
194.                 //Get groups required to access this page
195.                 $pagereqs = self::get_post_protection($post->value->ID);
196.  
197.                 //So long as $pagereqs is anything but false
198.                 if(!!$pagereqs){
199.  
200.                     //Determine user access
201.                     $secureallowed = self::check_access($useraccess,$pagereqs);
202.  
203.                     if($secureallowed){
204.                         //If we're allowed to access this page
205.                     }else{
206.                         //If we're NOT allowed to access this page
207.                         unset($content[$post->key]); //Remove content from array
208.                     }
209.                 }
210.  
211.                 //If this is an AD page, strip it too
212.                 if($dbOpts['ad_msg_usepages']==='true'){
213.                     if($post->value->ID==$dbOpts['ad_page_auth_id'] || $post->value->ID==$dbOpts['ad_page_anon_id']){
214.                         unset($content[$post->key]);
215.                     }
216.                 }
217.             }
218.         }
219.  
220.         return $content;
221.     }
222.  
223.  
224.     /**
225.      * When a WP3 custom menu is being used, this checks restrictions for each page
226.      * in the menu and removes it if it's restricted to the current user.
227.      *
228.      * @global object $current_user
229.      * @param array $content
230.      * @return The array of wordpress posts used to build the custom menu.
231.      */
232.     public static function filter_custom_menus($content){
233.         global $current_user;
234.  
235.         $dbOpts = get_option('contexture_ps_options');//ad_msg_usefilter_menus
236.  
237.  
238.         //Do this filtering only if user isn't an admin, in admin section... and provided the user hasn't explicitly set menu filtering to false
239.         if( !current_user_can('edit_others_posts') && !is_admin() && $dbOpts['ad_msg_usefilter_menus']!='false' ) {
240.  
241.             //NO MENU!!! If site protect is on, menu filtering is on, and user is anon, remove EVERYTHING
242.             if($dbOpts['ad_opt_protect_site']==='true' &&
243.                (!is_user_logged_in() || $current_user->ID==0)){
244.                 return array();
245.             }
246.  
247.             //Get options (in case we need to strip access denied pages)
248.             $dbOpts = get_option('contexture_ps_options');
249.  
250.             foreach($content as $post->key => $post->value){
251.  
252.                 //Get groups that this user is a member of
253.                 $useraccess = CTXPS_Queries::get_user_groups($current_user->ID);
254.                 //Get groups required to access this page
255.                 $pagereqs = self::get_post_protection($post->value->object_id);
256.  
257.                 //So long as $pagereqs is anything but false
258.                 if(!!$pagereqs){
259.  
260.                     //Determine user access
261.                     $secureallowed = self::check_access($useraccess,$pagereqs);
262.  
263.                     if($secureallowed){
264.                         //If we're allowed to access this page
265.                     }else{
266.                         //If we're NOT allowed to access this page
267.                         unset($content[$post->key]);
268.                     }
269.                 }
270.                 //If this is an AD page, strip it too
271.                 if($dbOpts['ad_msg_usepages']==='true'){
272.                     if($post->value->object_id==$dbOpts['ad_page_auth_id'] || $post->value->object_id==$dbOpts['ad_page_anon_id']){
273.                         unset($content[$post->key]);
274.                     }
275.                 }
276.             }
277.         }
278.  
279.         return $content;
280.     }
281.  
282.  
283.     /**
284.      * This function takes an array of user groups and an array of page-required groups
285.      * and determines if the user should be allowed to access the specified content.
286.      *
287.      * @param array $UserGroupsArray The array returned by CTXPS_Queries::get_user_groups() (groups the user is a member of)
288.      * @param array $PageSecurityArray The array returned by ctx_ps_get_protection() (an array of pages, each containing an array of groups required)
289.      * @return bool Returns true if user has necessary permissions to access the page, false if not.
290.      */
291.     public static function check_access($UserGroupsArray,$PageSecurityArray){
292.  
293.         //Testing...
294.         //wp_die('<h2>User Groups</h2><pre>'.print_r($UserGroupsArray,true).'</pre><h2>Required Groups (by Page/Content)</h2><pre>'.print_r($PageSecurityArray,true).'</pre>');
295.  
296.         //If our page-security array is empty, automatically return false (no groups have been granted access)
297.         if( empty($PageSecurityArray) )
298.             return false;
299.  
300.         //If our user array is empty, automatically return false (user does not belong to any groups)
301.         if( empty($UserGroupsArray) )
302.             return false;
303.  
