frontycore · December 13, 2023 00:51
diff --git a/functions.php b/functions.php
 <?php

 /**
 * Locking whole web with simple password form
 * ACF fields:
 * 	- string 'wiki_password' - from settings, password to validate against the input form viewer login form
 * 	- bool 'wiki_lock_site' - from settings, whether the site should be only accessible with password
 *	- array 'wiki_allowed_posts' - from settings, relation filed returning an array of post IDs, which are allowed to be viewed without password
 */

 // Initialize session and process login form, if sent
 add_action('init', function() {
 	if (!session_id()) session_start();

 	// End processing if no login form data in $_POST
 	if (!isset($_POST['viewer_password'])) return;


 	// Login form nonce verification
 	if (!isset($_POST['viewer_login_nonce']) || !wp_verify_nonce($_POST['viewer_login_nonce'], 'viewer_login')) {
 		$_SESSION['wiki_login_msg'] = 'Ověření formuláře se nepovedlo. Jestli jste robot, tak běžte robotovat někam jinam!';

 	// Given pasword is incorrect
 	} else if ($_POST['viewer_password'] !== wiki_get_login_password())  {
 		$_SESSION['wiki_login_msg'] = 'Zadali jste špatné heslo. Zkuste to znovu, nebo běžte do pryč...';

 	// Save session
 	} else {
 		$_SESSION[wiki_get_login_session_name()] = time();
 	}

 	// Reload to referer or homepage
 	$url = (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : get_home_url();
 	wp_safe_redirect($url);
 	exit();
 }, 1);

 // Get login password in plain-text
 function wiki_get_login_password() {
 	// return get_field('wiki_password', 'option');
 	return 'heslo';
 }

 // Get session name based on password - new password = new session
 function wiki_get_login_session_name() {
 	return sha1(wiki_get_login_password());
 }

 // Render login form
 function wiki_login_form() {
 	$msg = null;
 	if (isset($_SESSION['wiki_login_msg'])) {
 		$msg = $_SESSION['wiki_login_msg'];
 		unset($_SESSION['wiki_login_msg']);
 	}
 	?>
 	<!DOCTYPE html>
 	<html lang="<?php echo str_replace('_', '-', get_locale()) ?>">
 		<head>
 			<meta http-equiv="Content-Type" content="text/xhtml; charset=<?php bloginfo('charset'); ?>">
 			<title><?php wp_title('|', true, 'right') ?></title>
 		</head>
 		<body>
 			<?php if ($msg) { ?>
 				<h2><?php echo $msg ?></h2>
 			<?php } ?>
 			<form action="<?php echo esc_url(home_url()) ?>" method="post">
 				<input type="password" name="viewer_password" placeholder="Heslo">
 				<?php wp_nonce_field('viewer_login', 'viewer_login_nonce') ?>
 				<input type="submit" value="Přihlásit se">
 			</form>
 		</body>
 	</html>
 	<?php
 }

 // Does viewer session exist and is not expired?
 function wiki_is_viewer_logged_in() {
 	$sessionName = wiki_get_login_session_name();
 	if (!isset($_SESSION[$sessionName]) || !is_numeric($_SESSION[$sessionName])) return false;
 	$loggedIn = (new \DateTime())->setTimestamp(intval($_SESSION[$sessionName]));
 	$expiration = (clone $loggedIn)->modify('+30 days'); // Session expire after given amount of time
 	return new \DateTime() <= $expiration;
 }

 // Is user allowed to view the web?
 function wiki_is_site_locked() {
 	// Site is not locked by password
 	if (!get_field('wiki_lock_site', 'option')) return false;
 	
 	// Current page / post / any CPT is allowed to be viewed without password
 	$obj = get_queried_object();
 	if ($obj instanceof WP_Post) {
 		$allowedIds = array_filter((array)get_field('wiki_allowed_posts', 'option'));
 		if (in_array($obj->ID, $allowedIds)) retrun false;
 	}

 	// Site is locked for users, who are not logged in admin nor have active viewer session
 	return !is_user_logged_in() && !wiki_is_viewer_logged_in();
 }

