Guest User

Stealth Login Plugin for WordPress

a guest
Jul 15th, 2012
438
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. Plugin Name: Stealth Login
  4. Plugin URI: http://www.skullbit.com/
  5. Description: Create custom URL's for logging in, logging out and registering for your WordPress blog.
  6. Author: skullbit, devbit
  7. Version: 1.3
  8. Author URI: http://www.skullbit.com
  9. */
  10.  
  11. /* CHANGELOG
  12. 03-04-2009 - v1.3
  13.     * Added compatibility fix with WordPress installations in a directory like www.blog.com/wordpress/
  14.     * Added ability to disable plugin
  15.     * Added ability to attempt to change .htaccess permissions to make writeable
  16.     * Added wp-admin slug option (can't login with it yet though)
  17.     * htaccess Output rules will always show even if htaccess is not writeable
  18.     * added ability to create custom htaccess rules
  19.  
  20. 29-03-2008 - v1.2
  21.     * Added Register slug option so you can still allow registrations with the stealth-login. (If registration is not allowed, this option will not be available.)
  22.     * Stealth Key now seperate for each slug so that those registering cannot reuse the key for use on login or logout
  23.  
  24. 28-03-2008 - v1.1
  25.     * Added better rewrite rules for a stealthier login system.
  26.     * Removed wp-login.php refresh redirect in favor of using rewrite rules for prevention of direct access to the file.
  27.     * Added Stealth Key for added security - key is random and changes on every settings update.
  28. */
  29. include_once(ABSPATH.'wp-admin/admin-functions.php');
  30.  
  31. if( !class_exists( 'StealthLoginPlugin' ) ){
  32.     class StealthLoginPlugin{
  33.         function StealthLoginPlugin(){ //Constructor           
  34.             add_action( 'admin_menu', array($this,'AddPanel') );
  35.             if( $_POST['action'] == 'stealth_login_update' )
  36.                 add_action( 'init', array($this,'SaveSettings') );
  37.                
  38.             add_filter( 'mod_rewrite_rules', array($this, 'AddRewriteRules'), 999 );
  39.            
  40.             register_activation_hook( __FILE__, array($this, "DefaultSettings") );
  41.             register_deactivation_hook( __FILE__, array($this, "UnsetSettings") );
  42.            
  43.         }
  44.         function AddPanel(){
  45.             add_options_page( 'Stealth Login', 'Stealth Login', 10, __FILE__, array($this, 'StealthSettings') );
  46.         }
  47.         function DefaultSettings () {
  48.              if( !get_option("stealth_enable") )
  49.                 add_option("stealth_enable","0");
  50.                
  51.              if( !get_option("stealth_login_slug") )
  52.                 add_option("stealth_login_slug","login");
  53.            
  54.             if( !get_option("stealth_admin_slug") )
  55.                 add_option("stealth_admin_slug","admin");
  56.                
  57.              if( !get_option("stealth_login_redirect") )
  58.                 add_option("stealth_login_redirect", get_option('siteurl').'/wp-admin/');
  59.                
  60.              if( !get_option("stealth_logout_slug") )
  61.                 add_option("stealth_logout_slug", "logout");
  62.                
  63.              if( !get_option("stealth_login_custom") )
  64.                 add_option("stealth_login_custom", "");
  65.              
  66.              if( !get_option("stealth_register_slug") )
  67.                 add_option("stealth_register_slug","register");
  68.            
  69.              if( !get_option("stealth_mode") )
  70.                 add_option("stealth_mode", "0");
  71.            
  72.              if( get_option("stealth_key") )
  73.                 delete_option("stealth_key");
  74.                
