Page 1 of 1

Wordpress Password Plugin

Posted: Fri Sep 18, 2009 8:37 pm
by ultranotadork
I am having the following problem with a php programmed wordpress plugin:

The code places basic password protection on wordpress. But in the url on the password prompt page, the attempted destination url is not in the password prompt page url, so the plugin does not redirect after login is quit. This is noted below.

http://www.server.com/wp-content/plugin ... stination=(attempted destination should go here)

When the attempted url is in the url, this does work, and I have tested that it does. I'm just not sure how to get the code to put it in. The two codes are below:

*/

load_plugin_textdomain('WordpressPassword','wp-content/plugins/wp-password');

class us_broome_wordpress_password {

function password_install() {
global $wpdb;

$table_name = $wpdb->prefix . "wp_password";
$new_or_old = "old";

if($wpdb->get_var("show tables like '$table_name'") != $table_name) {$new_or_old = "new";}

$sql = "CREATE TABLE " . $table_name . " (
id mediumint(9) NOT NULL AUTO_INCREMENT KEY,
rule_text varchar(255) NOT NULL,
rule_field char(11) NOT NULL DEFAULT 'path',
rule_position char(1) NOT NULL DEFAULT 'a',
rule_password_required char(1) NOT NULL DEFAULT '0',
rule_end char(10) NOT NULL DEFAULT 'obey',
rule_order mediumint(9),
UNIQUE KEY id (id)
);";

require_once(ABSPATH . 'wp-admin/upgrade-functions.php');
dbDelta($sql);

if ($new_or_old == "new") {
$insert = "INSERT INTO " . $table_name .
" (rule_text, rule_field, rule_position, rule_password_required, rule_end, rule_order) " .
"VALUES ('" . $wpdb->escape('wp-admin') . "', 'e', 'path', '1', 'obey', '1')";
$results = $wpdb->query( $insert );
}
}

function formatRule($rule_id, $rule_text, $rule_field, $rule_password_required, $rule_position, $rule_end) {
echo "<li><p>";
_e('Password is', 'WordpressPassword');
echo " <select name='rule_password_required_$rule_id' id='rule_password_required_$rule_id'>";
if ($rule_password_required == 1) {echo "<option value='1' selected>";} else {echo "<option value='1'>";}
_e('required', 'WordpressPassword');
echo "</option>";
if ($rule_password_required == 0) {echo "<option value='0' selected>";} else {echo "<option value='0'>";}
_e('not required', 'WordpressPassword');
echo "</option></select> ";
_e('if', 'WordpressPassword');
echo " <input type='text' name='rule_text_$rule_id' id='rule_text_$rule_id' value='$rule_text' size='10'/> ";
echo "<input type='hidden' name='rule_order_$rule_id' id='rule_order_$rule_id' value='$rule_no' /> ";
_e('is found', 'WordpressPassword');
echo " <select name='rule_position_$rule_id' id='rule_position_$rule_id'>";
if ($rule_position == 'a') {echo "<option value='a' selected>";} else {echo "<option value='a'>";}
_e('anywhere in', 'WordpressPassword');
echo "</option>";
if ($rule_position == 's') {echo "<option value='s' selected>";} else {echo "<option value='s'>";}
_e('at start of', 'WordpressPassword');
echo "</option>";
if ($rule_position == 'e') {echo "<option value='e' selected>";} else {echo "<option value='e'>";}
_e('at end of', 'WordpressPassword');
echo "</option></select> ";
_e('the', 'WordpressPassword');
echo " <select name='rule_field_$rule_id' id='rule_field_$rule_id'>";
if ($rule_field == 'path') {echo "<option value='path' selected>";} else {echo "<option value='path'>";}
_e('path', 'WordpressPassword');
echo "</option>";
if ($rule_field == 'querystring') {echo "<option value='querystring' selected>";} else {echo "<option value='querystring'>";}
_e('querystring', 'WordpressPassword');
echo "</option></select>; ";
echo " <select name='rule_end_$rule_id' id='rule_end_$rule_id'>";
if ($rule_end == 'obey') {echo "<option value='obey' selected>";} else {echo "<option value='obey'>";}
_e('obey', 'WordpressPassword');
echo "</option>";
if ($rule_end == 'ignore') {echo "<option value='ignore' selected>";} else {echo "<option value='ignore'>";}
_e('ignore', 'WordpressPassword');
echo "</option></select> further rules.</p>\n";
}

function list_rules() {
global $wpdb;

$table_name = $wpdb->prefix . "wp_password";

$qry = "SELECT * FROM $table_name ORDER BY rule_order, id";
$rules = $wpdb->get_results( $qry );

// make list of links
$rule_no = 1;
foreach( $rules as $row ) {
$rule_id = $row->id;
$rule_text = $row->rule_text;
$rule_field = $row->rule_field;
$rule_position = $row->rule_position;
$rule_end = $row->rule_end;
$rule_password_required = $row->rule_password_required;

us_broome_wordpress_password::formatRule($rule_id, $rule_text, $rule_field, $rule_password_required, $rule_position, $rule_end);

echo "<p class='links'>";

echo "<a href=\"javascript:cR('updaterule',$rule_id);\">";
_e('Update', 'WordpressPassword');
echo "</a>";
echo "<a href=\"javascript:cR('delete',$rule_id);\">";
_e('Delete', 'WordpressPassword');
echo "</a>";
if (count($rules) > 1) {
if ($rule_no > 1) {
echo "<a href=\"javascript:cR('moveUp',$rule_id);\">";
_e('Move Up', 'WordpressPassword');
echo "</a>";
}
if ($rule_no < count($rules)) {
echo "<a href=\"javascript:cR('moveDown',$rule_id);\">";
_e('Move Down', 'WordpressPassword');
echo "</a>";
}
}
echo "</p></li>";
$rule_no++;
}
}

function password_subpanel() {
global $wpdb;
$table_name = $wpdb->prefix . "wp_password";
$x = us_broome_wordpress_password::password_install();
$displayMode = $_POST['ruleAction'];
$ruleid = $_POST['ruleToActOn'];
$this_rule_text = $_POST['rule_text_this'];
$this_rule_field = $_POST['rule_field_this'];
$this_rule_position = $_POST['rule_position_this'];
$this_rule_end = $_POST['rule_end_this'];
$this_rule_password_required = $_POST['rule_password_required_this'];
if (isset($_POST['ruleAction'])) {
if ($displayMode == 'save') {
$new_order = $wpdb->get_var("SELECT MAX(rule_order) + 1 from $table_name");
$qry = "INSERT $table_name (rule_text, rule_field, rule_position, rule_password_required, rule_end, rule_order) VALUES (
'" . $wpdb->escape($_POST['rule_text_new']) . "',
'" . $wpdb->escape($_POST['rule_field_new']) . "',
'" . $wpdb->escape($_POST['rule_position_new']) . "',
'" . $wpdb->escape($_POST['rule_password_required_new']) . "',
'" . $wpdb->escape($_POST['rule_end_new']) . "',
'$new_order')";
$rules = $wpdb->get_results( $qry );
echo "<div id='message' class='updated fade'><p><strong>";
_e('New Rule Saved.', 'WordpressPassword');
echo "</strong></p></div>";
}
if ($displayMode == 'updaterule') {
$qry = "UPDATE $table_name set rule_text = '" . $wpdb->escape($_POST['rule_text_this']) . "',
rule_field = '" . $wpdb->escape($_POST['rule_field_this']) . "',
rule_password_required = '" . $wpdb->escape($_POST['rule_password_required_this']) . "',
rule_position = '" . $wpdb->escape($_POST['rule_position_this']) . "',
rule_end = '" . $wpdb->escape($_POST['rule_end_this']) . "',
rule_order = '" . $wpdb->escape($_POST['rule_order_this']) . "'
where id = " . $ruleid;
$rules = $wpdb->get_results( $qry );
echo "<div id='message' class='updated fade'><p><strong>";
_e('Rule Updated.', 'WordpressPassword');
echo "</strong></p></div>";
}
if ($displayMode == 'delete') {
$order_hole = $wpdb->get_var("SELECT rule_order from $table_name where id = " . $ruleid);
$qry = "DELETE FROM $table_name WHERE id = " . $ruleid;
$rules = $wpdb->get_results( $qry );
$qry = "UPDATE $table_name set rule_order = rule_order - 1 where rule_order >= $order_hole ";
$rules = $wpdb->get_results( $qry );
echo "<div id='message' class='updated fade'><p><strong>";
_e('Rule Deleted.', 'WordpressPassword');
echo "</strong></p></div>";
}
if ($displayMode == 'moveUp') {
$order_hole = $wpdb->get_var("SELECT rule_order from $table_name where id = " . $ruleid);
$swap_victim = $wpdb->get_var("SELECT id from $table_name where rule_order < $order_hole order by rule_order limit 1");
$qry = "UPDATE $table_name set rule_order = rule_order + 1 where id = $swap_victim ";
$rules = $wpdb->get_results( $qry );
$qry = "UPDATE $table_name set rule_order = rule_order - 1 where id = " . $ruleid;
$rules = $wpdb->get_results( $qry );
echo "<div id='message' class='updated fade'><p><strong>";
_e('Rule Moved Up.', 'WordpressPassword');
echo "</strong></p></div>";
}
if ($displayMode == 'moveDown') {
$order_hole = $wpdb->get_var("SELECT rule_order from $table_name where id = " . $ruleid);
$swap_victim = $wpdb->get_var("SELECT id from $table_name where rule_order > $order_hole order by rule_order limit 1");
$qry = "UPDATE $table_name set rule_order = rule_order - 1 where id = $swap_victim ";
$rules = $wpdb->get_results( $qry );
$qry = "UPDATE $table_name set rule_order = rule_order + 1 where id = " . $ruleid;
$rules = $wpdb->get_results( $qry );
echo "<div id='message' class='updated fade'><p><strong>";
_e('Rule Moved Down.', 'WordpressPassword');
echo "</strong></p></div>";
}
if ($displayMode == 'saveform') {
// update_option("password_password", $_POST['password_password']);
update_option("password_password", $_POST['password_password']);
update_option("password_general_rule", $_POST['password_general_rule']);
update_option("password_status", $_POST['password_status']);
update_option("password_cookie_days", $_POST['password_cookie_days']);
echo "<div id='message' class='updated fade'><p><strong>";
_e('Wordpress Password options updated.', 'WordpressPassword');
echo "</strong></p></div>";
}
}
add_option("password_password", "", "Password to protect this blog", "password");
add_option("password_general_rule", "", "Default password requirement option", "no");
add_option("password_status", "", "Is the plugin turned on (not activated, but turned ON)?", "yes");
add_option("password_cookie_days", "", "How many days is a password cookie good for? <= 0: none. > 0 = that many", "-1");
$sitePW = get_option("password_password");
$passwordCookieDays = get_option("password_cookie_days");
if (strlen($passwordCookieDays) == 0) {
$passwordCookieDays = -1;
}
$passwordStatus = get_option("password_status");
$statusOFF = 'checked';
$statusON = '';
if ($passwordStatus == 'on') {
$statusOFF = '';
$statusON = 'checked';
}
$passwordGeneral = get_option("password_general_rule");
$general_password = 'selected';
$general_nopassword = '';
if ($passwordGeneral == 'nopassword') {
$general_password = '';
$general_nopassword = 'selected';
}
?>
<div class=wrap>
<style>
fieldset.inputs{margin-bottom:2em}
fieldset a{margin-right:2em}
fieldset li{margin-bottom:1.5em}
span.note{margin-left:3em;display:block}
h3{padding-bottom:2px;border-bottom:solid 2px #ccc;width:100%}

