Created
August 28, 2012 08:42
-
-
Save tott/3496266 to your computer and use it in GitHub Desktop.
enforce http
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| add_action( 'plugins_loaded', 'bypass_wp_login_for_pw_protected_posts' ); | |
| function bypass_wp_login_for_pw_protected_posts() { | |
| // this functionality is a fork of http://core.trac.wordpress.org/browser/trunk/wp-login.php#L385 | |
| // keep this in sync with Core | |
| $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'login'; | |
| if ( 'postpass' <> $action ) | |
| return; | |
| if ( empty( $wp_hasher ) ) { | |
| require_once( ABSPATH . 'wp-includes/class-phpass.php' ); | |
| // By default, use the portable hash from phpass | |
| $wp_hasher = new PasswordHash(8, true); | |
| } | |
| // 10 days | |
| setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH ); | |
| wp_safe_redirect( wp_get_referer() ); | |
| exit(); | |
| } | |
| add_filter( 'site_url', 'enforce_nonssl_postpass_url', 999, 4 ); | |
| function enforce_nonssl_postpass_url( $url, $path, $scheme, $blog_id ) { | |
| if ( 'login_post' <> $scheme ) | |
| return $url; | |
| if ( preg_match( '#\?action=postpass#', $url ) ) | |
| return str_replace( 'https://', 'http://', $url ); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment