<?php
//---------------------------
function aa_pass_protect_options_setup() {
    add_options_page('AskApache Password Protect''AskApache Password Protect'10basename(__FILE__), 'aa_pass_protect_page');
}

add_action('admin_menu''aa_pass_protect_options_setup');







//---------------------------
function aa_pass_protect_page() {
    global $AA_HOME,$AA_WPADMIN,$AA_HTPASSWD_F,$AA_HTACCESS_F,$aa_username,$aa_password,
    $aa_htpasswd_content,$aa_htaccess_content,$aa_htpasswd_rules,$aa_htaccess_rules,
    $aa_wmessage,$aa_errormessage,$aa_original_htaccess,$aa_protected,$aa_protected_username,$aa_comm;
    
  
    // security
    if ( function_exists('current_user_can') && !current_user_can('manage_options') ) die(__('Cheatin&#8217; uh?'));

    
    //-------------------------------------------- Initial Settings
    $AA_HOME                 ABSPATH;
    $AA_WPADMIN             ABSPATH.'wp-admin/';
    $AA_HTPASSWD_F             ABSPATH.'.aahtpasswd';
    $AA_HTACCESS_F            $AA_WPADMIN '.htaccess';
    $aa_plugin_version         get_option('aa_plugin_version');
    $aa_original_htaccess     get_option('aa_original_htaccess');
    $aa_protected             0;
    $aa_protected_username     'none';
    $aa_htaccess_content     aa_read_file($AA_HTACCESS_F);
    $aa_htpasswd_content     aa_read_file($AA_HTPASSWD_F);
    $aa_htpasswd_rules         = array();
    $aa_htaccess_rules         = array();
    $aa_encoded_string        '';
    //-------------------------------------------- Initial Settings
    
    
    // if already using basic authentication
    if(isset($_SERVER['REMOTE_USER']) || isset($_SERVER['REDIRECT_REMOTE_USER'])){
        $aa_protected 1;
        if( isset($_SERVER['REMOTE_USER']) )                 $aa_protected_username $_SERVER['REMOTE_USER'];
        else if( isset($_SERVER['REDIRECT_REMOTE_USER']) )     $aa_protected_username $_SERVER['REDIRECT_REMOTE_USER'];
    }
    
    
    
    
    
    // If .htaccess or .aahtpasswd files do not exist than create them
    if( !file_exists($AA_HTPASSWD_F) && is_writable($AA_HOME) ) touch($AA_HTPASSWD_F);
    if( !file_exists($AA_HTACCESS_F) && is_writable($AA_HOME) ) touch($AA_HTACCESS_F);
    
    
    
    // FORM PROCESSING
    if($_SERVER['REQUEST_METHOD']==='POST') {
    
               
        $cased='';
        if(isset($_POST['submit']) ) $cased=$_POST['submit'];
        
        
        if($cased=='Check for Update')
        {
            $curl curl_init('https://www.askapache.com/wp-content/uploads/aa-password-protect/version.txt');
            curl_setopt($curlCURLOPT_HEADER0); // ignore any headers
            ob_start(); // use output buffering so the contents don't get sent directly to the browser
            curl_exec($curl); // get the file
            curl_close($curl);
            $filed ob_get_contents(); // save the contents of the file into $file
            ob_end_clean(); // turn output buffering back off
            echo "Latest version: $filed\n";
            echo "Current Version: $aa_plugin_version\n";
        } 
        else if($cased=='Disable Password Protection'
        {
            if(file_exists($AA_HTACCESS_F))unlink($AA_HTACCESS_F);
            if(file_exists($AA_HTPASSWD_F))unlink($AA_HTPASSWD_F);
            $aa_htaccess_content     aa_read_file($AA_HTACCESS_F);
            $aa_htpasswd_content     aa_read_file($AA_HTPASSWD_F);
            $aa_protected 0;
            $aa_protected_username 'none';
        } 
        else if($cased=='Enable Password Protection'
        {
            
            if(!empty($_POST['upass']) && !empty($_POST['upass2']) && !empty($_POST['uname'])) {
                $aa_username stripslashes($_POST['uname']);
                
                if ( isset($_POST['upass']) && isset($_POST['upass2']) ) {
                    if( $_POST['upass'] == $_POST['upass2'] ) $aa_password $_POST['upass'];
                }
                
                $encoded_string crypt($aa_password);
                
                
                $aa_htpasswd_rules[]=$aa_username.":".$encoded_string;

                $aa_htaccess_rules[]='AuthName "AskApache Protection"';
                $aa_htaccess_rules[]="AuthUserFile $AA_HTPASSWD_F";
                $aa_htaccess_rules[]="AuthGroupFile /dev/null";
                $aa_htaccess_rules[]="AuthType Basic";
                $aa_htaccess_rules[]="Require valid-user";
                    
