WordPress.org

Plugin Directory

Changeset 457433


Ignore:
Timestamp:
10/30/11 19:57:07 (2 years ago)
Author:
isaacchapman
Message:

Updating to 0.2 version with some new capabilities

Location:
htaccess-secure-files
Files:
14 added
5 edited

Legend:

Unmodified
Added
Removed
  • htaccess-secure-files/trunk/admin.css

    r455806 r457433  
    2727    border-right: 1px solid #21759B; 
    2828} 
     29.hsf_tab_content thead th { white-space:nowrap; } 
    2930.hsf_tab_content .check-column { text-align: center; } 
    3031.hsf_tab_content tbody td { padding-top: 7px; } 
     32.hsf_tab_content tbody td.hsf_button_cell { padding-top: 2px; } 
     33.hsf_tab_content td#hsf_add_ip_label {  
     34    vertical-align:middle; 
     35    white-space: nowrap; 
     36    width: 10em; 
     37} 
     38 
    3139.hsf_toggle { 
    3240    color: #21759B;  
     
    4755    margin-left: 5px; 
    4856} 
     57/* Media management list table */ 
     58.fixed .column-hsf_secured { width: 10%; } 
  • htaccess-secure-files/trunk/admin.js

    r455806 r457433  
    11jQuery(document).ready(function() { 
     2    // Initial hash and hash changes 
     3    hsf_hash_change(); 
     4    jQuery(window).bind('hashchange', function() { 
     5        hsf_hash_change(); 
     6    }); 
     7     
     8    // Toggle the expanded content 
    29    jQuery('.hsf_toggle').click(function() { 
    310        var id = jQuery(this).attr('id').substr(11); 
     
    815        } 
    916    }); 
     17    // Handle clicking on tabs 
    1018    jQuery('#hsf_tabs li').click(function() { 
    1119        if (!jQuery(this).hasClass('hsf_tab_active')) { 
     
    2028            jQuery('#hsf_tab_content_' + tab_id).show(150); 
    2129            jQuery('#hsf_tab_' + tab_id).addClass('hsf_tab_active'); 
     30            window.location.hash = tab_id; 
    2231        } 
    2332    }); 
     33    // Deleteing an IP address 
     34    jQuery('.hsf_delete_ip').live('click', function() { 
     35        var ip_w_underscores = jQuery(this).attr('id').substr(14) 
     36        var ip = ip_w_underscores.replace(/_/g, '.'); 
     37        var pos = jQuery.inArray(ip, hsf_allowed_ips); 
     38        if (pos == 0 && hsf_allowed_ips.length == 1) { 
     39            hsf_allowed_ips = new Array(); 
     40        } else { 
     41            hsf_allowed_ips.splice(pos, 1); 
     42        } 
     43        jQuery('#hsf_allowed_ips').val(hsf_allowed_ips.join(',')); 
     44        jQuery('#hsf_ip_tr_' + ip_w_underscores).remove(); 
     45    }); 
     46    // Adding an IP address 
     47    jQuery('#hsf_add_ip_button').click(function() { 
     48        var ip = jQuery('#hsf_add_ip_text').val(); 
     49        if (!jQuery.trim(ip)) { return; } 
     50        // Regex from http://stackoverflow.com/questions/106179/regular-expression-to-match-hostname-or-ip-address 
     51        if (!ip.match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$')) { 
     52            alert("'" + ip + "' is not a valid IPv4 address"); 
     53            return; 
     54        }  
     55        if (jQuery.inArray(ip, hsf_allowed_ips) != -1) { 
     56            alert("'" + ip + "' is already allowed"); 
     57            jQuery('#hsf_add_ip_text').val(''); 
     58            return;  
     59        } 
     60        hsf_allowed_ips.push(ip); 
     61        jQuery('#hsf_allowed_ips').val(hsf_allowed_ips.join(',')); 
     62        var ip_w_underscores = ip.replace(/\./g, '_'); 
     63        var tr_class = 'class="alternate"'; 
     64        if (jQuery('#hsf_tab_content_ip4_addresses tbody tr:last').length) { 
     65            if (jQuery('#hsf_tab_content_ip4_addresses tbody tr:last').hasClass('alternate')) { tr_class = ''; } 
     66        } 
     67        jQuery('#hsf_tab_content_ip4_addresses tbody').append('<tr id="hsf_ip_tr_' + ip_w_underscores + '" ' + tr_class + '><td>' + ip + '</td><td class="hsf_button_cell"><input type="button" value="Delete" class="button-secondary hsf_delete_ip" id="hsf_delete_ip_' + ip_w_underscores + '"></td></tr>'); 
     68        jQuery('#hsf_add_ip_text').val(''); 
     69    }); 
    2470}); 
     71 
     72function hsf_hash_change() { 
     73    // Display the location.hash specific content 
     74    if (location.hash && location.hash.length > 1 && jQuery('#hsf_tab_' + location.hash.substr(1)).length) { 
     75        var active_id = location.hash.substr(1); 
     76        jQuery('#hsf_tabs li').each(function() { 
     77            var id = jQuery(this).attr('id').substr(8); 
     78            jQuery('#hsf_tab_content_' + id).hide(); 
     79            jQuery(this).removeClass('hsf_tab_active'); 
     80        }); 
     81        jQuery('#hsf_tab_content_' + active_id).show(); 
     82        jQuery('#hsf_tab_' + active_id).addClass('hsf_tab_active'); 
     83    } 
     84} 
  • htaccess-secure-files/trunk/dl.php