  75.             save_mod_rewrite_rules();
  76.         }
  77.         function UnsetSettings () {
  78.               delete_option("stealth_enable");
  79.               delete_option("stealth_login_slug");
  80.               delete_option("stealth_login_redirect");
  81.               delete_option("stealth_logout_slug");
  82.               delete_option("stealth_admin_slug");
  83.               delete_option("stealth_login_custom");
  84.               delete_option("stealth_register_slug");
  85.               delete_option("stealth_mode");
  86.               delete_option("stealth_htaccess");
  87.               delete_option("stealth_custom_rules");
  88.               save_mod_rewrite_rules();
  89.               delete_option("stealth_htaccess");
  90.         }
  91.         function SaveSettings(){           
  92.             check_admin_referer('stealth-login-update-options');
  93.             update_option("stealth_enable", $_POST['stealth_enable']);
  94.             update_option("stealth_login_slug", $_POST['stealth_login_slug']);
  95.             update_option("stealth_login_redirect", $_POST['stealth_login_redirect']);
  96.             update_option("stealth_logout_slug", $_POST['stealth_logout_slug']);
  97.             update_option("stealth_admin_slug", $_POST['stealth_admin_slug']);
  98.             update_option("stealth_login_custom", $_POST['stealth_login_custom']);
  99.             update_option("stealth_register_slug", $_POST['stealth_register_slug']);
  100.             update_option("stealth_custom_rules", $_POST['stealth_custom_rules']);
  101.             update_option("stealth_mode", $_POST['stealth_mode']);
  102.             $htaccess = trailingslashit(ABSPATH).'.htaccess';
  103.             $this->CreateRewriteRules();
  104.             if( $_POST['stealth_enable'] == 0 ):
  105.                 save_mod_rewrite_rules();
  106.                 $_POST['notice'] = __('Settings saved. Plugin is disabled.','stealthlogin');
  107.             elseif( save_mod_rewrite_rules() ):
  108.                 $_POST['notice'] = __('Settings saved and .htaccess file updated.','stealthlogin');
  109.             elseif( chmod($htaccess,0644) ):
  110.                 if( save_mod_rewrite_rules() ){
  111.                     $_POST['notice'] = __('Settings saved and .htaccess file now writeable and updated.','stealthlogin');
  112.                 }else{
  113.                     $_POST['notice'] = __('Settings saved but .htaccess file could not be updated.'.$htaccess,'stealthlogin');
  114.                 }
  115.             else :
  116.                 $_POST['notice'] = __('Settings saved but .htaccess file is not writeable.'.$htaccess,'stealthlogin');
  117.             endif;
  118.                
  119.         }  
  120.        
  121.         function StealthSettings(){
  122.            
  123.             if( $_POST['notice'] )
  124.                 echo '<div id="message" class="updated fade"><p><strong>' . $_POST['notice'] . '</strong></p></div>';
  125.             ?>
  126.             <div class="wrap">
  127.                 <h2><?php _e('Stealth Login Settings', 'stealthlogin')?></h2>
  128.                 <form method="post" action="">
  129.                     <?php if( function_exists( 'wp_nonce_field' )) wp_nonce_field( 'stealth-login-update-options'); ?>
  130.                     <table class="form-table">
  131.                         <tbody>
  132.                             <tr valign="top">
  133.                                  <th scope="row"><label for="enable"><?php _e('Enable Plugin', 'stealthlogin');?></label></th>
  134.                                 <td><label><input name="stealth_enable" id="enable" value="1" <?php if(get_option('stealth_enable') == 1) echo 'checked="checked"';?> type="radio" /> On</label> &nbsp;&nbsp;<label><input name="stealth_enable" value="0" <?php if(get_option('stealth_enable') == 0) echo 'checked="checked"';?> type="radio" /> Off</label></td>
  135.                             </tr>
  136.                             <tr valign="top">
  137.                                  <th scope="row"><label for="login_slug"><?php _e('Login Slug', 'stealthlogin');?></label></th>
  138.                                 <td><input name="stealth_login_slug" id="login_slug" value="<?php echo get_option('stealth_login_slug');?>" type="text"><br />
