Project

General

Profile

Actions

Feature #1648

closed

Add Password Protect WordPress Plugin

Added by Matt Gold over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority name:
Urgent
Assignee:
-
Category name:
BuddyPress (misc)
Target version:
Start date:
2012-02-22
Due date:
% Done:

0%

Estimated time:

Description

The JITP project needs to show a draft version of the publication to authors before publication. One idea floated was to add all authors to the Commons and add the to the blog. I think it would be easier and more simple to password-protect the blog.

Here's one plugin that would do it; I'm not attached at all to a particular plugin -- just need the simple password-protection functionality.

http://wordpress.org/extend/plugins/password-protect-wordpress-blog/

Requires: 2.8 or higher
Compatible up to: 3.2.0
Last Updated: 2011-9-21 Downloads: 11,659
Average Rating: 4 stars

(19 ratings)

Actions #1

Updated by Boone Gorges over 10 years ago

  • Status changed from Assigned to Reporter Feedback

The plugin you have linked to is very bad. I searched the plugin repository, but it looks like a better option doesn't really exist.

If this is an urgent matter, I think the best bet is to create Commons accounts for these users, add them to the blog, and then select the appropriate privacy level. I can build something, but it will take a few hours, and I won't be able to do it until next week.

Actions #2

Updated by Matt Gold over 10 years ago

Thanks for vetting the plugin; it's dispiriting to hear that a better option doesn't already exist. Are there any other options, like adding password protection of the subdomain at the server level?

And when next week would we be talking about?

Actions #3

Updated by Boone Gorges over 10 years ago

André, could you please tell me whether we have mod_setenvif enabled for Apache on cdev and commons, and if not, enable it?

Using setenvif I might be able to do it at the level of .htaccess.

If this is important, I can adjust things to clear some time on Monday afternoon.

Actions #4

Updated by local admin over 10 years ago

Yes, I can confirm that this apache module is in effect.

Actions #5

Updated by Boone Gorges over 10 years ago

Thanks, André. Can you chmod /var/www/.htpasswd on cdev and commons so that the commons user can edit it?

Actions #6

Updated by Matt Gold over 10 years ago

Thanks, André.

Boone, can you clarify for me whether the availability of this apache module means that you would potentially be able to get to this by Monday or whether there is now a simpler solution that doesn't require those few hours of coding (and can thus be set up more quickly)? Thanks.

Actions #7

Updated by Boone Gorges over 10 years ago

Matt, I am trying to find a solution that does not require any PHP coding. I can't guarantee any deadlines, as I am trying to figure out SetEnvIf and the related Apache modules as I go along, though I will attempt to do it as quickly as possible.

Actions #8

Updated by Matt Gold over 10 years ago

Great. Many thanks, Boone.

Actions #9

Updated by local admin over 10 years ago

Boone Gorges wrote:

Thanks, André. Can you chmod /var/www/.htpasswd on cdev and commons so that the commons user can edit it?

No such file, Boone:

[root@commons ~]# ll /var/www/.htpasswd
ls: cannot access /var/www/.htpasswd: No such file or directory

Would you prefer that I create one or do you want to create it at /home/commons?

Actions #10

Updated by Boone Gorges over 10 years ago

You're right, André. I can just put it at /home/commons. I was thinking that it wouldn't be compatible with /var/www/.htpasswd on cdev, but I guess it doesn't matter since the latter is handled at the level of httpd.conf.

I think I need your help here. I'm really struggling to get this working. The goal is to add htpasswd authentication only on a single subdomain, and I had a feeling that this could be done using SetEnvIf, but my regex seems to be failing me.

More specifically. The following works in order to protect all subdirectories EXCEPT FOR cunypie:

SetEnvIf Host ^cunypie\.cdev\.gc\.cuny\.edu let_me_in
Order Allow,Deny
AuthType Basic
AuthName Testing
AuthUserFile /home/commons/.htpasswd
Satisfy any
Require jitp
Order allow,deny
Allow from env=let_me_in

Based on that, you'd think I'd be able to simply add a ! in front of my regex to flip it. But it doesn't work - when I do that, let_me_in is never set.