    r455806 r457433  
    2222 
    2323// Ensure the plugin is initialized properly 
    24 global $hsf_roles, $hsf_capabilities, $current_user; 
    25 if (!isset($current_user) || !isset($hsf_roles) || !isset($hsf_capabilities)) { 
     24global $hsf_allowed_roles, $hsf_allowed_capabilities, $hsf_allowed_ips, $current_user; 
     25if (!isset($current_user) || !isset($hsf_allowed_roles) || !isset($hsf_allowed_capabilities) || !isset($hsf_allowed_ips)) { 
    2626    header('Status: 500 Internal Server Error', true, 500); 
    2727    echo ('Error 500: Htaccess Secure Files plugin error (possibly deactivated)'); 
     
    3030} 
    3131 
    32 if (!is_array($hsf_roles) || !is_array($hsf_capabilities) || !is_object($current_user)) { 
     32if (!is_array($hsf_allowed_roles) || !is_array($hsf_allowed_capabilities) || !is_array($hsf_allowed_ips) || !is_object($current_user)) { 
    3333    header('Status: 500 Internal Server Error', true, 500); 
    3434    echo ('Error 500: Htaccess Secure Files plugin configuration error'); 
     
    4040$can_view = false; 
    4141 
     42// Check the IP address  
     43if (count($hsf_allowed_ips) && in_array($_SERVER['REMOTE_ADDR'], $hsf_allowed_ips)) { 
     44    $can_view = true; 
     45} 
     46 
    4247// Check the roles 
    43 if (count($hsf_roles) && isset($current_user->roles) && is_array($current_user->roles) && count($current_user->roles) && count(array_intersect($hsf_roles, $current_user->roles))) { 
     48if (!$can_view && count($hsf_allowed_roles) && isset($current_user->roles) && is_array($current_user->roles) && count($current_user->roles) && count(array_intersect($hsf_allowed_roles, $current_user->roles))) { 
    4449    $can_view = true; 
    4550} 
    4651 
    4752// Check the capabilities 
    48 if (!$can_view && count($hsf_capabilities) && isset($current_user->allcaps) && is_array($current_user->allcaps) && count($current_user->allcaps)) { 
     53if (!$can_view && count($hsf_allowed_capabilities) && isset($current_user->allcaps) && is_array($current_user->allcaps) && count($current_user->allcaps)) { 
    4954    foreach ($current_user->allcaps as $cap => $on) { 
    50         if ($on && in_array($cap, $hsf_capabilities)) { 
     55        if ($on && in_array($cap, $hsf_allowed_capabilities)) { 
    5156            $can_view = true;  
    5257            break;   
  • htaccess-secure-files/trunk/htaccess-secure-files.php

    r455816 r457433  
    2626*/ 
    2727 
     28// If the existing settings are to be used and shouldn't be changed through the admin interface HSF_DISPLAY_ADMIN should be defined as false in the wp-config.php file. For example: 
     29// define('HSF_DISPLAY_ADMIN', false);  
     30 
    2831// The default roles and capabilities needed to access secured content 
    2932define('HSF_DEFAULT_ALLOWED_ROLES', 'subscriber,contributor,author,editor,administrator'); 
    3033define('HSF_DEFAULT_ALLOWED_CAPABILITIES', ''); 
     34define('HSF_DEFAULT_ALLOWED_IP', ''); 
    3135 
    3236// .htaccess file delimiters (DO NOT USE MULTIPLE ADJACENT SPACE CHARACTERS IF THESE ARE MODIFIED) 
     
    3842define('HSF_ALLOWED_ROLES', 'hsf_allowed_roles'); 
    3943define('HSF_ALLOWED_CAPABILITIES', 'hsf_allowed_capabilities'); 
     44define('HSF_ALLOWED_IPS', 'hsf_allowed_ips'); 
    4045define('HSF_POST_META_KEY', '_hsf_secured'); 
    4146define('HSF_SECURED_LABEL', 'Secured File'); 
     
    6671add_action('init', 'hsf_init'); 
    6772function hsf_init() { 
    68     global $hsf_roles, $hsf_capabilities; 
    69     if (!($hsf_roles = get_option(HSF_ALLOWED_ROLES))) { 
    70         $hsf_roles = explode(',', HSF_DEFAULT_ALLOWED_ROLES); 
    71         if(count($hsf_roles) == 1 && $hsf_roles[0] == '') { $hsf_roles = array(); } 
    72     } 
    73     if (!($hsf_capabilities = get_option(HSF_ALLOWED_CAPABILITIES))) { 
    74         $hsf_capabilities = explode(',', HSF_DEFAULT_ALLOWED_CAPABILITIES);  
    75         if(count($hsf_capabilities) == 1 && $hsf_capabilities[0] == '') { $hsf_capabilities = array(); } 
     73    global $hsf_allowed_roles, $hsf_allowed_capabilities, $hsf_allowed_ips; 
     74    if (!($hsf_allowed_roles = get_option(HSF_ALLOWED_ROLES))) { 
     75        $hsf_allowed_roles = explode(',', HSF_DEFAULT_ALLOWED_ROLES); 
     76        if(count($hsf_allowed_roles) == 1 && $hsf_allowed_roles[0] == '') { $hsf_allowed_roles = array(); } 
     77    } 
     78    if (!($hsf_allowed_capabilities = get_option(HSF_ALLOWED_CAPABILITIES))) { 
     79        $hsf_allowed_capabilities = explode(',', HSF_DEFAULT_ALLOWED_CAPABILITIES);  
     80        if(count($hsf_allowed_capabilities) == 1 && $hsf_allowed_capabilities[0] == '') { $hsf_allowed_capabilities = array(); } 
     81    } 
     82    if (!($hsf_allowed_ips = get_option(HSF_IP_ALLOWED))) { 
     83        $hsf_allowed_ips = explode(',', HSF_DEFAULT_ALLOWED_IP);     
     84        if(count($hsf_allowed_ips) == 1 && $hsf_allowed_ips[0] == '') { $hsf_allowed_ips = array(); } 
    7685    } 
    7786} 
    7887 
    7988/**** Admin screen ****/ 
    80 add_action('admin_menu', 'hsf_admin_menu'); 
     89// Should the admin functionality be loaded? 
     90if (!defined('HSF_DISPLAY_ADMIN') || HSF_DISPLAY_ADMIN == true) { 
     91    add_action('admin_menu', 'hsf_admin_menu'); 
     92} 
    8193function hsf_admin_menu() { 
    8294    add_submenu_page('options-general.php', 'Secure Files', 'Secure Files', HSF_REQUIRED_ADMIN_CAPABILITY, 'hsf-settings', 'hsf_admin_screen'); 
     
    94106    } 
    95107     
    96     global $hsf_roles, $hsf_capabilities, $wp_roles; 
     108    global $hsf_allowed_roles, $hsf_allowed_capabilities, $hsf_allowed_ips, $wp_roles; 
    97109     
    98110    // Create array of capabilities 
     