304.         //Used to count each page that has at least one group
305.         $loopswithgroups = 0;
306.  
307.         //Loop through each page's permissions, starting with current page and travelling UP the heirarchy...
308.         foreach($PageSecurityArray as $security->page => $security->secarray){
309.  
310.             //Ensure secarray is an array - if not, make it one (needed for some term checks)
311.             if(!is_array($security->secarray))
312.                 $security->secarray = array($security->secarray);
313.  
314.             //If the current page has group settings attached...
315.             if(count($security->secarray) != 0){
316.                 //Increment our group tracking var
317.                 $loopswithgroups += 1;
318.                 //If any of this user's groups do not match any of this page's groups...
319.                 if( count(array_intersect($UserGroupsArray,$security->secarray)) == 0 ){
320.                     //We return false as the user does not have access
321.                     return false;
322.                 }
323.                 //No expiration check necessary here. Expired memberships arent returned from db.
324.             }
325.         }
326.  
327.         //If no pages have groups, then no-one can access the page
328.         if($loopswithgroups === 0){return false;}
329.  
330.         //If we haven't triggered a false return already, return true
331.         return true;
332.  
333.     }
334.  
335.  
336.     /**
337.      * Alias for self::get_{$type}_protection() to maintain backwards compatibility.
338.      *
339.      *
340.      * @param int $content_id The id of the content to check
341.      * @param string $content_type The type of content to check
342.      * @return type
343.      */
344.     public static function get_protection($content_id,$content_type='post'){
345.         switch ($content_type){
346.             case 'post':
347.                 return self::get_post_protection($content_id);
348.                 break;
349.             case 'term':
350.                 return self::get_term_protection($content_id);
351.                 break;
352.             default:
353.                 return false;
354.                 break;
355.         }
356.     }
357.  
358.  
359.     /**
360.      * This function will check the security for the specified page and all parent pages.
361.      * If security exists, a multi-dimensional array will be returned following the format
362.      * array( pageid=>array(groupid=>groupname) ), with the first item being the current
363.      * page and additional items being parents. If no security is present for any ancestor
364.      * then the function will return false.
365.      *
366.      * @global wpdb $wpdb
367.      *
368.      * @param int $post_id The id of the post to get permissions for.
369.      * @return mixed Returns an array with all the required permissions to access this page. If no security is present, returns false.
370.      */
371.     public static function get_post_protection($post_id){
372.  
373.         //If this branch isn't protected, just stop now and save all that processing power
374.         if (!CTXPS_Queries::check_section_protection($post_id)){
375.             return false;
376.         }
377.  
378.         //If we're still going, then it means something above us is protected, so lets get the list of permissions
379.         global $wpdb;
380.         $return = array();
381.         $group_array = array();
382.         /**Gets the parent id of the current page/post*/
383.         $parent_id = get_post($post_id);
384.         $parent_id = (integer)$parent_id->post_parent;
385.  
386.  
387.         /** 1. If I am secure, get my groups ***********************************/
388.  
389.             //Get Group relationship info for this page
390.             $groups = CTXPS_Queries::get_groups_by_object('post',$post_id, true);
391.  
392.             //If 0 results, dont do anything. Otherwise, re-sort into id=>name array
393.             if(!empty($groups)){
394.                 foreach($groups as $group){
395.                     $group_array[$group->group_id] = $group->group_title;
396.                 }unset($group);
397.             } unset($groups);
398.  
399.         //Add an item to the array. 'pageid'=>array('groupid','groupname')
400.         $return[(string)$post_id] = $group_array;
401.         unset($group_array);
402.  
403.  
404.         /** 2. If I have a parent, recurse  ************************************/
405.  
406.             //Using our earlier results, check post_parent. If it's != 0 then recurse this function, adding the return value to $array
407.             if($parent_id != 0){
408.                 //$recursedArray = CTXPS_Security::get_protection($parentid);
409.                 //$array = array_merge($array,$recursedArray);
410.                 $parent_array = self::get_post_protection($parent_id);
411.                 if(!!$parent_array){
412.                   $return += $parent_array;
413.                 }
414.             }
415.  
416.  
417.         //3. Return the completed $array
418.         return $return;
419.     }
420.  
421.  
422.     /**
423.      * This function will check the security for the specified term and all parent terms.
424.      * If security exists, a multi-dimensional array will be returned following the format
425.      * array( term_id=>array(group_id=>group_name) ), with the first item being the current
426.      * term and additional items being parents. If no security is present for any ancestor
427.      * then the function will return false.