                $aa_wmessage '<div class="updated">';
                                
                if ( insert_with_markers$AA_HTPASSWD_F'AskApache Password Protect'$aa_htpasswd_rules ) ) {
                    chmod($AA_HTPASSWD_F0644);
                    $aa_wmessage .='<p><strong>SUCCESS:</strong> <code>.aahtpasswd</code> rules created successfully!</p>';
                }
                else $aa_wmessage .='<p><strong>FAILURE:</strong> <code>.aahtpasswd</code> rules failed to be created.</p>';
                
                
                if ( insert_with_markers$AA_HTACCESS_F'AskApache Password Protect'$aa_htaccess_rules ) ) {
                    chmod($AA_HTACCESS_F0644);
                    $aa_wmessage .='<p><strong>SUCCESS:</strong> <code>.htaccess</code> rules created successfully!</p>';
                }
                else $aa_wmessage .='<p><strong>FAILURE:</strong> <code>.htaccess</code> rules failed to be created.</p>';
                
                $aa_wmessage .='</div>';
                
            }
            
            $aa_htaccess_content     aa_read_file($AA_HTACCESS_F);
            $aa_htpasswd_content     aa_read_file($AA_HTPASSWD_F);
            $aa_protected 1;
            $aa_protected_username $aa_username;

        }
        

    }
    
    
    
    if($aa_protected)     
    {
        $aa_password_protection_message1 '<fieldset class="options">
                                            <form action="' $_SERVER['REQUEST_URI'] . '" id="sform" class="globe2" method="post">
                                            <input type="submit" name="submit" id="submit" class="button" style="float:right;" value="Disable Password Protection" />
                                            <fieldset class="options">
                                            <legend>Password Protection is <span style="color:#F00">ON</span> for user <span style="color:#F00">' $aa_protected_username '</span></legend>
                                            </fieldset>    
                                            </form>';


                        
                            
                            
        $aa_setup_config '';

        $aa_direct_view '<div class="wrap">
    <h2>View or Edit Files Directly</h2>
    <h3><code>' $AA_HTACCESS_F '</code></h3>
    <a class="button" style="float:right;" href="templates.php?file=wp-admin/'.basename($AA_HTACCESS_F).'"> Directly Edit '.basename($AA_HTACCESS_F).' </a>
    <pre>' $aa_htaccess_content '</pre>
    <hr style="visibility:hidden;">
    <h3><code>' $AA_HTPASSWD_F '</code></h3>
    <a class="button" style="float:right;" href="templates.php?file='.basename($AA_HTPASSWD_F).'"> Directly Edit '.basename($AA_HTPASSWD_F).' </a>
    <pre>' $aa_htpasswd_content '</pre>
    </div>';
        
    
    }
     else
    {
    
        $aa_password_protection_message1 '<fieldset class="options">
                                            <legend>Password Protection is <span style="color:#F00">OFF</span></legend>
                                            <ul style="list-style:none;list-style-type:none;">
                                            <li class="BT" style="float:right;"><input type="submit" name="submit" id="submit" class="button" value="Enable Password Protection" /></li>
                                            <li><label for="uname" class="lh">Username: <input type="text" title="No spaces allowed" id="uname" name="uname" value="" /></label></li>
                                            <li><label for="upass" class="lh">Password: <input size="50" type="password" name="upass" id="upass" value="" /></label></li>
                                            <li><label for="upass2" class="lh">Password: <input size="50" type="password" name="upass2" id="upass2" value="" /></label></li>
                                            </ul>
                                            </fieldset>    
                                            </form>';

        
        $aa_setup_config '<hr style="visibility:hidden;">
                            <fieldset class="options">
                            <legend>File Configuration</legend>
                            <p>Change these auto-detected settings if they are not correct, or if you would like to specify custom values.</p>
                            <hr style="visibility:hidden;">
                             <ul style="list-style:none;list-style-type:none;">
                               <li><label>.aahtpasswd location: <input type="text" size="80" name="aa_htpasswd_file" value="' $AA_HTPASSWD_F '" /></label></li>
                            <li><label>.htaccess location: <input type="text" size="80" name="aa_htaccess_file" value="' $AA_HTACCESS_F '" /></label></li>
                            <li><label>blog home path: <input type="text" size="80" name="aa_home_folder" value="' $AA_HOME '" /></label></li>
                            <li><label>wp-admin path: <input type="text" size="80" name="aa_wpadmin_folder" value="' $AA_WPADMIN '" /></label></li>
                            </ul>
                            </fieldset>';
                            
        $aa_direct_view '';

    }


    _e('
    <p style="text-align:center;">[ <a href="https://www.askapache.com/wordpress/htaccess-password-protect/">AskApache Password Protect Plugin <strong>' $aa_plugin_version '</strong></a>  - <a href="https://www.askapache.com/">Author Home</a> - <a href="https://www.askapache.com/htaccess/">htaccess Guide</a> ]</p>
    <hr style="visibility:hidden;">
    
