/**
 * Helper function, check password + extra passwords
 */
function wpsolucje_post_password_required( $post = null ) 
{
        $post = get_post($post);

        if ( empty( $post->post_password ) )
                return false;

        if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
                return true;

        require_once ABSPATH . WPINC . '/class-phpass.php';
        $hasher = new PasswordHash( 8, true );

        $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
        if ( 0 !== strpos( $hash, '$P$B' ) )
                return true;

        // Check the current password
        if( $hasher->CheckPassword( $post->post_password, $hash ) )
            return false;

        // Fetch extra passwords
        if( ! $extra_passwords = get_post_meta( $post->ID, 'wpsolucje_extra_passwords', true ) )
            return true;

        // Check these extra passwords 
        $extra = explode( ',', $extra_passwords );      
        foreach( (array) $extra as $password )
        {
            $password = trim( $password );
            if( ! empty( $password ) && $hasher->CheckPassword( $password, $hash ) )
                return false;           
        }   
        return true;
}


/**
 * Support extra post passwords for single posts in the main loop
 */
add_filter( 'the_password_form', function( $output )
{
    if( ! is_single() || ! in_the_loop() || did_action( 'the_password_form' ) )
        return $output;

    $post = get_post();

    // Display password form if none of the passwords matches:  
    if( wpsolucje_post_password_required( $post ) )
        return $output;

    // Get the current password
    $password = $post->post_password;

    // Temporary remove it
    $post->post_password = '';

    // Fetch the content
    $content = get_the_content();

    // Set the password back
    $post->post_password = $password;

    return $content;
} );