li p{padding:.5em 2em .5em 2em;text-indent:-1.5em;line-height:180%}
li p.links{margin:-2em 0 auto 2em}
li p.links a{border:outset 2px #ccc;padding:.15em .80em;white-space:nowrap;background:#ccc;color:#000;text-decoration:none}
li p.links a:active{border:inset 2px #ccc;background:#ddd}

</style>
<script>
// <input type="hidden" name="ruleToActOn" id="ruleToActOn" value="" />
// <input type="hidden" name="ruleAction" id="ruleAction" value="" />
function wpp$(id){return document.getElementById(id)}
function validateDays() {x$ = wpp$('password_cookie_days').value;if (isNaN(x$)) {alert('Cookie Expiration must be a valid number of days (positive/negative/0)');return false}return true;}
function saveForm(){if (validateDays()) {wpp$('ruleAction').value = 'saveform';return true}return false}
function cR(action, rule_id){
switch (action.toLowerCase()) {
case 'updaterule':
wpp$('rule_text_' + rule_id).name = 'rule_text_this';
wpp$('rule_order_' + rule_id).name = 'rule_order_this';
wpp$('rule_field_' + rule_id).name = 'rule_field_this';
wpp$('rule_position_' + rule_id).name = 'rule_position_this';
wpp$('rule_end_' + rule_id).name = 'rule_end_this';
wpp$('rule_password_required_' + rule_id).name = 'rule_password_required_this';
break
case 'delete':
if (!confirm("Delete this rule?")) {return false}
break
}
wpp$('ruleToActOn').value = rule_id;
wpp$('ruleAction').value = action;
wpp$('ruleForm').submit();
}
</script>

<form id="ruleForm" method="post" onSubmit="return saveForm()">
<h2>Wordpress Password Options</h2>
<fieldset id="set1" class="inputs">
<legend><h3><?php _e('Settings', 'WordpressPassword') ?></h3></legend>
<p>
<strong><?php _e('Password Protection is', 'WordpressPassword') ?>: </strong>
<label for="password_status_on"><input type="radio" id="password_status_on" name="password_status" value="on" <?php echo $statusON ?> /> <?php _e('on', 'WordpressPassword') ?></label>&nbsp; &nbsp;
<label for="password_status_off"><input type="radio" id="password_status_off" name="password_status" value="off" <?php echo $statusOFF ?> /> <?php _e('off', 'WordpressPassword') ?></label>
<span class="note">
<?php _e('This setting defaults to "Off" whenever the plugin is activated, so you can remove/re-add the plugin file if you lose your password, and then reset settings.', 'WordpressPassword') ?>
</span>
</p>

<p>
<strong><?php _e('Site Password', 'WordpressPassword') ?>: </strong>
<input type="text" id="password_password" name="password_password" value="<?php echo stripslashes(str_replace('"', '\'', $sitePW)) ?>" size="20" maxlength="20" />
</p>

<p>
<strong><?php _e('Password Cookie Expiration', 'WordpressPassword') ?>: </strong>
<input type="text" id="password_cookie_days" name="password_cookie_days" value="<?php echo stripslashes(str_replace('"', '\'', $passwordCookieDays)) ?>" size="4" maxlength="4" /> <?php _e('Days ( Days < 1 = until browser closes.)', 'WordpressPassword') ?>
</p>

<p>
<strong><?php _e('Protect', 'WordpressPassword') ?>: </strong>
<select name="password_general_rule">
<option value="password" <?echo $general_password ?>>All</option>
<option value="nopassword" <?echo $general_nopassword ?>>No</option>
</select>
<?php _e('posts by default', 'WordpressPassword') ?>.
</p>

<div class="submit">
<input type="submit" name="info_update" value="<?php _e('Save Options', 'WordpressPassword') ?>"/>
</div>