  139.                                 <strong style="color:#777;font-size:12px;">Login URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_login_slug');?></span></span></td>
  140.                             </tr>
  141.                             <tr valign="top">
  142.                                 <th scope="row"><label for="login_redirect"><?php _e('Login Redirect', 'stealthlogin');?></label></th>
  143.                                 <td><select name="stealth_login_redirect" id="login_redirect">
  144.                                         <option value="<?php echo get_option('siteurl');?>/wp-admin/" <?php if(get_option('stealth_login_redirect') == get_option('siteurl').'/wp-admin/'){echo 'selected="selected"';} ?>">WordPress Admin</option>
  145.                                         <option value="<?php echo get_option('siteurl');?>/wp-login.php?redirect_to=<?php echo get_option('siteurl');?>" <?php if(get_option('stealth_login_redirect') == get_option('siteurl').'/wp-login.php?redirect_to='.get_option('siteurl')){echo 'selected="selected"';} ?>">WordPress Address</option>
  146.                                         <option value="<?php echo get_option('siteurl');?>/wp-login.php?redirect_to=<?php echo get_option('home');?>" <?php if(get_option('stealth_login_redirect') == get_option('siteurl').'/wp-login.php?redirect_to='.get_option('home')){echo 'selected="selected"';} ?>">Blog Address </option>
  147.                                         <option value="Custom" <?php if(get_option('stealth_login_redirect') == "Custom"){echo 'selected="selected"';} ?>">Custom URL (Enter Below)</option>
  148.                                     </select><br />
  149.                                 <input type="text" name="login_custom" size="40" value="<?php echo get_option('stealth_login_custom');?>" /><br />
  150.                                 <strong style="color:#777;font-size:12px;">Redirect URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php if( get_option('stealth_login_redirect') != 'Custom' ) { echo get_option('stealth_login_redirect'); } else { echo get_option('stealth_login_custom'); } ?></span></td>
  151.                             </tr>
  152.                             <tr valign="top">
  153.                                 <th scope="row"><label for="logout_slug"><?php _e('Logout Slug', 'stealthlogin');?></label></th>
  154.                                 <td><input type="text" name="stealth_logout_slug" id="logout_slug" value="<?php echo get_option('stealth_logout_slug');?>" /><br />
  155.                                 <strong style="color:#777;font-size:12px;">Logout URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_logout_slug');?></span></span></td>
  156.                             </tr>
  157.                          <?php if( get_option('users_can_register') ){ ?>
  158.                             <tr valign="top">
  159.                                 <th scope="row"><label for="register_slug"><?php _e('Register Slug', 'stealthlogin');?></label></th>
  160.                                 <td><input type="text" name="stealth_register_slug" id="register_slug" value="<?php echo get_option('stealth_register_slug');?>" /><br />
  161.                                 <strong style="color:#777;font-size:12px;">Register URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_register_slug');?></span></span></td>
  162.                             </tr>
  163.                           <?php } ?>
  164.                           <tr valign="top">
  165.                                  <th scope="row"><label for="admin_slug"><?php _e('Admin Slug', 'stealthlogin');?></label></th>
  166.                                 <td><input name="stealth_admin_slug" id="admin_slug" value="<?php echo get_option('stealth_admin_slug');?>" type="text"><br />
  167.                                 <strong style="color:#777;font-size:12px;">Admin URL:</strong> <span style="font-size:0.9em;color:#999999;"><?php echo trailingslashit( get_option('siteurl') ); ?><span style="background-color: #fffbcc;"><?php echo get_option('stealth_admin_slug');?></span></span></td>
  168.                             </tr>
  169.                           <tr valign="top">
  170.                                 <th scope="row"><label for="custom_rules"><?php _e('Custom Rules', 'stealthlogin');?></label></th>
