Guest User

Stealth Login Plugin for WordPress

a guest
Jul 15th, 2012
427
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. Plugin Name: Stealth Login
  4. Plugin URI: http://www.skullbit.com/
  5. Description: Create custom URL's for logging in, logging out and registering for your WordPress blog.
  6. Author: skullbit, devbit
  7. Version: 1.3
  8. Author URI: http://www.skullbit.com
  9. */
  10.  
  11. /* CHANGELOG
  12. 03-04-2009 - v1.3
  13.     * Added compatibility fix with WordPress installations in a directory like www.blog.com/wordpress/
  14.     * Added ability to disable plugin
  15.     * Added ability to attempt to change .htaccess permissions to make writeable
  16.     * Added wp-admin slug option (can't login with it yet though)
  17.     * htaccess Output rules will always show even if htaccess is not writeable
  18.     * added ability to create custom htaccess rules
  19.  
  20. 29-03-2008 - v1.2
  21.     * Added Register slug option so you can still allow registrations with the stealth-login. (If registration is not allowed, this option will not be available.)
  22.     * Stealth Key now seperate for each slug so that those registering cannot reuse the key for use on login or logout
  23.  
  24. 28-03-2008 - v1.1
  25.     * Added better rewrite rules for a stealthier login system.
  26.     * Removed wp-login.php refresh redirect in favor of using rewrite rules for prevention of direct access to the file.
  27.     * Added Stealth Key for added security - key is random and changes on every settings update.
  28. */
  29. include_once(ABSPATH.'wp-admin/admin-functions.php');
  30.  
  31. if( !class_exists( 'StealthLoginPlugin' ) ){
  32.     class StealthLoginPlugin{
  33.         function StealthLoginPlugin(){ //Constructor           
  34.             add_action( 'admin_menu', array($this,'AddPanel') );
  35.             if( $_POST['action'] == 'stealth_login_update' )
  36.                 add_action( 'init', array($this,'SaveSettings') );
  37.                
  38.             add_filter( 'mod_rewrite_rules', array($this, 'AddRewriteRules'), 999 );
  39.            
  40.             register_activation_hook( __FILE__, array($this, "DefaultSettings") );
  41.             register_deactivation_hook( __FILE__, array($this, "UnsetSettings") );
  42.            
  43.         }
  44.         function AddPanel(){
  45.             add_options_page( 'Stealth Login', 'Stealth Login', 10, __FILE__, array($this, 'StealthSettings') );
  46.         }
  47.         function DefaultSettings () {
  48.              if( !get_option("stealth_enable") )
  49.                 add_option("stealth_enable","0");
  50.                
  51.              if( !get_option("stealth_login_slug") )
  52.                 add_option("stealth_login_slug","login");
  53.            
  54.             if( !get_option("stealth_admin_slug") )
  55.                 add_option("stealth_admin_slug","admin");
  56.                
  57.              if( !get_option("stealth_login_redirect") )
  58.                 add_option("stealth_login_redirect", get_option('siteurl').'/wp-admin/');
  59.                
  60.              if( !get_option("stealth_logout_slug") )
  61.                 add_option("stealth_logout_slug", "logout");
  62.                
  63.              if( !get_option("stealth_login_custom") )
  64.                 add_option("stealth_login_custom", "");
  65.              
  66.              if( !get_option("stealth_register_slug") )
  67.                 add_option("stealth_register_slug","register");
  68.            
  69.              if( !get_option("stealth_mode") )
  70.                 add_option("stealth_mode", "0");
  71.            
  72.              if( get_option("stealth_key") )
  73.                 delete_option("stealth_key");
  74.                
  75.             save_mod_rewrite_rules();
  76.         }
  77.         function UnsetSettings () {
  78.               delete_option("stealth_enable");
  79.               delete_option("stealth_login_slug");
  80.               delete_option("stealth_login_redirect");
  81.               delete_option("stealth_logout_slug");
  82.               delete_option("stealth_admin_slug");
  83.               delete_option("stealth_login_custom");
  84.               delete_option("stealth_register_slug");
  85.               delete_option("stealth_mode");
  86.               delete_option("stealth_htaccess");
  87.               delete_option("stealth_custom_rules");
  88.               save_mod_rewrite_rules();
  89.               delete_option("stealth_htaccess");
  90.         }
  91.         function SaveSettings(){           
  92.             check_admin_referer('stealth-login-update-options');
  93.             update_option("stealth_enable", $_POST['stealth_enable']);
  94.             update_option("stealth_login_slug", $_POST['stealth_login_slug']);
  95.             update_option("stealth_login_redirect", $_POST['stealth_login_redirect']);
  96.             update_option("stealth_logout_slug", $_POST['stealth_logout_slug']);
  97.             update_option("stealth_admin_slug", $_POST['stealth_admin_slug']);
  98.             update_option("stealth_login_custom", $_POST['stealth_login_custom']);
  99.             update_option("stealth_register_slug", $_POST['stealth_register_slug']);
  100.             update_option("stealth_custom_rules", $_POST['stealth_custom_rules']);
  101.             update_option("stealth_mode", $_POST['stealth_mode']);
  102.             $htaccess = trailingslashit(ABSPATH).'.htaccess';
  103.             $this->CreateRewriteRules();
  104.             if( $_POST['stealth_enable'] == 0 ):
  105.                 save_mod_rewrite_rules();
  106.                 $_POST['notice'] = __('Settings saved. Plugin is disabled.','stealthlogin');
  107.             elseif( save_mod_rewrite_rules() ):
  108.                 $_POST['notice'] = __('Settings saved and .htaccess file updated.','stealthlogin');
  109.             elseif( chmod($htaccess,0644) ):
  110.                 if( save_mod_rewrite_rules() ){
  111.                     $_POST['notice'] = __('Settings saved and .htaccess file now writeable and updated.','stealthlogin');
  112.                 }else{
  113.                     $_POST['notice'] = __('Settings saved but .htaccess file could not be updated.'.$htaccess,'stealthlogin');
  114.                 }
  115.             else :
  116.                 $_POST['notice'] = __('Settings saved but .htaccess file is not writeable.'.$htaccess,'stealthlogin');
  117.             endif;
  118.                
  119.         }  
  120.        
  121.         function StealthSettings(){
  122.            
  123.             if( $_POST['notice'] )
  124.                 echo '<div id="message" class="updated fade"><p><strong>' . $_POST['notice'] . '</strong></p></div>';
  125.             ?>
  126.             <div class="wrap">
  127.                 <h2><?php _e('Stealth Login Settings', 'stealthlogin')?></h2>
  128.                 <form method="post" action="">
  129.                     <?php if( function_exists( 'wp_nonce_field' )) wp_nonce_field( 'stealth-login-update-options'); ?>
  130.                     <table class="form-table">
  131.                         <tbody>
  132.                             <tr valign="top">
  133.                                  <th scope="row"><label for="enable"><?php _e('Enable Plugin', 'stealthlogin');?></label></th>
  134.                                 <td><label><input name="stealth_enable" id="enable" value="1" <?php if(get_option('stealth_enable') == 1) echo 'checked="checked"';?> type="radio" /> On</label> &nbsp;&nbsp;<label><input name="stealth_enable" value="0" <?php if(get_option('stealth_enable') == 0) echo 'checked="checked"';?> type="radio" /> Off</label></td>
  135.                             </tr>
  136.                             <tr valign="top">
  137.                                  <th scope="row"><label for="login_slug"><?php _e('Login Slug', 'stealthlogin');?></label></th>
  138.                                 <td><input name="stealth_login_slug" id="login_slug" value="<?php echo get_option('stealth_login_slug');?>" type="text"><br />
  139.                                 <strong style="color:#777;font-size:12px;">Login URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_login_slug');?></span></span></td>
  140.                             </tr>
  141.                             <tr valign="top">
  142.                                 <th scope="row"><label for="login_redirect"><?php _e('Login Redirect', 'stealthlogin');?></label></th>
  143.                                 <td><select name="stealth_login_redirect" id="login_redirect">
  144.                                         <option value="<?php echo get_option('siteurl');?>/wp-admin/" <?php if(get_option('stealth_login_redirect') == get_option('siteurl').'/wp-admin/'){echo 'selected="selected"';} ?>">WordPress Admin</option>
  145.                                         <option value="<?php echo get_option('siteurl');?>/wp-login.php?redirect_to=<?php echo get_option('siteurl');?>" <?php if(get_option('stealth_login_redirect') == get_option('siteurl').'/wp-login.php?redirect_to='.get_option('siteurl')){echo 'selected="selected"';} ?>">WordPress Address</option>
  146.                                         <option value="<?php echo get_option('siteurl');?>/wp-login.php?redirect_to=<?php echo get_option('home');?>" <?php if(get_option('stealth_login_redirect') == get_option('siteurl').'/wp-login.php?redirect_to='.get_option('home')){echo 'selected="selected"';} ?>">Blog Address </option>
  147.                                         <option value="Custom" <?php if(get_option('stealth_login_redirect') == "Custom"){echo 'selected="selected"';} ?>">Custom URL (Enter Below)</option>
  148.                                     </select><br />