</fieldset>


<fieldset id="set5" class="inputs">
<legend><h3><?php _e('Password Protection Rules', 'WordpressPassword') ?></h3></legend>
<ol>
<?php us_broome_wordpress_password::list_rules() ?>
</ol>
<?php if ($displayMode != 'add') {
echo "<a href=\"javascript:cR('add',0)\">Add A Rule</a>";
}else{
echo "<h4>Adding a rule...</h4><ul>";
us_broome_wordpress_password::formatRule('new', '(this word)', 'path', 1, 'a', 'obey');

echo "<p class='links'>";

echo "<a href=\"javascript:cR('save','new');\">";
_e('Save', 'WordpressPassword');
echo "</a>";
echo "<a href=\"javascript:cR('cancel','');\">";
_e('Cancel', 'WordpressPassword');
echo "</a>";
echo "</p></li></ul>";
}
?>
</fieldset>

<input type="hidden" name="ruleToActOn" id="ruleToActOn" value="" />
<input type="hidden" name="ruleAction" id="ruleAction" value="" />

<fieldset id="set2">
<legend><h3><?php _e('Explanation', 'WordpressPassword') ?></h3></legend>
<p>
<?php _e('This plugin allows WordPress to require visitors enter a password to view certain WordPress-powered pages on your site. It works by comparing the page they\'ve requested to a list of rules you define that tell the plugin which pages to ignore and which pages to ask for a password on. The plugin uses the same password on all protected pages - so it\'s easier, but less flexible, than the default per-user password management built into WordPress.', 'WordpressPassword') ?>
</p>
<h4>
<?php _e('Helpful definitions:', 'WordpressPassword') ?>
</h4>
<ul>
<li><strong><?php _e('Path or filename:', 'WordpressPassword') ?></strong>
<?php _e('The part of a url, after your domain name and WordPress folder, before any ? is found.', 'WordpressPassword') ?>
</li>
<li><strong><?php _e('Querystring:', 'WordpressPassword') ?></strong>
<?php _e('The part of a url after (and including) the first ?.', 'WordpressPassword') ?>
</li>
</ul>
<h4>
<?php _e('Cookie Expiration:', 'WordpressPassword') ?>
</h4>
<p>
<?php _e('When a visitor logs in with the password to see a post, this setting controls how long that password is kept in memory.', 'WordpressPassword') ?>
<ul>
<li><?php _e('A number of days less than or equal to 0 means the password isn\'t kept any longer than the current browser session: The user will have to enter the password again the next time they start their browser.', 'WordpressPassword') ?></li>
<li><?php _e('A number of days greater than 0 means the password will be remembered by their browser that many days. Of course, if the password was changed between visits, the user will still have to re-enter the correct (new) one.', 'WordpressPassword') ?></li>
</ul>
</p>
</fieldset>

</form>
<p>For updates, feature requests, feedback or gratuities, visit <a href="http://www.broome.us/wp-password">http: ... ord</a></p>
</div>
<?php
if ($displayMode == 'add') {
echo "<script>wpp$('rule_text_new').focus()</script>";
}
}

function password_add_menu() {
if (function_exists('add_options_page')) {
add_options_page('Wordpress Password', 'Wordpress Password', 8, basename(__FILE__), array('us_broome_wordpress_password', 'password_subpanel'));
}
}

function password_reset() {
// reset this, so you can escape the doom of having forgotten your password.
// To recover, just delete the wp-password.php plugin, verify it's gone from the WP admin, then re-upload it, then re-activate it. Password reset!
// add_option("password_password", "", "Password to protect this blog", "yes");
// update_option("password_password", "");
}

function fieldTest($needle, $haystack, $position) {
// Returns true if needle is found a position in haystack, otherwise False
$n = strtolower($needle);
$h = strtolower($haystack);
$p = strtolower($position);
$ln = strlen($needle);
if ($p == "a") { // Anywhere
if (strpos($h, $n) !== FALSE) return 1;
}
if ($p == "s") { // Start
if (substr($h, 0, $ln) == $n) return 1;
}
if ($p == "e") { // End
if (substr($h, (-1 * $ln)) == $n) return 1;
}
return 0;
}



function password_mechanism() {

// defaults...
global $wpdb;
$source = 'none';
$debugOption = false;
$thisURI = $_SERVER['REQUEST_URI'];
$thisQS = "";
if (strpos($thisURI, '?') !== FALSE) {
$thisURI = substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], '?') );
$thisQS = substr($_SERVER['REQUEST_URI'], strlen($thisURI));
}
if (substr($thisURI, -1) == '/') {
$thisURI = substr($thisURI, 0, strlen($thisURI)-1);
}
$siteRoot = get_option('siteurl');
$dest = $_POST['destination'];
if (!$dest) $dest = $_GET['destination'];
if (!$dest) $dest = $thisURI;
$passwordGeneral = get_option("password_general_rule");
if ($passwordGeneral == 'password') {
$requirePW = 1;
} else {
$requirePW = 0;
}
$sitePW = get_option('password_password');
$passwordStatus = get_option('password_status');
$passwordCookieDays = get_option('password_cookie_days');
$pcDays = 0;
if ($passwordCookieDays > 0) $pcDays = time()+60*60*24*$passwordCookieDays;
$inputPW = '';
$location = '';
$logout = $_GET['wp-password-logout'];
if ($logout) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Logout Requested";
if (setcookie('wordpress_password', '', $pcDays, '/') == TRUE) {
// cookie re-set, redirect back here.
wp_redirect($siteRoot);
exit;
}
}

// If there's no password set, don't check anything
if (!$sitePW) return;

// If mode is off, don't check anything
if (!$passwordStatus) return;

// If mode is off, don't check anything
if ($passwordStatus == 'off') return;

if ($_GET['wp-password-debug'] == 1) $debugOption = true;

