开发者

Protecting an specific WordPress page with .htaccess

问答 作者:

I have a specific page on my WordPress installation (it's an actual Page in WordPress, just with Pretty URLs) and I want to password-protect it with an .htaccess file provided to me.

For example, the page is http://www.myawesomewebsite.com/members . I want only some users to access it, and their user and password are stored in an .htpasswd file.

The .htaccess file the client sent to me is

AuthUserFile /put the path to the password file here
AuthGroupFile /dev/null
AuthName RESTRICTED
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

I need to use this parameters 开发者_JS百科to protect this WordPress page. I'm going crazy and my searches are leading to nowhere. Any guesses?

Wordpress allows you to protect the pages/posts using password ( and it's rather easyer to go this route than with htaccess ) : go to wp-admin, edit the page/post you like to keep private but allow access to some users too, and right under the "preview changes" button you'll see "Status: Published Edit" and beneth it "Visibility: Public Edit" click the visibility edit, select the Password Protected radiobox ( or private for that matter ) enter a password and hit Ok . You should be good to go .

I was able to do this by:

  1. Creating a directory structure on the file system that is protected by .htaccess.
  2. Adding a custom field to any page that I want to protect that specifies which directory is used to protect it.
  3. Modifying the page.php template to restrict access to the page depending on whether the user has access to the directory specified by the custom field.

The specific steps are as follows:

  1. Create a directory "groups" inside the wp-content directory.

  2. Create wp-content/groups/index.php with the following content:

    <?php
require( dirname(__FILE__) . '/../../wp-load.php' );
class CASGroupAuth {
    static function authenticate(){
        $groups = @$_SESSION['cas-groups'];
        if ( !$groups ) $groups = array();
        $groupdir = basename(dirname($_SERVER['PHP_SELF']));
        $groups[$groupdir] = true;
        $_SESSION['cas-groups'] = $groups;
        if (!@$_GET['redirect_to'] ){
            die("You didn't provide a redirect");
        }
        header('Location: '.$_GET['redirect_to']);
        exit;
    }
}
CASGroupAuth::authenticate();
  3. Create a subdirectory "mygroup" inside the "groups" directory.

  4. Create a symbolic link to the groups/index.php within the mygroups directory. I.e. 

    $ cd mygroup
$ ln -s ../index.php index.php

  5. Add an .htaccess file to your groups/mygroup directory with the appropriate access restrictions. In my case I was using the CAS apache module, so my .htaccess file looked like:

    AuthType CAS
require sfu-user shannah !my-maillist

  6. Modify the the page.php template in my theme (i.e. inside wp-content/themes/mytheme/) to be:

    <?php if (have_posts()) : the_post(); 
$group = get_post_meta(get_the_ID(), 'cas-group', true);
if ( trim($group) ){
    $group = trim($group);
    $existingGroups = @$_SESSION['cas-groups'];
    if ( !$existingGroups or !@$existingGroups[$group] ){
        nocache_headers();
        header('HTTP1.1 302 Moved Temporarily');
        header('Location: ' . get_settings('siteurl') . '/wp-content/groups/'.basename($group).'/index.php?redirect_to='.urlencode($_SERVER['REQUEST_URI']));
        header('Status: 302 Moved Temporarily');
        exit;
    }
}

?>
<?php get_header(); ?>

    <div id="content" class="narrowcolumn">


        <div id="PageTitle"><!-- TemplateBeginEditable name="PageTitle" --><?php the_title();  ?><!-- TemplateEndEditable --></div>
        <div class="post" id="post-<?php the_ID(); ?>">
            <div class="entry">
                <?php the_content('<p class="serif">Read the rest of this page &raquo;</p>'); ?>



            </div>
        </div>

    <?php edit_post_link('Edit this entry.', '<p>', '</p>'); ?>
    </div>


<?php get_footer(); ?>
<?php endif; ?>

The important part of this is the section at the top, as the code the checks the cas-groups custom field and redirects the user, needs to run before any output has been sent to the browser. To do this, I rearranged where the position of the if (has_posts()) statement to wrap the entire page rather than just the content - as it is in the default template.

At this point, if you add a custom field to any page of the wordpress site with name "cas-group" and value "mygroup", then access to that page will be properly limited to users who have access to your groups/mygroup directory based on the rules in its .htaccess file.

If you want to have different groups, you can just make a copy of the mygroup directory and modify the .htaccess file restrictions inside it.

All you need to do is put the .htaccess file in the "members" directory and then point the first line to a password file. To create your password file just do:

htpasswd -c MyPasswordFile username
htpasswd MyPasswordFile anotherusername

Here's a good reference:

http://httpd.apache.org/docs/current/howto/htaccess.html

继续阅读:.htaccesswordpress

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9