  149.                                 <input type="text" name="login_custom" size="40" value="<?php echo get_option('stealth_login_custom');?>" /><br />
  150.                                 <strong style="color:#777;font-size:12px;">Redirect URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php if( get_option('stealth_login_redirect') != 'Custom' ) { echo get_option('stealth_login_redirect'); } else { echo get_option('stealth_login_custom'); } ?></span></td>
  151.                             </tr>
  152.                             <tr valign="top">
  153.                                 <th scope="row"><label for="logout_slug"><?php _e('Logout Slug', 'stealthlogin');?></label></th>
  154.                                 <td><input type="text" name="stealth_logout_slug" id="logout_slug" value="<?php echo get_option('stealth_logout_slug');?>" /><br />
  155.                                 <strong style="color:#777;font-size:12px;">Logout URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_logout_slug');?></span></span></td>
  156.                             </tr>
  157.                          <?php if( get_option('users_can_register') ){ ?>
  158.                             <tr valign="top">
  159.                                 <th scope="row"><label for="register_slug"><?php _e('Register Slug', 'stealthlogin');?></label></th>
  160.                                 <td><input type="text" name="stealth_register_slug" id="register_slug" value="<?php echo get_option('stealth_register_slug');?>" /><br />
  161.                                 <strong style="color:#777;font-size:12px;">Register URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_register_slug');?></span></span></td>
  162.                             </tr>
  163.                           <?php } ?>
  164.                           <tr valign="top">
  165.                                  <th scope="row"><label for="admin_slug"><?php _e('Admin Slug', 'stealthlogin');?></label></th>
  166.                                 <td><input name="stealth_admin_slug" id="admin_slug" value="<?php echo get_option('stealth_admin_slug');?>" type="text"><br />
  167.                                 <strong style="color:#777;font-size:12px;">Admin URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_admin_slug');?></span></span></td>
  168.                             </tr>
  169.                           <tr valign="top">
  170.                                 <th scope="row"><label for="custom_rules"><?php _e('Custom Rules', 'stealthlogin');?></label></th>
  171.                                 <td><textarea name="stealth_custom_rules" id="custom_rules" rows="5" cols="50"><?php echo get_option('stealth_custom_rules');?></textarea><br /><span style="font-size:0.9em;color:#999999;">Add at your own risk, will appear just above # END STEALTH-LOGIN</span></td>
  172.                             </tr>
  173.                             <tr valign="top">
  174.                                 <th scope="row"><?php _e('Stealth Mode', 'stealthlogin'); ?></th>
  175.                                 <td><label><input type="radio" name="stealth_mode" value="1" <?php if(get_option('stealth_mode') ) echo 'checked="checked" ';?> /> Enable</label><br />
  176.                                     <label><input type="radio" name="stealth_mode" value="0" <?php if(!get_option('stealth_mode') ) echo 'checked="checked" ';?>/> Disable</label><br />
  177.                                     <small><?php _e('Prevent users from being able to access wp-login.php directly','stealthlogin');?></small></td>
  178.                             </tr>
  179.                             <tr valign="top">
  180.                             <th scope="row"><?php _e('.htaccess Output', 'stealthlogin');?></th>
  181.                             <td><pre><?php echo get_option('stealth_htaccess');?></pre></td>
  182.                             </tr>
  183.                         </tbody>
  184.                     </table>
  185.                     <p class="submit"><input name="Submit" value="<?php _e('Save Changes','stealthlogin');?>" type="submit" />
  186.                     <input name="action" value="stealth_login_update" type="hidden" />
  187.                 </form>
  188.              
  189.             </div>
  190.            <?php
  191.         }
  192.        
  193.         function CreateRewriteRules(){
  194.             $logout_uri = str_replace(trailingslashit(get_option('siteurl')), '', wp_logout_url());
  195.             $siteurl = explode('/',trailingslashit(get_option('siteurl')));
  196.             unset($siteurl[0]); unset($siteurl[1]); unset($siteurl[2]);
  197.             $dir = implode('/',$siteurl);
  198.            
  199.             if(get_option('stealth_login_slug')){
  200.            
  201.                 if(get_option('stealth_login_redirect') != "Custom"){
  202.                     $login_url = get_option('stealth_login_redirect');
  203.                 }else{
  204.                     $login_url = get_option('stealth_login_custom');
  205.                 }
  206.                 $login_slug = get_option('stealth_login_slug');
  207.                 $logout_slug = get_option('stealth_logout_slug');
  208.                 $admin_slug = get_option('stealth_admin_slug');
  209.                
  210.                 $login_key = $this->Key();
  211.                 $logout_key = $this->Key();
  212.                 $register_key = $this->Key();
  213.                 $admin_key = $this->Key();
  214.                
  215.                 if( get_option('users_can_register') ){
  216.                     $register_slug = get_option( 'stealth_register_slug' );
  217.                     $reg_rule_stealth = "RewriteRule ^" . $register_slug . " ".$dir."wp-login.php?stealth_reg_key=" . $register_key . "&action=register [R,L]\n" ;//Redirect Register slug to registration page with stealth_key
  218.                     $reg_rule = "RewriteRule ^" . $register_slug . " ".$dir."wp-login.php?action=register [L]\n" ;//Redirect Register slug to registration page
  219.                 }
  220.                