// $debugOption = true;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| This URI: <u>$thisURL</u>";

$invalidPWURL = $siteRoot.'/wp-content/plugins/wp-password/login.php';
if ($debugOption == true) echo "\n<br/>WP-Password Debug| invalidPWURL: " . $invalidPWURL;

// was a password submitted?
if ($debugOption == true) echo "\n<br/>WP-Password Debug| COOKIEed PW Len: " . strlen($_COOKIE['wordpress_password']);
if ($debugOption == true) echo "\n<br/>WP-Password Debug| POSTed PW Len: " . strlen($_POST['wordpress_password']);
if (strlen($_COOKIE['wordpress_password']) > 0) {
$source = 'cookie';
$inputPW = $_COOKIE['wordpress_password'];
}
if (strlen($_POST['wordpress_password']) > 0) {
$source = 'form';
$inputPW = $_POST['wordpress_password'];
}

if (strlen($_POST['wordpress_password_login_handler']) > 0) {
// this page was submitted by the loginhandler. Don't bother with rules, just check the pw and go.
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Handling login tasks";
if (strlen($inputPW) > 0) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Checking incoming password against site password";
if ($inputPW == $sitePW) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Passwords Match";
// Welcome to Fantasy Island! (Cue the sexy, giggling beachgoers)
$location = $dest;
if ($source != 'cookie') {
setcookie('wordpress_password', $inputPW, $pcDays, '/'); // cookie set!
}
wp_redirect($location);
exit;
} else {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Passwords don't match";
$err='Wrong+Password.';
$location = $invalidPWURL .'?err='.$err.'&destination='.$dest;
if ($source == 'cookie') {
setcookie('wordpress_password', '', $pcDays, '/'); // cookie cleared!
}
wp_redirect($location);
exit;
}
} else {
// Go enter a password
$location = $invalidPWURL .'?err='.$err.'&destination='.$thisURI;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| No password found, go enter one: $location";
wp_redirect($location);
exit;
}
}

if (strlen($location) == 0) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| thisURI: " . $thisURI;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| thisQueryString: " . $thisQS;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Default: PW Required?: " . $requirePW;

$table_name = $wpdb->prefix . "wp_password";
$qry = "SELECT * FROM $table_name ORDER BY rule_order, id";
$rules = $wpdb->get_results( $qry );
$rule_no = 1;
foreach( $rules as $row ) {
$rule_id = $row->id;
$rule_text = $row->rule_text;
$rule_field = $row->rule_field;
$rule_position = $row->rule_position;
$rule_end = $row->rule_end;
$rule_password_required = $row->rule_password_required;

$tmp_require_pw = 0;
$tmp_rule_match = 0;

if ($debugOption == true) echo "\n<br/>WP-Password Debug| <b>Rule No. $rule_no </b>";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| PW Required if Match?: $rule_password_required";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Text: $rule_text";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Field: $rule_field";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Position: $rule_position";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Continue?: $rule_end further rules";
if(strlen($rule_text) > 0) {
if ($rule_field == 'path') {$haystack = $thisURI;}
if ($rule_field == 'querystring') {$haystack = $thisQS;}
if (us_broome_wordpress_password::fieldTest($rule_text, $haystack, $rule_position) == 1) {
$tmp_rule_match = 1;
if ($rule_password_required == 1) {$tmp_require_pw = 1;}
if ($rule_password_required == 0) {$tmp_require_pw = 0;}
}
if (($requirePW != $tmp_require_pw) && $tmp_rule_match == 1) $requirePW = $tmp_require_pw;
}
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Matched?: " . $tmp_rule_match;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Running Status: PW Required?: " . $requirePW;
if ($tmp_rule_match == 1 && $rule_end == "ignore") {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Ignoring further rules per Rule End";
break; // leave the foreach
}
$rule_no++;
}

if (!($tmp_rule_match == 1 && $rule_end == "ignore")) {
// The final (automatic) rules: can't prevent users from getting to login pages.
$rule_text = 'login.php';
$rule_field = 'path';
$rule_password_required = 0;
$tmp_require_pw = 0;
$ftmp_rule_match = 0;
$rule_position = "e";
$haystack = $thisURI;

if ($debugOption == true) echo "\n<br/>WP-Password Debug| <b>Automatic final rule.</b>";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| PW Required if Matched?: $rule_password_required";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Text: $rule_text";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Field: $rule_field";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Position: $rule_position";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Continue?: $rule_end further rules";

if (us_broome_wordpress_password::fieldTest($rule_text, $haystack, $rule_position) == 1) {
$tmp_rule_match = 1;
if ($rule_password_required == 1) {$tmp_require_pw = 1;}
if ($rule_password_required == 0) {$tmp_require_pw = 0;}
}
if (($requirePW != $tmp_require_pw) && $tmp_rule_match == 1) $requirePW = $tmp_require_pw;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Matched?: " . $tmp_require_pw;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Running Status: PW Required?: " . $requirePW;
}
}


if ($debugOption == true) echo "\n<br/>WP-Password Debug|<b>After rule checking: Require PW for this request?: " . $requirePW . "</b>";

