maxkostinevich · March 18, 2016 06:31
diff --git a/functions.php b/functions.php
 <?php
 /**
 * Allow to open password protected pages with the password in URL 
 * For example: http://examle.com/my-protected-page?access_token=2341223 (GET param: ?access_token=[POST PASSWORD])
 * Feel free to replace 'access_token' with any other string 
 *
 * Author: Max Kostinevich 
 * Author URI: https://maxkostinevich.com
 */

 if( !function_exists( 'wp_open_protected_pages_via_url' ) ){
  add_action( 'init', 'wp_open_protected_pages_via_url' );	

 	function wp_open_protected_pages_via_url() {
 		if( isset( $_GET['access_token'] ) ){
 			$access_token = $_GET['access_token'];
 			global $post; 
 		
 			if( $access_token ){
 				global $wp_hasher;
 				if( empty( $wp_hasher ) ){
 					require_once( ABSPATH . 'wp-includes/class-phpass.php' );
 					$wp_hasher = new PasswordHash( 8, true );
 				}
 				
 				$hashed_pwd=$wp_hasher->HashPassword( stripslashes( $access_token ) );

 				// Create new COOKIE to allow access to protected page if COOKIE doesn't exists
 				if( !isset( $_COOKIE['wp-postpass_'.COOKIEHASH] ) || ( ( isset($_COOKIE['wp-postpass_'.COOKIEHASH] ) ) && !( $wp_hasher->CheckPassword( $access_token, $_COOKIE['wp-postpass_'.COOKIEHASH] ) ) ) ) {
 					$cookie_time = time()+3600*24; // Set COOKIE expire time - http://php.net/manual/en/function.setcookie.php
 				        setcookie( 'wp-postpass_' . COOKIEHASH, $hashed_pwd, $cookie_time, COOKIEPATH ); // Set COOKIE
 				        
 				        $redirect_url = isset( $_SERVER['HTTPS'] ) ? 'https://' : 'http://'; // Handle HTTPS protocol
 				        
 					/* If you would like to hide access_token, you need to remove querystring from $_SERVER['REQUEST_URI']:
 					* For example: to be redirected from http://examle.com/my-protected-page?access_token=2341223 to http://examle.com/my-protected-page
 					* As one of solution, just uncomment the line below:
 					*/
          				//$redirect_url .= $_SERVER['HTTP_HOST'] . strtok($_SERVER['REQUEST_URI'],'?'); // Uncomment this line to hide access token
        				 $redirect_url .= $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; // Remove this line to hide access token
          
 					wp_safe_redirect( $redirect_url  ); // Safe redirect to the requested page
 					exit();	
 				}
 			
 			}
 		}
 	}
 }
	<?php
	/**
	* Allow to open password protected pages with the password in URL
	* For example: http://examle.com/my-protected-page?access_token=2341223 (GET param: ?access_token=[POST PASSWORD])
	* Feel free to replace 'access_token' with any other string
	*
	* Author: Max Kostinevich
	* Author URI: https://maxkostinevich.com
	*/

	if( !function_exists( 'wp_open_protected_pages_via_url' ) ){
	add_action( 'init', 'wp_open_protected_pages_via_url' );

	function wp_open_protected_pages_via_url() {
	if( isset( $_GET['access_token'] ) ){
	$access_token = $_GET['access_token'];
	global $post;

	if( $access_token ){
	global $wp_hasher;
	if( empty( $wp_hasher ) ){
	require_once( ABSPATH . 'wp-includes/class-phpass.php' );
	$wp_hasher = new PasswordHash( 8, true );
	}

	$hashed_pwd=$wp_hasher->HashPassword( stripslashes( $access_token ) );

	// Create new COOKIE to allow access to protected page if COOKIE doesn't exists
	if( !isset( $_COOKIE['wp-postpass_'.COOKIEHASH] ) \|\| ( ( isset($_COOKIE['wp-postpass_'.COOKIEHASH] ) ) && !( $wp_hasher->CheckPassword( $access_token, $_COOKIE['wp-postpass_'.COOKIEHASH] ) ) ) ) {
	$cookie_time = time()+3600*24; // Set COOKIE expire time - http://php.net/manual/en/function.setcookie.php
	setcookie( 'wp-postpass_' . COOKIEHASH, $hashed_pwd, $cookie_time, COOKIEPATH ); // Set COOKIE

	$redirect_url = isset( $_SERVER['HTTPS'] ) ? 'https://' : 'http://'; // Handle HTTPS protocol

	/* If you would like to hide access_token, you need to remove querystring from $_SERVER['REQUEST_URI']:
	* For example: to be redirected from http://examle.com/my-protected-page?access_token=2341223 to http://examle.com/my-protected-page
	* As one of solution, just uncomment the line below:
	*/
	//$redirect_url .= $_SERVER['HTTP_HOST'] . strtok($_SERVER['REQUEST_URI'],'?'); // Uncomment this line to hide access token
	$redirect_url .= $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; // Remove this line to hide access token

	wp_safe_redirect( $redirect_url ); // Safe redirect to the requested page
	exit();
	}

	}
	}
	}
	}