 // Show login form if the site is locked
 add_filter('template_redirect', function($template) {
 	if (wiki_is_site_locked()) {
 		wiki_login_form();
 		exit();
 	}
 	return $template;
 });
	<?php

	/**
	* Locking whole web with simple password form
	* ACF fields:
	* - string 'wiki_password' - from settings, password to validate against the input form viewer login form
	* - bool 'wiki_lock_site' - from settings, whether the site should be only accessible with password
	* - array 'wiki_allowed_posts' - from settings, relation filed returning an array of post IDs, which are allowed to be viewed without password
	*/

	// Initialize session and process login form, if sent
	add_action('init', function() {
	if (!session_id()) session_start();

	// End processing if no login form data in $_POST
	if (!isset($_POST['viewer_password'])) return;


	// Login form nonce verification
	if (!isset($_POST['viewer_login_nonce']) \|\| !wp_verify_nonce($_POST['viewer_login_nonce'], 'viewer_login')) {
	$_SESSION['wiki_login_msg'] = 'Ověření formuláře se nepovedlo. Jestli jste robot, tak běžte robotovat někam jinam!';

	// Given pasword is incorrect
	} else if ($_POST['viewer_password'] !== wiki_get_login_password()) {
	$_SESSION['wiki_login_msg'] = 'Zadali jste špatné heslo. Zkuste to znovu, nebo běžte do pryč...';

	// Save session
	} else {
	$_SESSION[wiki_get_login_session_name()] = time();
	}

	// Reload to referer or homepage
	$url = (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : get_home_url();
	wp_safe_redirect($url);
	exit();
	}, 1);

	// Get login password in plain-text
	function wiki_get_login_password() {
	// return get_field('wiki_password', 'option');
	return 'heslo';
	}

	// Get session name based on password - new password = new session
	function wiki_get_login_session_name() {
	return sha1(wiki_get_login_password());
	}

	// Render login form
	function wiki_login_form() {
	$msg = null;
	if (isset($_SESSION['wiki_login_msg'])) {
	$msg = $_SESSION['wiki_login_msg'];
	unset($_SESSION['wiki_login_msg']);
	}
	?>
	<!DOCTYPE html>
	<html lang="<?php echo str_replace('_', '-', get_locale()) ?>">
	<head>
	<meta http-equiv="Content-Type" content="text/xhtml; charset=<?php bloginfo('charset'); ?>">
	<title><?php wp_title('\|', true, 'right') ?></title>
	</head>
	<body>
	<?php if ($msg) { ?>
	<h2><?php echo $msg ?></h2>
	<?php } ?>
	<form action="<?php echo esc_url(home_url()) ?>" method="post">
	<input type="password" name="viewer_password" placeholder="Heslo">
	<?php wp_nonce_field('viewer_login', 'viewer_login_nonce') ?>
	<input type="submit" value="Přihlásit se">
	</form>
	</body>
	</html>
	<?php
	}

	// Does viewer session exist and is not expired?
	function wiki_is_viewer_logged_in() {
	$sessionName = wiki_get_login_session_name();
	if (!isset($_SESSION[$sessionName]) \|\| !is_numeric($_SESSION[$sessionName])) return false;
	$loggedIn = (new \DateTime())->setTimestamp(intval($_SESSION[$sessionName]));
	$expiration = (clone $loggedIn)->modify('+30 days'); // Session expire after given amount of time
	return new \DateTime() <= $expiration;
	}

	// Is user allowed to view the web?
	function wiki_is_site_locked() {
	// Site is not locked by password
	if (!get_field('wiki_lock_site', 'option')) return false;

	// Current page / post / any CPT is allowed to be viewed without password
	$obj = get_queried_object();
	if ($obj instanceof WP_Post) {
	$allowedIds = array_filter((array)get_field('wiki_allowed_posts', 'option'));
	if (in_array($obj->ID, $allowedIds)) retrun false;
	}

	// Site is locked for users, who are not logged in admin nor have active viewer session
	return !is_user_logged_in() && !wiki_is_viewer_logged_in();
	}

	// Show login form if the site is locked
	add_filter('template_redirect', function($template) {
	if (wiki_is_site_locked()) {
	wiki_login_form();
	exit();
	}
	return $template;
	});