428.      *
429.      * @global wpdb $wpdb
430.      *
431.      * @param int $term_id The id of the post to get permissions for.
432.      * @param string $taxonomy The name of the taxonomy that needs to be checked
433.      * @return mixed Returns an array with all the required permissions to access this page. If no security is present, returns false.
434.      */
435.     public static function get_term_protection($term_id,$taxonomy){
436.  
437.         //If this branch isn't protected, just stop now and save all that processing power
438.         if (!CTXPS_Queries::check_term_protection($term_id,$taxonomy)){
439.             return false;
440.         }
441.  
442.         //If we're still going, then it means something above us is protected, so lets get the list of permissions
443.         global $wpdb;
444.         $return = array();
445.         $group_array = array();
446.         /**Gets the parent id of the current page/post*/
447.         $parent_id = get_term($term_id,$taxonomy);
448.         $parent_id = (integer)$parent_id->parent;
449.         /**Gets the ctx_ps_security data for this post (if it exists) - used to determine if this is the topmost secured page*/
450.         //$amisecure = get_post_meta($postid,'ctx_ps_security',true);
451.  
452.         //1. If I am secure, get my groups
453.         //if(!empty($amisecure)){
454.             //Get Group relationship info for this page from wp_ps_security, join wp_posts on postid
455.             $groups = CTXPS_Queries::get_groups_by_object('term',$term_id, true);
456.  
457.             //If 0 results, dont do anything. Otherwise...
458.             if(!empty($groups)){
459.                 foreach($groups as $group){
460.                     $group_array[$group->group_id] = $group->group_title;
461.                 }unset($group);
462.             }
463.         //}
464.         //Add an item to the array. 'pageid'=>array('groupid','groupname')
465.         $return[(string)$term_id] = $group_array;
466.         unset($group_array);
467.         //2. If I have a parent, recurse
468.             //Using our earlier results, check post_parent. If it's != 0 then recurse this function, adding the return value to $array
469.             if($parent_id != 0){
470.                 //$recursedArray = CTXPS_Security::get_protection($parentid);
471.                 //$array = array_merge($array,$recursedArray);
472.                 $parent_array = self::get_term_protection($parent_id);
473.                 if(!!$parent_array){
474.                   $return += $parent_array;
475.                 }
476.             }
477.  
478.         //3. Return the completed $array
479.         return $return;
480.     }
481.  
482.     /**
483.      * Alias for CTXPS_Queries::check_protection. Internally, please use CTXPS_Queries
484.      * instead of this. Alias is provided for developer-friendliness only.
485.      *
486.      * @return bool Whether this page has the "protected page" flag
487.      */
488.     public static function check_protection($post_id){
489.         return CTXPS_Queries::check_protection($post_id);
490.     }
491.  
492.     /**
493.      * When called, will determined which AD message or page to show, then show it
494.      *
495.      * @param array $plugin_opts If db options are provided, we won't have to query this again
496.      */
497.     public static function deny_access($plugin_opts=array()){
498.         global $current_user,$post,$is_IIS;
499.  
500.         if(empty($plugin_opts)){
501.             $plugin_opts = get_option('contexture_ps_options');
502.         }
503.         $blogurl = get_bloginfo('url');
504.  
505.         //HANDLE UNAUTHENTICATED USERS.....
506.         if($current_user->ID == 0 || !is_user_logged_in()){
507.  
508.             //IF FORCE LOGIN....
509.             if($plugin_opts['ad_opt_login_anon']==='true'){
510.                 //TODO: Problem area for some IIS users - not sure if its possible to fix, clearly an IIS bug
511.                 wp_safe_redirect(wp_login_url((empty($_SERVER['HTTPS'])?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']));
512.                 die();
513.             }
514.  
515.             //If site restriction is enabled and user isnt logged in, don't bother linking to the homepage
516.             $homepage_link = '';
517.             if( $plugin_opts['ad_opt_protect_site']!=='true' ){
518.                 $homepage_link = '<a style="display:block;font-size:0.7em;" href="'.$blogurl.'">&lt;&lt; '.__('Go to home page','contexture-page-security').'</a>';
519.             }
520.  
521.             //SHOW AD *PAGE*
522.             if($plugin_opts['ad_msg_usepages']==='true'){ //Have to exempt feed else it interupts feed render
523.  
524.                 //IF USING PAGE...
525.                 if(is_numeric($plugin_opts['ad_page_anon_id'])){
526.  