    116128                    echo ('<div id="message" class="error fade"><p><strong>Invalid nonce</strong></p></div>'); 
    117129                } else { 
    118                     $hsf_roles = array(); 
     130                    $hsf_allowed_roles = array(); 
    119131                    foreach($wp_roles->role_names as $role => $name) { 
    120132                        if (isset($_POST['role_' . $role]) && $_POST['role_' . $role]) { 
    121                             $hsf_roles[] = $role; 
     133                            $hsf_allowed_roles[] = $role; 
    122134                        } 
    123135                    } 
    124                     update_option(HSF_ALLOWED_ROLES, $hsf_roles); 
    125                     $hsf_capabilities = array(); 
     136                    update_option(HSF_ALLOWED_ROLES, $hsf_allowed_roles); 
     137                     
     138                    $hsf_allowed_capabilities = array(); 
    126139                    foreach ($all_capabilities as $capability => $roles) { 
    127140                        if (isset($_POST['capability_' . $capability]) && $_POST['capability_' . $capability]) { 
    128                             $hsf_capabilities[] = $capability; 
     141                            $hsf_allowed_capabilities[] = $capability; 
    129142                        } 
    130143                    } 
    131                     update_option(HSF_ALLOWED_CAPABILITIES, $hsf_capabilities); 
     144                    update_option(HSF_ALLOWED_CAPABILITIES, $hsf_allowed_capabilities); 
     145                     
     146                    $hsf_allowed_ips = array(); 
     147                    if (isset($_POST['hsf_allowed_ips']) && $_POST['hsf_allowed_ips']) { 
     148                        $hsf_allowed_ips = explode(',', $_POST['hsf_allowed_ips']); 
     149                    } 
     150                    update_option(HSF_ALLOWED_IPS, asort($hsf_allowed_ips)); 
     151                     
    132152                    echo ('<div id="message" class="updated fade"><p><strong>' .  __('Options saved.') . '</strong></p></div>'); 
    133153                } 
     
    142162         
    143163    } 
     164    if (count($hsf_allowed_ips)) { 
     165        echo ('<script language="javascript">var hsf_allowed_ips = new Array("' . implode('","', $hsf_allowed_ips) . '");</script>'); 
     166    } else { 
     167        echo ('<script language="javascript">var hsf_allowed_ips = new Array();</script>'); 
     168    } 
    144169    ?> 
    145170    <div class="wrap"> 
     
    147172        <h2>Htaccess Secure Files Settings</h2> 
    148173         
    149         <h3>Select which roles and/or capabilities are required to view secured uploads</h3> 
     174        <h3>Any visitor who matches any of the below selected roles, capabilities, or IP addresses will be allowed to access secured files</h3> 
    150175        <p>Other <a href="http://wordpress.org/extend/plugins/search.php?q=roles+capabilities&sort=" title="WordPress plugins repository">WordPress plugins</a> can be used to create end edit <a href="http://codex.wordpress.org/Roles_and_Capabilities" title="Roles and Capabilities">roles and capabilities</a>.</p> 
    151176        <form method="post"> 
     177            <input type="hidden" name="hsf_allowed_ips" id="hsf_allowed_ips" value="<?php echo(implode(',', $hsf_allowed_ips)); ?>" /> 
    152178            <?php  
    153179            wp_nonce_field('hsf_save_settings','hsf_save_settings'); 
     
    157183                    <li id="hsf_tab_roles" class="hsf_tab_active">Roles</li> 
    158184                    <li id="hsf_tab_capabilities">Capabilities</li> 
     185                    <li id="hsf_tab_ip4_addresses">IPv4 Addresses</li> 
    159186                    <!--<li id="hsf_tab_users">Users</li>--> 
    160187                </ul> 
     
    174201                        ?> 
    175202                        <tr <?php echo($tr_class); ?>> 
    176                             <th class="check-column" scope="row"><input name="role_<?php echo($role); ?>" type="checkbox" class="hsf_checkbox" value="on" <?php if (in_array($role, $hsf_roles)) { echo ('checked="checked"'); } ?> /></th> 
     203                            <th class="check-column" scope="row"><input name="role_<?php echo($role); ?>" type="checkbox" class="hsf_checkbox" value="on" <?php if (in_array($role, $hsf_allowed_roles)) { echo ('checked="checked"'); } ?> /></th> 
    177204                            <td> 
    178                                 <div class="hsf_toggle hsf_role" id="hsf_toggle_<?php echo($role); ?>"><?php echo($name); ?> <span class="hsf_toggle_text">Click to toggle capability listing</span></div> 
     205                                <div class="hsf_toggle hsf_role" id="hsf_toggle_<?php echo($role); ?>"><?php echo($name); ?> <span class="hsf_toggle_text">click to show/hide capability listing</span></div> 
    179206                                <div id="hsf_toggle_div_<?php echo($role); ?>" style="display:none;"> 
    180207                                    <ul class="hsf_capability_listing"> 
     
    209236                        ?> 
    210237                        <tr <?php echo($tr_class); ?>> 
    211                             <th class="check-column" scope="row"><input name="capability_<?php echo($capability); ?>" type="checkbox" class="hsf_checkbox" <?php if (in_array($capability, $hsf_capabilities)) { echo ('checked="checked"'); } ?> /></th> 
     238                            <th class="check-column" scope="row"><input name="capability_<?php echo($capability); ?>" type="checkbox" class="hsf_checkbox" <?php if (in_array($capability, $hsf_allowed_capabilities)) { echo ('checked="checked"'); } ?> /></th> 
    212239                            <td><strong><?php echo ($capability); ?></strong></td> 
    213240                            <td><?php echo(implode(', ', $roles)); ?></td> 
     
    216243                </tbody> 
    217244            </table> 
     245            <table id="hsf_tab_content_ip4_addresses" class="hsf_tab_content widefat" style="display:none;"> 
     246                <thead> 
     247                    <tr> 
     248                        <th colspan="2">Whitelisted IPv4 Addresses</th> 
     249                    <tr> 
     250                <thead> 
     251                <tbody> 
     252                    <?php 
     253                    $tr_class = ''; 
     254                    foreach ($hsf_allowed_ips as $ip) { 
     255                        $tr_class = ( $tr_class == '' ? ' class="alternate"' : '' ); 
     256                        echo ('<tr ' . $tr_class . ' id="hsf_ip_tr_' . str_replace('.', '_', $ip) . '">'); 
     257                        echo ('<td>' . $ip . '</td>'); 
     258                        echo ('<td class="hsf_button_cell"><input type="button" id="hsf_delete_ip_' . str_replace('.', '_', $ip) . '" class="button-secondary hsf_delete_ip" value="Delete" /></td>'); 
     259                        echo ('</tr>'); 
     260                    } 
     261                    ?> 
     262                </tbody> 
     263                <tfoot> 
     264                    <tr> 
     265                        <td id="hsf_add_ip_label"><strong>Add IPv4 Address:</strong></td> 
     266                        <td> 
     267                            <input type="text" maxlength="15" id="hsf_add_ip_text" /> 
     268                            <input type="button" id="hsf_add_ip_button" class="button-secondary" value="Add IP Address" /> 
     269                        </td> 
     270                    </tr> 
     271                </tfoot> 
     272            </table> 
     273            <br /> 
    218274            <input type="submit" name="hsf_submit" value="Save Settings" class="button-primary" /> 
    219275        </form> 
    220276    </div> 
    221277    <?php 
     278} 
     279 
     280/**** Media manager ****/ 
     281add_filter('manage_media_columns', 'hsf_manage_media_columns'); 
     282function hsf_manage_media_columns($columns) { 
     283    // Create a global array of secured files so they do not have to be loaded one at a time by hsf_manage_media_custom_column 
     284    global $hsf_secured_attachment_ids, $wpdb; 
     285    $sql = "SELECT post_id FROM $wpdb->postmeta WHERE meta_key = '" . $wpdb->escape(HSF_POST_META_KEY) . "'"; 
     286    if (!($hsf_secured_attachment_ids = $wpdb->get_col($sql))) { 
     287        $hsf_secured_attachment_ids = array(); 
     288    } 
     289    // Add 'Secured' column to the media list table before the 'date' item 
     290    $new_columns = array(); 
     291    foreach ($columns as $key => $value) { 
     292        if ($key == 'date') { 
     293            $new_columns['hsf_secured'] = 'Secured'; 
     294        } 
     295        $new_columns[$key] = $value; 
     296    } 
     297    return $new_columns; 
     298} 
     299add_filter('manage_media_custom_column', 'hsf_manage_media_custom_column', 10, 2); 
     300function hsf_manage_media_custom_column($column_name, $attachment_id) { 
     301    if ($column_name == 'hsf_secured') { 
     302        global $hsf_secured_attachment_ids; 
     303        if (in_array($attachment_id, $hsf_secured_attachment_ids)) { 
     304            echo('Yes'); 
     305        } else { 
     306            echo('No'); 
     307        } 
     308    } 
    222309} 
    223310 
  • htaccess-secure-files/trunk/readme.txt