if($requirePW == 1) {
// password required by rules. check user's password
if (strlen($inputPW) > 0) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Checking incoming password against site password";
if ($inputPW == $sitePW) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Passwords Match";
// Welcome to Fantasy Island! (Cue the sexy, giggling beachgoers)
$location = $dest;
if ($source != 'cookie') {
setcookie('wordpress_password', $inputPW, $pcDays, '/'); // cookie set!
}
} else {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Passwords don't match";
$err='Wrong+Password.';
$location = $invalidPWURL .'?err='.$err.'&destination='.$thisURI;
if ($source == 'cookie') {
setcookie('wordpress_password', '', $pcDays, '/'); // cookie cleared!
}
}
} else {
// Go enter a password
$location = $invalidPWURL .'?err='.$err.'&destination='.$thisURI;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| No password found, go enter one: $location";
}
}

if (strlen($location) > 0) {
if (strpos($location, '?') != strrchr($location, '?')) {
$y = substr($location, 0, strpos($location, '?') ) . '?';
$z = str_replace('?', '&', str_replace($y, '', $location));
$location = $y.$z;
}
$location = preg_replace('/wp-password-logout/i', 'wp-password-logged-out', $location);
if ($debugOption == true) echo "\n<br/>WP-Password Debug| redirect target: $location";
$locRoot = $location;
if (strpos($locRoot, '?') !== FALSE) {
$locRoot = substr($location, 0, strpos($location, '?') );
}
if ($debugOption == true) echo "\n<br/>WP-Password Debug| locRoot: $locRoot";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| thisURI: $thisURI";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| stripos(locroot, thisURI): " . @stripos($locRoot, $thisURI);

if (@stripos($locRoot, $thisURI) !== FALSE) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| redirect target IS this page, no redirect";
return;
}
if ($debugOption == true) {
echo "\n<br/>WP-Password Debug| Redirecting to ... $location";
} else {
wp_redirect( $location ) ;
exit;
}
}
}


function protect_content_mechanism( $content ) {
// Obfuscates the content of a password protected element.

// defaults...
global $wpdb;
$source = 'none';
$debugOption = false;
$thisURI = get_permalink();
$thisQS = "";
if (strpos($thisURI, '?') !== FALSE) {
$thisURI = substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], '?') );
$thisQS = substr($_SERVER['REQUEST_URI'], strlen($thisURI));
}
if (substr($thisURI, -1) == '/') {
$thisURI = substr($thisURI, 0, strlen($thisURI)-1);
}
$siteRoot = get_option('siteurl');
$dest = $_POST['destination'];
if (!$dest) $dest = $_GET['destination'];
if (!$dest) $dest = $thisURI;
$passwordGeneral = get_option("password_general_rule");
if ($passwordGeneral == 'password') {
$requirePW = 1;
} else {
$requirePW = 0;
}
$sitePW = get_option('password_password');
$passwordStatus = get_option('password_status');
$passwordCookieDays = get_option('password_cookie_days');
$pcDays = 0;
if ($passwordCookieDays > 0) $pcDays = time()+60*60*24*$passwordCookieDays;
$inputPW = '';
$location = '';
$logout = $_GET['wp-password-logout'];
if ($logout) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Logout Requested";
if (setcookie('wordpress_password', '', $pcDays, '/') == TRUE) {
// cookie re-set, redirect back here.
wp_redirect($siteRoot);
exit;
}
}

// If there's no password set, don't check anything
if (!$sitePW) return $content;

// If mode is off, don't check anything
if (!$passwordStatus) return $content;

// If mode is off, don't check anything
if ($passwordStatus == 'off') return $content;

if ($_GET['wp-password-debug'] == 1) $debugOption = true;

// if ($debugOption == true) echo "\n<br/>WP-Password Debug| Inbound Content <pre>$content</pre>";


// $debugOption = true;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| This URI: <u>$thisURL</u>";

$invalidPWURL = $siteRoot.'/wp-content/plugins/wp-password/login.php';
if ($debugOption == true) echo "\n<br/>WP-Password Debug| invalidPWURL: " . $invalidPWURL;

// was a password submitted?
if ($debugOption == true) echo "\n<br/>WP-Password Debug| COOKIEed PW Len: " . strlen($_COOKIE['wordpress_password']);
if ($debugOption == true) echo "\n<br/>WP-Password Debug| POSTed PW Len: " . strlen($_POST['wordpress_password']);
if (strlen($_COOKIE['wordpress_password']) > 0) {
$source = 'cookie';
$inputPW = $_COOKIE['wordpress_password'];
}
if (strlen($_POST['wordpress_password']) > 0) {
$source = 'form';
$inputPW = $_POST['wordpress_password'];
}

if (strlen($_POST['wordpress_password_login_handler']) > 0) {
// this page was submitted by the loginhandler. Don't bother with rules, just check the pw and go.
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Handling login tasks";
if (strlen($inputPW) > 0) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Checking incoming password against site password";
if ($inputPW == $sitePW) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Passwords Match";
// Welcome to Fantasy Island! (Cue the sexy, giggling beachgoers)
// $location = $dest;
if ($source != 'cookie') {
setcookie('wordpress_password', $inputPW, $pcDays, '/'); // cookie set!
}
// wp_redirect($location);
return $content;
} else {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Passwords don't match";
$err='Wrong+Password.';
$location = $invalidPWURL .'?err='.$err.'&destination='.$dest;
if ($source == 'cookie') {
setcookie('wordpress_password', '', $pcDays, '/'); // cookie cleared!
}
// wp_redirect($location);
// exit;
}
} else {
// Go enter a password
$location = $invalidPWURL .'?err='.$err.'&destination='.$thisURI;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| No password found, go enter one: $location";
// wp_redirect($location);
// exit;
}
}

if (strlen($location) == 0) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| thisURI: " . $thisURI;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| thisQueryString: " . $thisQS;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Default: PW Required?: " . $requirePW;