527.                     //edit : added the following "if" in order to enable WPML support
528.                     $page_id_current_language = $plugin_opts['ad_page_anon_id'];
529.                     if( function_exists( 'icl_object_id' ) ):
530.                         global $sitepress;
531.                         $current_language = $sitepress->get_current_language();
532.                         $page_id_current_language = icl_object_id( $page_id_current_language, 'page', true, $current_language );
533.                     endif;
534.                    
535.                     //IF USING REPLACEMENT...
536.                     if($plugin_opts['ad_opt_page_replace']==='true'){
537.                         $new_content = get_post($page_id_current_language); //edit : orig : $new_content = get_post($plugin_opts['ad_page_anon_id']);
538.                         $post->post_title = $new_content->post_title;
539.                         $post->post_content = $new_content->post_content;
540.                         if ( !$is_IIS && php_sapi_name() != 'cgi-fcgi' ){
541.                             status_header(401); // This causes problems on IIS and some FastCGI setups
542.                         }
543.                         return;
544.                     //ELSE USE REDIRECT...
545.                     }else{
546.                         $redir_anon_link = get_permalink($page_id_current_language); //edit : orig : $redir_anon_link = get_permalink($plugin_opts['ad_page_anon_id']);
547.                         wp_redirect(apply_filters( 'psc_redir_anon_link', $redir_anon_link));
548.                         exit(sprintf(__('Access Denied. Redirecting to %s','contexture-page-security'),$redir_anon_link)); //Regular die to prevent restricted content from slipping out
549.                     }
550.  
551.                 //INVALID PAGE, USE MSG
552.                 }else{
553.                     wp_die(str_replace( '%login_url%', wp_login_url( get_permalink($post->ID) ), $plugin_opts['ad_msg_anon'] ).$homepage_link );
554.                 }
555.  
556.             //SHOW AD *MSG*
557.             }else{
558.                 //If user is anonymous, show this message
559.                 wp_die(str_replace( '%login_url%', wp_login_url( get_permalink($post->ID) ), $plugin_opts['ad_msg_anon'] ).$homepage_link );
560.             }
561.  
562.  
563.         //HANDLE AUTHENTICATED USERS....
564.         }else{
565.  
566.             //SHOW AD *PAGE*
567.             if($plugin_opts['ad_msg_usepages']==='true'){
568.  
569.                 //IF USING PAGE...
570.                 if(is_numeric($plugin_opts['ad_page_auth_id'])){
571.  
572.                     //edit : added the following "if" in order to enable WPML support
573.                     $page_id_current_language = $plugin_opts['ad_page_auth_id'];
574.                     if( function_exists( 'icl_object_id' ) ):
575.                         global $sitepress;
576.                         $current_language = $sitepress->get_current_language();
577.                         $page_id_current_language = icl_object_id( $page_id_current_language, 'page', true, $current_language );
578.                     endif;
579.  
580.                     //IF USING REPLACEMENT...
581.                     if($plugin_opts['ad_opt_page_replace']==='true'){
582.                         $new_content = get_post($page_id_current_language); //edit : orig : $new_content = get_post($plugin_opts['ad_page_auth_id']);
583.                         $post->post_title = $new_content->post_title;
584.                         $post->post_content = $new_content->post_content;
585.                         if ( !$is_IIS && php_sapi_name() != 'cgi-fcgi' ){
586.                             status_header(401); // This causes problems on IIS and some FastCGI setups
587.                         }
588.                         return;
589.  
590.                     //ELSE USE REDIRECT...
591.                     }else{
592.                         $redir_auth_link = get_permalink($page_id_current_language); //edit : orig : $redir_auth_link = get_permalink($plugin_opts['ad_page_auth_id']);
593.                         wp_redirect($redir_auth_link);
594.                         exit(sprintf(__('Access Denied. Redirecting to %s','contexture-page-security'),$redir_auth_link)); //Regular die to prevent restricted content from slipping out
595.                     }
596.  
597.                 //INVALID PAGE, USE MSG
598.                 }else{
599.                     wp_die($plugin_opts['ad_msg_auth'].'<a style="display:block;font-size:0.7em;" href="'.$blogurl.'">&lt;&lt; '.__('Go to home page','contexture-page-security').'</a>');
600.                 }
601.  
