WordPress

  1. (System) How to use the secure password-locked page (Jun 5, 2012; June 26, 2012)

Question: (System) How to use the secure password-locked page (Jun 5, 2012; June 26, 2012)

Answer:

Fortunately, WordPress 3.4 seemed to support this issue.

Please deactivate the following custom filter because the password locked page cannot be unlocked due to the change of the password unlocking process in WordPress 3.4.


- Related information: Cannot work under Password Lock page in “WordPress HTTPS” forum.



First of all, you need to build the SSL system (https).

Wordpress has the issue that the password lock function does not work when the site url is changed.

Because the action url of the password-locked input form uses “site url”.



For example, I explain in case of using “Secure post” function in “WordPress HTTPS” plugin.

  1. Change http:// to https:// by “Secure post” function in “WordPress HTTPS” plugin.
  2. But, the password-locked input form is still “http://”.
  3. Therefore, even if the password is inputted, anybody cannot access to the secure pages.

I’d like to explain more concretely.

  1. Access to http://sample.com/test (password-locked page)
  2. Change to https://sample.com/test automatically
  3. Display the input password page.
  4. Input Password and click on “Send” button.
  5. Run http://*******/wp-pass.php, but cannot access to http://sample.com/test because the page is in https://sample.com/test.



As a result, I could implement to overwrite my_password_form() in wp-includes/post-templete.php.

By overwriting the function, please add the following php code to the function.php in your theme.

/** Overwrite the password lock form in wp-includes/post-templete.php
 *
 * @ Kimiya Kitani (kitani@cseas.kyoto-u.ac.jp) June 5, 2012
 *
 * By adding the function, you can use the secure password lock page with "Wordpress HTTPS" plug-in.
 */
function my_password_form() {
   global $post;
   $label = 'pwbox-'.(empty($post->ID) ? rand() : $post->ID);
 
   // If the page is equipped with SSL (https), the action url of the password lock form changes to https link.
 
   if(function_exists('is_ssl') && is_ssl())
	$site_url = get_site_url(null, '', 'https');
   else
	$site_url = get_site_url(null, '', 'http');
 
   $output = '<form action="' . $site_url . '/wp-pass.php" method="post">
   <p>' . __("This post is password protected. To view it please enter your password below:") . '</p>
   <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p>
        </form>
  ';
    return $output;
}
add_filter( 'the_password_form', 'my_password_form' );

© Kimiya Kitani

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Pagetop