$table_name = $wpdb->prefix . "wp_password";
$qry = "SELECT * FROM $table_name ORDER BY rule_order, id";
$rules = $wpdb->get_results( $qry );
$rule_no = 1;
foreach( $rules as $row ) {
$rule_id = $row->id;
$rule_text = $row->rule_text;
$rule_field = $row->rule_field;
$rule_position = $row->rule_position;
$rule_end = $row->rule_end;
$rule_password_required = $row->rule_password_required;

$tmp_require_pw = 0;
$tmp_rule_match = 0;

if ($debugOption == true) echo "\n<br/>WP-Password Debug| <b>Rule No. $rule_no </b>";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| PW Required if Match?: $rule_password_required";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Text: $rule_text";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Field: $rule_field";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Position: $rule_position";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Continue?: $rule_end further rules";
if(strlen($rule_text) > 0) {
if ($rule_field == 'path') {$haystack = $thisURI;}
if ($rule_field == 'querystring') {$haystack = $thisQS;}
if (us_broome_wordpress_password::fieldTest($rule_text, $haystack, $rule_position) == 1) {
$tmp_rule_match = 1;
if ($rule_password_required == 1) {$tmp_require_pw = 1;}
if ($rule_password_required == 0) {$tmp_require_pw = 0;}
}
if (($requirePW != $tmp_require_pw) && $tmp_rule_match == 1) $requirePW = $tmp_require_pw;
}
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Matched?: " . $tmp_rule_match;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Running Status: PW Required?: " . $requirePW;
if ($tmp_rule_match == 1 && $rule_end == "ignore") {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Ignoring further rules per Rule End";
break; // leave the foreach
}
$rule_no++;
}

if (!($tmp_rule_match == 1 && $rule_end == "ignore")) {
// The final (automatic) rules: can't prevent users from getting to login pages.
$rule_text = 'login.php';
$rule_field = 'path';
$rule_password_required = 0;
$tmp_require_pw = 0;
$ftmp_rule_match = 0;
$rule_position = "e";
$haystack = $thisURI;

if ($debugOption == true) echo "\n<br/>WP-Password Debug| <b>Automatic final rule.</b>";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| PW Required if Matched?: $rule_password_required";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Text: $rule_text";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Field: $rule_field";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Position: $rule_position";
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Continue?: $rule_end further rules";

if (us_broome_wordpress_password::fieldTest($rule_text, $haystack, $rule_position) == 1) {
$tmp_rule_match = 1;
if ($rule_password_required == 1) {$tmp_require_pw = 1;}
if ($rule_password_required == 0) {$tmp_require_pw = 0;}
}
if (($requirePW != $tmp_require_pw) && $tmp_rule_match == 1) $requirePW = $tmp_require_pw;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Rule Matched?: " . $tmp_require_pw;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Running Status: PW Required?: " . $requirePW;
}
}


if ($debugOption == true) echo "\n<br/>WP-Password Debug|<b>After rule checking: Require PW for this request?: " . $requirePW . "</b>";

if($requirePW == 1) {
// password required by rules. check user's password
if (strlen($inputPW) > 0) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Checking incoming password against site password";
if ($inputPW == $sitePW) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Passwords Match";
// Welcome to Fantasy Island! (Cue the sexy, giggling beachgoers)
$location = $dest;
if ($source != 'cookie') {
setcookie('wordpress_password', $inputPW, $pcDays, '/'); // cookie set!
}
} else {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| Passwords don't match";
$err='Wrong+Password.';
$location = $invalidPWURL .'?err='.$err.'&destination='.$thisURI;
if ($source == 'cookie') {
setcookie('wordpress_password', '', $pcDays, '/'); // cookie cleared!
}
}
} else {
// Go enter a password
$location = $invalidPWURL .'?err='.$err.'&destination='.$thisURI;
if ($debugOption == true) echo "\n<br/>WP-Password Debug| No password found, go enter one: $location";
}
}

if (strlen($location) > 0) {
if (strpos($location, '?') != strrchr($location, '?')) {
$y = substr($location, 0, strpos($location, '?') ) . '?';
$z = str_replace('?', '&', str_replace($y, '', $location));
$location = $y.$z;
}
$location = preg_replace('/wp-password-logout/i', 'wp-password-logged-out', $location);
if ($debugOption == true) echo "\n<br/>WP-Password Debug| redirect target: $location";
$locRoot = $location;
if (strpos($locRoot, '?') !== FALSE) {
$locRoot = substr($location, 0, strpos($location, '?') );
}

if (@stripos($locRoot, $thisURI) !== FALSE) {
if ($debugOption == true) echo "\n<br/>WP-Password Debug| redirect target IS this page, no redirect";
return $content;
}

if ($debugOption == true) {
echo "\n<br/>WP-Password Debug| Masking content";
}
return "<p>This content is password protected. Please <a href='$location'>Log In</a> to view it.</p>";
}
return $content;
}


function do_nothing() {
// Nothing
}

// end of us_broome_wordpress_password class
}

add_action('activate_wp-password/wp-password.php', array('us_broome_wordpress_password', 'password_reset'));
add_action('admin_menu', array('us_broome_wordpress_password', 'password_add_menu'));
add_action('init', array('us_broome_wordpress_password', 'password_mechanism'));
add_filter('the_content', array('us_broome_wordpress_password', 'protect_content_mechanism'));
add_filter('the_content_rss', array('us_broome_wordpress_password', 'protect_content_mechanism'));
?>