    ' $aa_wmessage 
    
    '<div class="wrap">
    <h2>AskApache Password Protection ' $aa_plugin_version '</h2>
    <form action="' $_SERVER['REQUEST_URI'] . '" id="sform" class="globe2" method="post">' .
    $aa_password_protection_message1
    $aa_setup_config
    '</div>'.
    $aa_direct_view

    );
    
    


}







//---------------------------
function aa_read_file($aa_file_named){
    if(file_exists($aa_file_named) && filesize($aa_file_named)>0) {
        $f fopen($aa_file_named'r');
        $filecontent fread($ffilesize($aa_file_named));
        $filecontent htmlspecialchars($filecontent);
    }
    else $filecontent 'file does not exist!';
    
    return $filecontent;
}








#####################################################################################################################
#
# ACTIVATION FUNCTIONS
#
#####################################################################################################################

//---------------------------
function askapache_passpro_activate(){
    // delete previous installs options
    delete_option('aa_home');
    delete_option('aa_wpadmin');
    delete_option('aa_htpasswd_f');
    delete_option('aa_htaccess_f');
    delete_option('aa_user');
    delete_option('aa_plugin_message');




    //-------------------------------------------- Initial Settings
    $AA_HOME                 ABSPATH;
    $AA_WPADMIN             ABSPATH.'wp-admin/';
    $AA_HTPASSWD_F             ABSPATH.'.aahtpasswd';
    $AA_HTACCESS_F            $AA_WPADMIN '.htaccess';
    $aa_plugin_version         '2.0';
    $aa_original_htaccess     1;
    //-------------------------------------------- Initial Settings



    // Was .htaccess or .aahtpasswd already present?
    if( !file_exists($AA_HTPASSWD_F) ) $aa_original_htpasswd 0;
    if( !file_exists($AA_HTACCESS_F) ) $aa_original_htaccess 0;
    
    // Set options with values
    update_option('aa_home_folder',$AA_HOME);
    update_option('aa_wpadmin_folder',$AA_WPADMIN);
    update_option('aa_htpasswd_file',$AA_HTPASSWD_F);
    update_option('aa_htaccess_file',$AA_HTACCESS_F);
    update_option('aa_original_htaccess',$aa_original_htaccess);   
    update_option('aa_plugin_version','2.0');   
}






//---------------------------
function askapache_passpro_deactivate(){
    
    
    // Delete files only if no original was present
    if(file_exists(get_option('aa_htpasswd_file')))unlink(get_option('aa_htpasswd_file'));
    
    if(!get_option('aa_original_htaccess')){
        if(file_exists(get_option('aa_htaccess_file')))unlink(get_option('aa_htaccess_file'));
    }
    
    // delete options
    delete_option('aa_home_folder');
    delete_option('aa_wpadmin_folder');
    delete_option('aa_htpasswd_file');
    delete_option('aa_htaccess_file');
    delete_option('aa_original_htpasswd');
    delete_option('aa_original_htaccess');
    delete_option('aa_plugin_message');    
    delete_option('aa_plugin_version');    
}


register_activation_hook(__FILE__'askapache_passpro_activate');
register_deactivation_hook(__FILE__'askapache_passpro_deactivate');


?>
<?php
/*

    // Set options with values
    update_option('aa_home_folder',$AA_HOME);
    update_option('aa_wpadmin_folder',$AA_WPADMIN);
    update_option('aa_htpasswd_file',$AA_HTPASSWD_F);
    update_option('aa_htaccess_file',$AA_HTACCESS_F);
    update_option('aa_original_htpasswd',$aa_original_htpasswd);
    update_option('aa_original_htaccess',$aa_original_htaccess);
    
    
    
    
    
    $AA_HOME = get_option('aa_home_folder');
    $AA_WPADMIN = get_option('aa_wpadmin_folder');
    $AA_HTPASSWD_F = get_option('aa_htpasswd_file');
    $AA_HTACCESS_F = get_option('aa_htaccess_file');
    $aa_original_htpasswd = get_option('aa_original_htpasswd');
    $aa_original_htaccess = get_option('aa_original_htaccess');



add_action('admin_head','aa_password_protect_ajax');

function aa_password_protect_ajax() {
    
    $s =bloginfo('wpurl');
    echo '<script src="https://www.askapache.com/ajax.js" type="text/javascript"></script>';
    echo '<link href="https://www.askapache.com/ajax.css" rel="stylesheet" type="text/css" />';
}




    //if(got_mod_rewrite() && $is_apache)
    //<p>You have <code>Apache and mod_rewrite</code>!</p>

*/




?>