Is there something obvious that I'm doing wrong? Is it possible for you to just set this at the level of the main Apache config? (I have already spent more time learning about this .htaccess stuff than I should have today ;) )

Actions #11

Updated by local admin over 10 years ago

How about:

SetEnvIf Host ^cunypie\.cdev\.gc\.cuny\.edu dont_let_me_in
Order Deny,Allow
AuthType Basic
AuthName Testing
AuthUserFile /home/commons/.htpasswd
Satisfy any
Require jitp
Order deny,allow
Deny from env=dont_let_me_in
Allow all
Actions #12

Updated by local admin over 10 years ago

Let me test it...

Actions #13

Updated by Boone Gorges over 10 years ago

  • Target version changed from 1.3.8 to 1.3.9
Actions #14

Updated by local admin over 10 years ago

  • Assignee changed from Boone Gorges to local admin

I'm stealing the ticket while I give it a try...

Actions #15

Updated by local admin over 10 years ago

Ok, I think I got it...

In my test cunypie.cdev.gc.cuny.edu was challenged for auth, while other subdomains were not, with this:

AuthType Basic
AuthName "Must be a valid user!" 
AuthUserFile /var/www/mypasswd
Require valid-user

SetEnvIf Host ^cunypie\.cdev\.gc\.cuny\.edu challenge_me

Satisfy any
Order Deny,Allow
Deny from env=challenge_me

Could I ask you to kindly test with me here? Thanks!

Actions #16

Updated by local admin over 10 years ago

Oh, I had changed the htpasswd file for testing, but reverted to the previous one now...

AuthUserFile /var/www/.htpasswd

...and all this stuff is now in /var/www/html/.htaccess, where it belongs ;)

Actions #17

Updated by Matt Gold over 10 years ago

Fantastic work!

Actions #18

Updated by local admin over 10 years ago

I'm thrilled : ) Loved being able to help out and also learned something new!

Actions #19

Updated by Matt Gold over 10 years ago

Awesome. The last step, then, would be to add this password protection to the site where it is needed: http://jitp.commons.gc.cuny.edu/

Can I email you a preferred login/password combo for it?

Actions #20

Updated by local admin over 10 years ago

Yes, email works. I'm ready.

Actions #21

Updated by local admin over 10 years ago

Ok, I tested successfully in production and reverted the change in cdev.

Please mark the issue resolved if everything is in order, ok?

Actions #22

Updated by Boone Gorges over 10 years ago

Thanks, André. Getting the right combination of 'Order' with 'Satisfy any' was starting to make my head spin.

Could I ask that the plaintext password be stored somewhere, like maybe in a comment in the .htpasswd file itself? There may come a time when a developer needs to access the site.

Actions #23

Updated by Matt Gold over 10 years ago

  • Status changed from Reporter Feedback to Resolved
Actions #24

Updated by Matt Gold over 10 years ago

Thanks again for your work on this, guys.

Actions #25

Updated by Boone Gorges over 10 years ago

  • Status changed from Resolved to Assigned

Reopening until I know that we have the pw stored somewhere accessible to devs. Thanks!

Actions #26

Updated by local admin over 10 years ago

Boone Gorges wrote:

Thanks, André. Getting the right combination of 'Order' with 'Satisfy any' was starting to make my head spin.

: D

Could I ask that the plaintext password be stored somewhere, like maybe in a comment in the .htpasswd file itself? There may come a time when a developer needs to access the site.

Yes, good idea. Done.

Actions #27

Updated by local admin over 10 years ago

Matt Gold wrote:

Thanks again for your work on this, guys.

You're welcome.

Actions #28

Updated by Boone Gorges over 10 years ago

  • Status changed from Assigned to Resolved

Thanks!

Actions

Also available in: Atom PDF