Feature #1648
closedAdd Password Protect WordPress Plugin
Added by Matt Gold over 12 years ago. Updated over 12 years ago.
0%
Description
The JITP project needs to show a draft version of the publication to authors before publication. One idea floated was to add all authors to the Commons and add the to the blog. I think it would be easier and more simple to password-protect the blog.
Here's one plugin that would do it; I'm not attached at all to a particular plugin -- just need the simple password-protection functionality.
http://wordpress.org/extend/plugins/password-protect-wordpress-blog/
Requires: 2.8 or higher
Compatible up to: 3.2.0
Last Updated: 2011-9-21 Downloads: 11,659
Average Rating: 4 stars
(19 ratings)
Updated by Boone Gorges over 12 years ago
- Status changed from Assigned to Reporter Feedback
The plugin you have linked to is very bad. I searched the plugin repository, but it looks like a better option doesn't really exist.
If this is an urgent matter, I think the best bet is to create Commons accounts for these users, add them to the blog, and then select the appropriate privacy level. I can build something, but it will take a few hours, and I won't be able to do it until next week.
Updated by Matt Gold over 12 years ago
Thanks for vetting the plugin; it's dispiriting to hear that a better option doesn't already exist. Are there any other options, like adding password protection of the subdomain at the server level?
And when next week would we be talking about?
Updated by Boone Gorges over 12 years ago
André, could you please tell me whether we have mod_setenvif enabled for Apache on cdev and commons, and if not, enable it?
Using setenvif I might be able to do it at the level of .htaccess.
If this is important, I can adjust things to clear some time on Monday afternoon.
Updated by local admin over 12 years ago
Yes, I can confirm that this apache module is in effect.
Updated by Boone Gorges over 12 years ago
Thanks, André. Can you chmod /var/www/.htpasswd on cdev and commons so that the commons user can edit it?
Updated by Matt Gold over 12 years ago
Thanks, André.
Boone, can you clarify for me whether the availability of this apache module means that you would potentially be able to get to this by Monday or whether there is now a simpler solution that doesn't require those few hours of coding (and can thus be set up more quickly)? Thanks.
Updated by Boone Gorges over 12 years ago
Matt, I am trying to find a solution that does not require any PHP coding. I can't guarantee any deadlines, as I am trying to figure out SetEnvIf and the related Apache modules as I go along, though I will attempt to do it as quickly as possible.
Updated by local admin over 12 years ago
Boone Gorges wrote:
Thanks, André. Can you chmod /var/www/.htpasswd on cdev and commons so that the commons user can edit it?
No such file, Boone:
[root@commons ~]# ll /var/www/.htpasswd ls: cannot access /var/www/.htpasswd: No such file or directory
Would you prefer that I create one or do you want to create it at /home/commons?
Updated by Boone Gorges over 12 years ago
You're right, André. I can just put it at /home/commons. I was thinking that it wouldn't be compatible with /var/www/.htpasswd on cdev, but I guess it doesn't matter since the latter is handled at the level of httpd.conf.
I think I need your help here. I'm really struggling to get this working. The goal is to add htpasswd authentication only on a single subdomain, and I had a feeling that this could be done using SetEnvIf, but my regex seems to be failing me.
More specifically. The following works in order to protect all subdirectories EXCEPT FOR cunypie:
SetEnvIf Host ^cunypie\.cdev\.gc\.cuny\.edu let_me_in Order Allow,Deny AuthType Basic AuthName Testing AuthUserFile /home/commons/.htpasswd Satisfy any Require jitp Order allow,deny Allow from env=let_me_in
Based on that, you'd think I'd be able to simply add a ! in front of my regex to flip it. But it doesn't work - when I do that, let_me_in is never set.
Is there something obvious that I'm doing wrong? Is it possible for you to just set this at the level of the main Apache config? (I have already spent more time learning about this .htaccess stuff than I should have today ;) )
Updated by local admin over 12 years ago
How about:
SetEnvIf Host ^cunypie\.cdev\.gc\.cuny\.edu dont_let_me_in Order Deny,Allow AuthType Basic AuthName Testing AuthUserFile /home/commons/.htpasswd Satisfy any Require jitp Order deny,allow Deny from env=dont_let_me_in Allow all
Updated by Boone Gorges over 12 years ago
- Target version changed from 1.3.8 to 1.3.9
Updated by local admin over 12 years ago
- Assignee changed from Boone Gorges to local admin
I'm stealing the ticket while I give it a try...
Updated by local admin over 12 years ago
Ok, I think I got it...
In my test cunypie.cdev.gc.cuny.edu was challenged for auth, while other subdomains were not, with this:
AuthType Basic AuthName "Must be a valid user!" AuthUserFile /var/www/mypasswd Require valid-user SetEnvIf Host ^cunypie\.cdev\.gc\.cuny\.edu challenge_me Satisfy any Order Deny,Allow Deny from env=challenge_me
Could I ask you to kindly test with me here? Thanks!
Updated by local admin over 12 years ago
Oh, I had changed the htpasswd file for testing, but reverted to the previous one now...
AuthUserFile /var/www/.htpasswd
...and all this stuff is now in /var/www/html/.htaccess, where it belongs ;)
Updated by local admin over 12 years ago
I'm thrilled : ) Loved being able to help out and also learned something new!
Updated by Matt Gold over 12 years ago
Awesome. The last step, then, would be to add this password protection to the site where it is needed: http://jitp.commons.gc.cuny.edu/
Can I email you a preferred login/password combo for it?
Updated by local admin over 12 years ago
Ok, I tested successfully in production and reverted the change in cdev.
Please mark the issue resolved if everything is in order, ok?
Updated by Boone Gorges over 12 years ago
Thanks, André. Getting the right combination of 'Order' with 'Satisfy any' was starting to make my head spin.
Could I ask that the plaintext password be stored somewhere, like maybe in a comment in the .htpasswd file itself? There may come a time when a developer needs to access the site.
Updated by Matt Gold over 12 years ago
- Status changed from Reporter Feedback to Resolved
Updated by Matt Gold over 12 years ago
Thanks again for your work on this, guys.
Updated by Boone Gorges over 12 years ago
- Status changed from Resolved to Assigned
Reopening until I know that we have the pw stored somewhere accessible to devs. Thanks!
Updated by local admin over 12 years ago
Boone Gorges wrote:
Thanks, André. Getting the right combination of 'Order' with 'Satisfy any' was starting to make my head spin.
: D
Could I ask that the plaintext password be stored somewhere, like maybe in a comment in the .htpasswd file itself? There may come a time when a developer needs to access the site.
Yes, good idea. Done.
Updated by local admin over 12 years ago
Matt Gold wrote:
Thanks again for your work on this, guys.
You're welcome.