  171.                                 <td><textarea name="stealth_custom_rules" id="custom_rules" rows="5" cols="50"><?php echo get_option('stealth_custom_rules');?></textarea><br /><span style="font-size:0.9em;color:#999999;">Add at your own risk, will appear just above # END STEALTH-LOGIN</span></td>
  172.                             </tr>
  173.                             <tr valign="top">
  174.                                 <th scope="row"><?php _e('Stealth Mode', 'stealthlogin'); ?></th>
  175.                                 <td><label><input type="radio" name="stealth_mode" value="1" <?php if(get_option('stealth_mode') ) echo 'checked="checked" ';?> /> Enable</label><br />
  176.                                     <label><input type="radio" name="stealth_mode" value="0" <?php if(!get_option('stealth_mode') ) echo 'checked="checked" ';?>/> Disable</label><br />
  177.                                     <small><?php _e('Prevent users from being able to access wp-login.php directly','stealthlogin');?></small></td>
  178.                             </tr>
  179.                             <tr valign="top">
  180.                             <th scope="row"><?php _e('.htaccess Output', 'stealthlogin');?></th>
  181.                             <td><pre><?php echo get_option('stealth_htaccess');?></pre></td>
  182.                             </tr>
  183.                         </tbody>
  184.                     </table>
  185.                     <p class="submit"><input name="Submit" value="<?php _e('Save Changes','stealthlogin');?>" type="submit" />
  186.                     <input name="action" value="stealth_login_update" type="hidden" />
  187.                 </form>
  188.              
  189.             </div>
  190.            <?php
  191.         }
  192.        
  193.         function CreateRewriteRules(){
  194.             $logout_uri = str_replace(trailingslashit(get_option('siteurl')), '', wp_logout_url());
  195.             $siteurl = explode('/',trailingslashit(get_option('siteurl')));
  196.             unset($siteurl[0]); unset($siteurl[1]); unset($siteurl[2]);
  197.             $dir = implode('/',$siteurl);
  198.            
  199.             if(get_option('stealth_login_slug')){
  200.            
  201.                 if(get_option('stealth_login_redirect') != "Custom"){
  202.                     $login_url = get_option('stealth_login_redirect');
  203.                 }else{
  204.                     $login_url = get_option('stealth_login_custom');
  205.                 }
  206.                 $login_slug = get_option('stealth_login_slug');
  207.                 $logout_slug = get_option('stealth_logout_slug');
  208.                 $admin_slug = get_option('stealth_admin_slug');
  209.                
  210.                 $login_key = $this->Key();
  211.                 $logout_key = $this->Key();
  212.                 $register_key = $this->Key();
  213.                 $admin_key = $this->Key();
  214.                
  215.                 if( get_option('users_can_register') ){
  216.                     $register_slug = get_option( 'stealth_register_slug' );
  217.                     $reg_rule_stealth = "RewriteRule ^" . $register_slug . " ".$dir."wp-login.php?stealth_reg_key=" . $register_key . "&action=register [R,L]\n" ;//Redirect Register slug to registration page with stealth_key
  218.                     $reg_rule = "RewriteRule ^" . $register_slug . " ".$dir."wp-login.php?action=register [L]\n" ;//Redirect Register slug to registration page
  219.                 }
  220.                
  221.                 if( get_option( 'stealth_mode' ) ){
  222.                     $insert = "# STEALTH-LOGIN \n" .
  223.                                "RewriteRule ^" . $logout_slug . " ".$dir.$logout_uri."&stealth_out_key=" . $logout_key . " [L]\n" . //Redirect Logout slug to logout with stealth_key
  224.                               "RewriteRule ^" . $login_slug . " ".$dir."wp-login.php?stealth_in_key=" . $login_key . "&redirect_to=" . $login_url . " [R,L]\n" .    //Redirect Login slug to show wp-login.php with stealth_key
  225.                               "RewriteRule ^" . $admin_slug . " ".$dir."wp-admin/?stealth_admin_key=" . $admin_key . " [R,L]\n" .   //Redirect Admin slug to show Dashboard with stealth_key
  226.                               $reg_rule_stealth .