  221.                 if( get_option( 'stealth_mode' ) ){
  222.                     $insert = "# STEALTH-LOGIN \n" .
  223.                                "RewriteRule ^" . $logout_slug . " ".$dir.$logout_uri."&stealth_out_key=" . $logout_key . " [L]\n" . //Redirect Logout slug to logout with stealth_key
  224.                               "RewriteRule ^" . $login_slug . " ".$dir."wp-login.php?stealth_in_key=" . $login_key . "&redirect_to=" . $login_url . " [R,L]\n" .    //Redirect Login slug to show wp-login.php with stealth_key
  225.                               "RewriteRule ^" . $admin_slug . " ".$dir."wp-admin/?stealth_admin_key=" . $admin_key . " [R,L]\n" .   //Redirect Admin slug to show Dashboard with stealth_key
  226.                               $reg_rule_stealth .
  227.                              
  228.                               "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/wp-admin \n" . //if did not come from WP Admin
  229.                               "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/wp-login\.php \n" . //if did not come from wp-login.php
  230.                               "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/" . $login_slug . " \n" . //if did not come from Login slug
  231.                               "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/" . $admin_slug . " \n" . //if did not come from Admin slug
  232.                               "RewriteCond %{QUERY_STRING} !^stealth_in_key=" . $login_key . " \n" . //if no stealth_key query
  233.                               "RewriteCond %{QUERY_STRING} !^stealth_out_key=" . $logout_key . " \n" . //if no stealth_key query
  234.                               "RewriteCond %{QUERY_STRING} !^stealth_reg_key=" . $register_key . " \n" . //if no stealth_key query
  235.                               "RewriteCond %{QUERY_STRING} !^stealth_admin_key=" . $admin_key . " \n" . //if no stealth_key query
  236.                               "RewriteRule ^wp-login\.php " . get_option('siteurl') . " [L]\n" . //Send to home page
  237.                               "RewriteCond %{QUERY_STRING} ^loggedout=true \n" . // if logout confirm query is true
  238.                               "RewriteRule ^wp-login\.php " . get_option('siteurl') . " [L]\n" . //Send to home page
  239.                               get_option('stealth_custom_rules')." \n".
  240.                               "# END STEALTH-LOGIN\n";
  241.                 }else{
  242.                     $insert = "# STEALTH-LOGIN\n" .
  243.                               "RewriteRule ^" . $logout_slug . " ".$dir.$logout_uri." [L]\n" . //Redirect Logout slug to logout
  244.                               "RewriteRule ^" . $admin_slug . " ".$dir."wp-admin/ [R,L]\n" .    //Redirect Admin slug to show Dashboard with stealth_key
  245.                               "RewriteRule ^" . $login_slug . " ".$dir."wp-login.php?&redirect_to=" . $login_url . " [R,L]\n" .     //Redirect Login slug to show wp-login.php
  246.                               $reg_rule .
  247.                               get_option('stealth_custom_rules')." \n".
  248.                               "# END STEALTH-LOGIN\n" ;
  249.                    
  250.                 }
  251.                
  252.             }
  253.             $sample = str_replace('<', '&lt;', $insert);
  254.             $sample = str_replace('>', '&gt;', $sample);
  255.             update_option('stealth_htaccess', $sample);
  256.            
  257.             return $insert;
  258.         }
  259.        
  260.         function AddRewriteRules($rewrite){
  261.             global $wp_version;
  262.            
  263.             if( get_option('stealth_enable') == 1 ):
  264.                 $insert = $this->CreateRewriteRules();
  265.                 $lines = explode('RewriteCond %{REQUEST_FILENAME} !-f', $rewrite);
  266.                 $fn = "RewriteCond %{REQUEST_FILENAME} !-f";
  267.                 $rewrite = $lines[0] . $insert . $fn . $lines[1];
  268.             endif;
  269.        
  270.             return $rewrite;
  271.         }  
  272.        
  273.         function Key() {   
  274.             $chars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  275.             srand((double)microtime()*1000000);
  276.             $i = 0;
  277.             $pass = '' ;       
  278.             while ($i <= 25) {
  279.                 $num = rand() % 33;
  280.                 $tmp = substr($chars, $num, 1);
  281.                 $pass = $pass . $tmp;
  282.                 $i++;
  283.             }
  284.             return $pass;  
  285.         }
  286.        
  287.     }
  288. } // END Class StealthLoginPlugin
  289.  
  290. if( class_exists( 'StealthLoginPlugin' ) ){
  291.     $stealthlogin = new StealthLoginPlugin();
  292. }
  293. ?>
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×