602.             //SHOW AD *MSG*
603.             }else{
604.                 //If user is authenticated, show this message
605.                 wp_die($plugin_opts['ad_msg_auth'].'<a style="display:block;font-size:0.7em;" href="'.$blogurl.'">&lt;&lt; '.__('Go to home page','contexture-page-security').'</a>');
606.             }
607.         }
608.         exit(); //Useless
609.     }
610.  
611.     /**
612.      * Used to filter the CSV data that WP uses to show attached tag lists on edit pages. This adds an
613.      * asterisk to the end of the protected terms.
614.      *
615.      * @global int $post_id Defined in get_terms_to_edit();
616.      * @param string $tags_to_edit A CSV with the list of attached tags/terms.
617.      * @param string $taxonomy The name of the taxonomy associated with this term list.
618.      * @return string Returns the same CSV, with an asterisk appended to the end of protected terms.
619.      */
620.     public static function tag_protected_terms($tags_to_edit,$taxonomy='post_tag'){
621.         global $post_id;
622.  
623.         //Assign these so we can test
624.         $edited_tags = $tags_to_edit;
625.  
626.         //Get array of protected terms for this taxonomy
627.         $terms = wp_get_post_terms($post_id,$taxonomy);
628.  
629.         //Loop through array, str_replacing matched terms in CSV with "*$term"
630.         foreach($terms as $t){
631.             if(CTXPS_Queries::check_term_protection($t->term_id, $taxonomy, false)){
632.                 $edited_tags = str_replace($t->name,$t->name.'*',$tags_to_edit);
633.             }
634.         }
635.  
636.         return $edited_tags;
637.     }
638.  
639.     /**
640.      * Adds asterisk to non-heirarchal terms that arent in use.
641.      *
642.      * @param array $tags An array of term objects
643.      * @param array $args Additional arguments
644.      * @return type
645.      */
646.     public static function tag_protected_terms_unused($tags,$args=array()){
647.  
648.         //Check each term, if it's protected, add an asterisk to its visible name
649.         foreach($tags as $term){
650.             if(isset($term->name) && isset($term->term_id) && isset($term->taxonomy)){ //Fixes an error on some screens
651.                 if(CTXPS_Queries::check_term_protection($term->term_id,$term->taxonomy)){
652.                     $term->name .= '*';
653.                 }
654.             }
655.         }
656.         return $tags;
657.     }
658.  
659.     /**
660.      * JS is injected into post.php when action=edit in order to add an asterisk
661.      * to protected terms. This is very, very, very bad form, but there aren't the
662.      * necessary hooks to do this server side (well, there is, but its obviously
663.      * never been used for anything since it's very buggy), so it's either this or
664.      * nothing. In this case, I side with usability over good coding practices.
665.      *
666.      * @param type $term_name
667.      */
668.     public static function tag_protected_terms_heirarchal(){
669.         global $current_screen;
670.  
671.         if( $current_screen->base==='post' && isset($_REQUEST['post']) ){
672.             ?><script type="text/javascript">jQuery(function(){<?php
673.  
674.             //Get taxonomies for this post
675.             $taxonomies = get_post_taxonomies($_REQUEST['post']);
676.  
677.             //For each taxonomy, get a list of term ids used for this post
678.             foreach($taxonomies as $tax){
679.                 //Initialize vars
680.                 $terms = get_terms($tax);
681.                 $termlist = array();
682.  
683.                 //Build an array out of the term ids...
684.                 foreach($terms as $term){
685.                     //...but only if it's protected
686.                     if(CTXPS_Queries::check_term_protection($term->term_id, $tax)){
687.                         $termlist[] = $term->term_id;
688.                     }
689.                 }
690.  
691.                 //Join the array into a CSV
692.                 $termlist = join(',', $termlist);
693.  
694.                 //Generate javascript to add asterisk to protected terms
695.                 if(!empty($termlist)){
696.                     $tarray = "{$tax}_protect";
697.                     ?>
698.                         var <?php echo $tarray ?> = [<?php echo $termlist ?>];
699.                         for(x in <?php echo $tarray ?>){
700.                             jQuery('#<?php echo $tax ?>div input[value="'+<?php echo $tarray ?>[x]+'"]').parent().append('*');
701.                             jQuery('#<?php echo $tax ?>div option[value="'+<?php echo $tarray ?>[x]+'"]').append('*');
702.                         }
703.                     <?php
704.                 }
705.                 //So there's no accidental carryovers
706.                 unset($terms,$termlist);
707.             }
708.  
709.             ?>});</script><?php
710.         }
711.         //Nothing to do
712.         return false;
713.     }
714.  
715. }}
716. ?>