    r455806 r457433  
    44Requires at least: 3.2.1 
    55Tested up to: 3.2.1 
    6 Stable tag: 0.1 
     6Stable tag: 0.2 
    77 
    88Allows securing files in WP's media library to be only accessible to users with specific roles and/or capabilities. 
     
    1010== Description == 
    1111 
    12 The Htaccess Secure Files plugin allows for setting specific files to be accessible only to visitors who have a set <a title="WordPress role or capbility" href="http://codex.wordpress.org/Roles_and_Capabilities">WordPress role or capability</a>. By using <a title=".htaccess files" href="http://en.wikipedia.org/wiki/Htaccess">.htaccess files</a> to secure the content instead of a separate directory outside the web root, WordPress's native media library functionality can be used to upload secure files and link to them from within the visual editor. 
     12The Htaccess Secure Files plugin allows for setting files to be accessible only to visitors who have a specified IP address or <a title="WordPress role or capbility" href="http://codex.wordpress.org/Roles_and_Capabilities">WordPress role or capability</a>. By using <a title=".htaccess files" href="http://en.wikipedia.org/wiki/Htaccess">.htaccess files</a> to secure the content instead of a separate directory outside the web root, WordPress's native media library functionality can be used to upload secure files and link to them from within the visual editor. 
    1313 
    14 By default all built-in WordPress roles will be allowed to access content that is marked as secure. The Settings -> Secure Files admin screen controls which roles and capabilities are allowed to view or download secured files. If a custom role or capability is desired, there are several <a title="WordPress plugins" href="http://wordpress.org/extend/plugins/search.php?q=roles+capabilities">WordPress plugins</a> capable of creating and editing roles and capabilities. 
     14By default all built-in WordPress roles will be allowed to access content that is marked as secure. The Settings -> Secure Files admin screen controls which roles, capabilities, and IP addresses are allowed to view or download secured files. If a custom role or capability is desired, there are several <a title="WordPress plugins" href="http://wordpress.org/extend/plugins/search.php?q=roles+capabilities">WordPress plugins</a> capable of creating and editing roles and capabilities. 
     15 
     16**Any visitor that matches any selected role, capability, or IP address will be allowed to access secured files.** 
    1517 
    1618**The Htaccess Secure Files plugin can only be activated on Apache web servers with mod_rewrite enabled.** 
     
    2022== Installation == 
    2123 
    22 1. Upload the htaccess-secure-files directory to your /wp-content/plugins/ directory. 
     241. Unzip the zip archive and upload the htaccess-secure-files directory to your /wp-content/plugins/ directory. 
    23252. Activate the plugin through the 'Plugins' menu in WordPress. 
    24 3. Select which roles and capabilities should have access to secure files on the 'Settings' -> 'Secure Files' admin screen. 
     263. Select which roles, capabilities, and IP addresses will be allowed to view and download secure files on the 'Settings' -> 'Secure Files' admin screen. 
    25274. To secure individual files edit the file on the 'Media' admin screen and change the 'Secured File' setting to 'Yes'. 
    2628 
    2729== Changelog == 
    2830 
     31= 0.2 = 
     32* Added "Secure" column to media manager list table 
     33* Added simple IP address whitelisting (may add more complexity in a later version) 
     34* Added the capability to hide/disable the admin interface with a define statement 
     35* Added screenshots 
     36 
    2937= 0.1 = 
    3038* Initial version 
     39 
     40== Screenshots == 
     41 
     421. Change the "Secured File" value to Yes on the Edit Media screen to secure a file. 
     432. Select the user roles that can access secured files. 
     443. Select the user capabilities that can access secured files. 
     454. Select which IP addresses can access secured files. 
Note: See TracChangeset for help on using the changeset viewer.