  227.                              
  228.                               "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/wp-admin \n" . //if did not come from WP Admin
  229.                               "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/wp-login\.php \n" . //if did not come from wp-login.php
  230.                               "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/" . $login_slug . " \n" . //if did not come from Login slug
  231.                               "RewriteCond %{HTTP_REFERER} !^" . get_option('siteurl') . "/" . $admin_slug . " \n" . //if did not come from Admin slug
  232.                               "RewriteCond %{QUERY_STRING} !^stealth_in_key=" . $login_key . " \n" . //if no stealth_key query
  233.                               "RewriteCond %{QUERY_STRING} !^stealth_out_key=" . $logout_key . " \n" . //if no stealth_key query
  234.                               "RewriteCond %{QUERY_STRING} !^stealth_reg_key=" . $register_key . " \n" . //if no stealth_key query
  235.                               "RewriteCond %{QUERY_STRING} !^stealth_admin_key=" . $admin_key . " \n" . //if no stealth_key query
  236.                               "RewriteRule ^wp-login\.php " . get_option('siteurl') . " [L]\n" . //Send to home page
  237.                               "RewriteCond %{QUERY_STRING} ^loggedout=true \n" . // if logout confirm query is true
  238.                               "RewriteRule ^wp-login\.php " . get_option('siteurl') . " [L]\n" . //Send to home page
  239.                               get_option('stealth_custom_rules')." \n".
  240.                               "# END STEALTH-LOGIN\n";
  241.                 }else{
  242.                     $insert = "# STEALTH-LOGIN\n" .
  243.                               "RewriteRule ^" . $logout_slug . " ".$dir.$logout_uri." [L]\n" . //Redirect Logout slug to logout
  244.                               "RewriteRule ^" . $admin_slug . " ".$dir."wp-admin/ [R,L]\n" .    //Redirect Admin slug to show Dashboard with stealth_key
  245.                               "RewriteRule ^" . $login_slug . " ".$dir."wp-login.php?&redirect_to=" . $login_url . " [R,L]\n" .     //Redirect Login slug to show wp-login.php
  246.                               $reg_rule .
  247.                               get_option('stealth_custom_rules')." \n".
  248.                               "# END STEALTH-LOGIN\n" ;
  249.                    
  250.                 }
  251.                
  252.             }
  253.             $sample = str_replace('<', '&lt;', $insert);
  254.             $sample = str_replace('>', '&gt;', $sample);
  255.             update_option('stealth_htaccess', $sample);
  256.            
  257.             return $insert;
  258.         }
  259.        
  260.         function AddRewriteRules($rewrite){
  261.             global $wp_version;
  262.            
  263.             if( get_option('stealth_enable') == 1 ):
  264.                 $insert = $this->CreateRewriteRules();
  265.                 $lines = explode('RewriteCond %{REQUEST_FILENAME} !-f', $rewrite);
  266.                 $fn = "RewriteCond %{REQUEST_FILENAME} !-f";
  267.                 $rewrite = $lines[0] . $insert . $fn . $lines[1];
  268.             endif;
  269.        
  270.             return $rewrite;
  271.         }  
  272.        
  273.         function Key() {   
  274.             $chars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  275.             srand((double)microtime()*1000000);
  276.             $i = 0;
  277.             $pass = '' ;       
  278.             while ($i <= 25) {
  279.                 $num = rand() % 33;
  280.                 $tmp = substr($chars, $num, 1);
  281.                 $pass = $pass . $tmp;
  282.                 $i++;
  283.             }
  284.             return $pass;  
  285.         }
  286.        
  287.     }
  288. } // END Class StealthLoginPlugin
  289.  
  290. if( class_exists( 'StealthLoginPlugin' ) ){
  291.     $stealthlogin = new StealthLoginPlugin();
  292. }
  293. ?>
RAW Paste Data