jamesmorrison · May 21, 2019 09:41
diff --git a/wp-basic-http-authentication.php b/wp-basic-http-authentication.php
 <?php
 /**
 * Plugin Name: WP Basic HTTP Authentication
 * Plugin URI:
 * Description: Adds HTTP Authentication to a WordPress site
 * Author: James Morrison
 * Version: 1.0.2
 * Author URI: https://www.jamesmorrison.me
 **/

 // Namespace
 namespace WP_Basic_Auth;

 // Security check
 defined( 'ABSPATH' ) || die( 'Direct file access is forbidden' );

 // Define valid usernames / passwords
 function valid_credentials() {

 	return apply_filters( 'wp_basic_auth_credentials', [
 		'example_user' => 'example_password',
 	] );

 }

 // Define restricted environments
 function restricted_environments() {

 	return apply_filters( 'wp_basic_auth_environments', [
 		'staging',
 	] );

 }

 // Is the user authenticated?
 function authenticated() {

 	// Username and Password defaults
 	$user     = false;
 	$password = false;

 	// Sanitize username if set
 	if ( isset( $_SERVER['PHP_AUTH_USER'] ) ) {
 		$user = sanitize_text_field( $_SERVER['PHP_AUTH_USER'] );
 	}

 	// Sanitize password if set
 	if ( isset( $_SERVER['PHP_AUTH_PW'] ) ) {
 		$password = sanitize_text_field( $_SERVER['PHP_AUTH_PW'] );
 	}

 	// Retrieve the valid credentials
 	$valid_credentials = valid_credentials();

 	// Loop through the valid credentials to authenticate user
 	foreach ( $valid_credentials as $valid_username => $valid_password ) {

 		// If the username doesn't match, skip to the next record
 		if ( $user !== $valid_username ) {
 			continue;
 		}

 		// Validate the password; we already know we have a valid username
 		if ( $password === $valid_password ) {
 			return true;
 		}
 	}

 	return false;

 }

 // Failed authentication.. return 401
 function failed_authentication() {

 	header( 'WWW-Authenticate: Basic realm="Private Site"' );
 	header( 'HTTP/1.0 401 Unauthorized' );
 	echo 'FAILED LOGIN';
 	die();

 }

 // Function to authenicate the use
 add_action( 'plugins_loaded',
 	function() {

 		// Default to no environment
 		$environment = false;

 		// Work out if there is a defined environment
 		if ( isset( $_SERVER['environment'] ) ) {
 			$environment = sanitize_text_field( $_SERVER['environment'] );
 		}

 		// Bail early if there's no environment set
 		if ( ! $environment ) {
 			return;
 		}

 		// Retrieve the restricted environments
 		$restricted_environments = restricted_environments();

 		// Check the current environment is not one of the restricted ones; bail if it's not
 		if ( ! in_array( $environment, $restricted_environments ) ) {
 			return;
 		}

 		// We have to authenticate this user
 		if ( ! authenticated() ) {
 			failed_authentication();
 		}

 	}, 1, 0
 );

 // Logout
 add_action( 'plugins_loaded',
 	function() {

 		if ( isset( $_GET['logout'] ) ) {
 			$_SERVER['PHP_AUTH_USER'] = '';
 			$_SERVER['PHP_AUTH_PW']   = '';
 		}

 	}, 1, 0
 );
	<?php
	/**
	* Plugin Name: WP Basic HTTP Authentication
	* Plugin URI:
	* Description: Adds HTTP Authentication to a WordPress site
	* Author: James Morrison
	* Version: 1.0.2
	* Author URI: https://www.jamesmorrison.me
	**/

	// Namespace
	namespace WP_Basic_Auth;

	// Security check
	defined( 'ABSPATH' ) \|\| die( 'Direct file access is forbidden' );

	// Define valid usernames / passwords
	function valid_credentials() {

	return apply_filters( 'wp_basic_auth_credentials', [
	'example_user' => 'example_password',
	] );

	}

	// Define restricted environments
	function restricted_environments() {

	return apply_filters( 'wp_basic_auth_environments', [
	'staging',
	] );

	}

	// Is the user authenticated?
	function authenticated() {

	// Username and Password defaults
	$user = false;
	$password = false;

	// Sanitize username if set
	if ( isset( $_SERVER['PHP_AUTH_USER'] ) ) {
	$user = sanitize_text_field( $_SERVER['PHP_AUTH_USER'] );
	}

	// Sanitize password if set
	if ( isset( $_SERVER['PHP_AUTH_PW'] ) ) {
	$password = sanitize_text_field( $_SERVER['PHP_AUTH_PW'] );
	}

	// Retrieve the valid credentials
	$valid_credentials = valid_credentials();

	// Loop through the valid credentials to authenticate user
	foreach ( $valid_credentials as $valid_username => $valid_password ) {

	// If the username doesn't match, skip to the next record
	if ( $user !== $valid_username ) {
	continue;
	}

	// Validate the password; we already know we have a valid username
	if ( $password === $valid_password ) {
	return true;
	}
	}

	return false;

	}

	// Failed authentication.. return 401
	function failed_authentication() {

	header( 'WWW-Authenticate: Basic realm="Private Site"' );
	header( 'HTTP/1.0 401 Unauthorized' );
	echo 'FAILED LOGIN';
	die();

	}

	// Function to authenicate the use
	add_action( 'plugins_loaded',
	function() {

	// Default to no environment
	$environment = false;

	// Work out if there is a defined environment
	if ( isset( $_SERVER['environment'] ) ) {
	$environment = sanitize_text_field( $_SERVER['environment'] );
	}

	// Bail early if there's no environment set
	if ( ! $environment ) {
	return;
	}

	// Retrieve the restricted environments
	$restricted_environments = restricted_environments();

	// Check the current environment is not one of the restricted ones; bail if it's not
	if ( ! in_array( $environment, $restricted_environments ) ) {
	return;
	}

	// We have to authenticate this user
	if ( ! authenticated() ) {
	failed_authentication();
	}

	}, 1, 0
	);

	// Logout
	add_action( 'plugins_loaded',
	function() {

	if ( isset( $_GET['logout'] ) ) {
	$_SERVER['PHP_AUTH_USER'] = '';
	$_SERVER['PHP_AUTH_PW'] = '';
	}

	}, 1, 0
	);