The login page itself:

<?php
/**
* WordPress User Page
*
* Handles authentication, registering, resetting passwords, forgot password,
* and other user handling.
*
* @package WordPress
*/

/** Make sure that the WordPress bootstrap has ran before continuing. */
// require( dirname(__FILE__) . '/../../../wp-load.php' );

if ( defined('ABSPATH') ) {
// echo ABSPATH . 'wp-load.php';
require(ABSPATH . 'wp-load.php');
} else {
// echo dirname(__FILE__) . '/../../../wp-load.php';
require( dirname(__FILE__) . '/../../../wp-load.php' );
}

$action = 'login';
$error = $_REQUEST[err];
$errors = new WP_Error();

// Redirect to https login if forced to use SSL
if ( force_ssl_admin() && !is_ssl() ) {
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit();
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit();
}
}

/**
* login_header() - Outputs the header for the login page
*
* @package WordPress
* @uses do_action() Calls the 'login_head' for outputting HTML in the Login
* header.
* @uses apply_filters() Calls 'login_headerurl' for the top login link.
* @uses apply_filters() Calls 'login_headertitle' for the top login title.
* @uses apply_filters() Calls 'login_message' on the message to display in the
* header.
* @uses $error The error global, which is checked for displaying errors.
*
* @param string $title Optional. WordPress Login Page title to display in
* <title/> element.
* @param string $message Optional. Message to display in header.
* @param WP_Error $wp_error Optional. WordPress Error Object
*/
function login_header($title = 'Login', $message = '', $wp_error = '') {
global $error;

if ( empty($wp_error) )
$wp_error = new WP_Error();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
<head>
<title><?php bloginfo('name'); ?> &rsaquo; <?php echo $title; ?></title>
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
<?php
wp_admin_css( 'login', true );
wp_admin_css( 'colors-fresh', true );
do_action('login_head'); ?>
</head>
<body class="login">

<div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', 'http://bbnvoice.org/'); ?>" title="<?php echo apply_filters('login_headertitle', __('Powered by WordPress')); ?>"><?php bloginfo('name'); ?></a></h1>
<?php
if ( !empty( $message ) ) echo apply_filters('login_message', $message) . "\n";

// Incase a plugin uses $error rather than the $errors object
if ( !empty( $error ) ) {
$wp_error->add('error', $error);
unset($error);
}
if ( $wp_error->get_error_code() ) {
$errors = '';
$messages = '';
foreach ( $wp_error->get_error_codes() as $code ) {
$severity = $wp_error->get_error_data($code);
foreach ( $wp_error->get_error_messages($code) as $error ) {
if ( 'message' == $severity )
$messages .= ' ' . $error . "<br />\n";
else
$errors .= ' ' . $error . "<br />\n";
}
}
if ( !empty($errors) )
echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n";
if ( !empty($messages) )
echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";
}
} // End of login_header()

//
// Main
//


if ( isset($_GET['key']) )
$action = 'resetpass';

nocache_headers();

header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));

if ( defined('RELOCATE') ) { // Move flag is set
if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
$_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );

$schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://';
if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )
update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
}

//Set a cookie now to see if they are supported by the browser.
setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
if ( SITECOOKIEPATH != COOKIEPATH )
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);

$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
switch ($action) {
case 'login' :
default:
if ( isset( $_REQUEST['redirect_to'] ) )
$redirect_to = $_REQUEST['redirect_to'];
else
$redirect_to = admin_url();

if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
$secure_cookie = false;
else
$secure_cookie = '';

$user = wp_signon('', $secure_cookie);

$redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);

// $errors = $user;
// Clear errors if loggedout is set.
if ( !empty($_GET['loggedout']) )
$errors = new WP_Error();

// If cookies are disabled we can't log in even with a valid user+pass
if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));

login_header(__('Login'), '', $errors);
?>

<form name="loginform" id="loginform" action="" method="post">
<p>
<label><?php _e('Password Required') ?><br />
<input type="password" name="wordpress_password" id="user_pass" class="input" value=""/></label>
</p>



<?php do_action('login_form'); ?>
<p class="submit">
<input type="submit" name="wp-submit" id="wp-submit" value="<?php _e('Log In'); ?>" tabindex="100" />
<input type="hidden" name="wordpress_password_login_handler" value="1" />
<input type="hidden" name="testcookie" value="1" />
<?php
if ( $_REQUEST['destination'] ) echo '<input type="hidden" name="destination" value="' . $_REQUEST['destination'] .'" />';
?>
</p>
</form>

<p id="nav">
</p>

</div>

<p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('&laquo; Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>

<script type="text/javascript">
try{document.getElementById('user_login').focus();}catch(e){}
</script>
</body>
</html>
<?php

break;
} // end action switch
?>




Please let me know guys, it would be a huge help. I'm sure the answer is very simple. Let me know if you have any questions.