<?php
/*
Plugin Name: Admin SSL
Plugin URI: http://kerrins.co.uk/blog/?p=128
Description: Secures Login and Admin pages using Private or Shared SSL
Author: BCG
Version: 0.70
Author URI: http://kerrins.co.uk/

* Release Notes

	Version 0.70
		support for both WP 2.5 and WP pre-2.5
		using WP options and configuration page for Shared SSL
		forces SSL login if meta redirect is enabled
		code cleanup and commenting, removing all unnecessary functions
		fixing redirect problem from http to https when signed in
	
	Version 0.67 - removing unnecessary overloaded functions 
	Version 0.66 - updated to work with WP 2.5
	Version 0.65 - securing /wp-content/ pages

* Development History

 	(for the code see admin-ssl-legacy.php)

	admin-ssl 0.64 by Haris (haris.tv)
	secure-admin 0.2 by Ryan Boren

$Id: admin-ssl.php 0.70-b6 2008-04-08 17:36:15Z bcg $
*/

//
//	support for latest versions of WordPress
//

	if($wp_version >= 2.5)
	{
	//
	//	get options from the database
	//
	
		$use_ssl = get_option("admin_ssl_use_ssl") === "1" ? true : false;
		$use_shared = get_option("admin_ssl_use_shared") === "1" ? true : false;
		$shared_url = get_option("admin_ssl_shared_url");
		$secure_url = "";
		
	//
	//	return scheme based on whether or not SSL is enabled
	//
	
		function scheme()
		{
			global $use_ssl;
			return($use_ssl ? "https" : "http");
		}
		
		function cookiepath()
		{				
			if($use_ssl && $use_shared){
				$url = parse_url($shared_url);
				return($url["path"]);
			}
		}
	
	//
	//	initialize Admin SSL - set $secure_url
	//
	
		function as_init()
		{
			global $use_ssl,$use_shared,$shared_url,$secure_url;
			
		//
		//	start output buffering to secure all links
		//
		
			if($use_ssl) ob_start("as_ob_handler");
			
		//
		//	build secure site url
		//
		
			$shared_url = rtrim(str_replace("wp-admin","",$shared_url),"/");
		
			$secure_url = $use_shared ? $shared_url : preg_replace("/^https?/",scheme(),get_option("siteurl"));
			$secure_url = rtrim(trim($secure_url),"/");		
		}
		
	//
	//	checks if user is logged in and that page is using HTTPS
	//	replaces default WP function definition in /wp-includes/pluggable.php
	//
	
		if(!function_exists("auth_redirect")):
			function auth_redirect()
			{
				global $use_ssl,$use_shared,$shared_url,$secure_url;
			
			//
			//	check if user is logged in - WP 2.5 compatible
			//
			
				if((!empty($_COOKIE[AUTH_COOKIE]) && !wp_validate_auth_cookie($_COOKIE[AUTH_COOKIE]))
					|| empty($_COOKIE[AUTH_COOKIE])){
					if(strpos($_SERVER["REQUEST_URI"],"wp-login.php") === false || "on" !== $_SERVER["HTTPS"])
					{
						nocache_headers();
						$location = $secure_url . "/wp-login.php?redirect_to=" . urlencode($_SERVER["REQUEST_URI"]);
						wp_redirect($location);
						exit();
					}
				}
				
			//
			//	if user is on admin pages but not using https redirect
			//
			
				elseif(is_admin())
				{				
					if(($use_ssl && "on" !== $_SERVER["HTTPS"]) || (!$use_ssl && "on" === $_SERVER["HTTPS"]))
					{
						nocache_headers();
						
						if($use_ssl && $use_shared){					
							$url = parse_url($shared_url);				
							if(!isset($url["path"])) $url["path"] = "";
							$location = scheme()."://".$url["host"].$url["path"]."/wp-admin";
						}
						else $location = scheme()."://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
						
						wp_redirect($location);
						exit;
					}
				}
			}
		endif;
		
	//
	//	overloads check_admin_referer in case Shared SSL is being used
	//
	
		if(!function_exists("check_admin_referer")):
			function check_admin_referer($action=-1,$query_arg="_wpnonce")
			{
				global $secure_url;
				$adminurl = strtolower($secure_url)."/wp-admin";
				$referer = strtolower(wp_get_referer());
				$result = wp_verify_nonce($_REQUEST[$query_arg], $action);
				if(!$result && !(-1 == $action && strpos($referer,$adminurl) !== false)){
					wp_nonce_ays($action);
					die();
				}
				do_action("check_admin_referer",$action,$result);
				return $result;
			}
		endif;
		
	//
	//	add Admin SSL config page
	//
	
		function as_config_page()
		{
			if(function_exists("add_submenu_page"))
				add_submenu_page(
					"plugins.php",
					__("Admin SSL"),
					__("Admin SSL"),
					"manage_options",
					"admin-ssl-config",
					"as_conf"
				);			
		}
		
	//
	//	display/update Admin SSL configuration
	//
	
		function as_conf()
		{
			global $use_ssl,$use_shared,$shared_url,$secure_url;

			if(isset($_POST["submit"]))
			{
			//
			//	make sure current user can set permissions,
			//	and that the referer was a page from this site
			//	
			
				if(function_exists("current_user_can") && !current_user_can("manage_options"))
					exit(__("You don't have permission to change these options!"));
					
				check_admin_referer();
				
			//
			//	get the configuration options
			//
			
				$use_ssl = "on" === $_POST["use_ssl"] ? 1 : 0;
				$use_shared = "on" === $_POST["use_shared"] ? 1 : 0;
				$shared_url = $use_shared ? $_POST["shared_url"] : "";
				
			//
			//	strip index.php off the end of the URL if present
			//
			
				if(strpos($shared_url,"index.php") !== false)
					$shared_url = str_replace("index.php","",$shared_url);
				
			//
			//	verify that $shared_url is indeed a URL
			//
			
				if($use_shared && !preg_match("/(http|https):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/",$shared_url))
				{					
					$message = "The url you entered ('$shared_url') is invalid.";
					$error = true;
					
					$use_shared = get_option("admin_ssl_use_shared");
					$shared_url = get_option("admin_ssl_shared_url");
				}
				
			//
			//	verify that the shared url ends with /wp-admin/
			//
			
				if($use_shared && strpos($shared_url,"wp-admin") === false)
				{
					$message = "The url you entered ('$shared_url') does not end with '/wp-admin/'.";
					$error = true;

					$use_shared = get_option("admin_ssl_use_shared");
					$shared_url = get_option("admin_ssl_shared_url");
				}
				
			//
			//	update options in database
			//
			
				update_option("admin_ssl_use_ssl",$use_ssl);
				update_option("admin_ssl_use_shared",$use_shared); 
				update_option("admin_ssl_shared_url",$shared_url);
				
				if(!$message){
					$message = "Options saved.";
					$error = false;
				}
			}
			
			require_once("admin-ssl-config.php");
		}
	
	//
	//	output buffer handler to replace page hrefs with https urls
	//
	
		function as_ob_handler($buffer)
		{
			global $secure_url;
			
			$admin_url = get_option("siteurl") . "/wp-admin";
			$secure_admin_url = $secure_url."/wp-admin";
			
			$login_url = get_option("siteurl") . "/wp-login.php";
			$secure_login_url = $secure_url."/wp-login.php";
			
			$comment_url = get_option("siteurl") . "/wp-comments-post.php";
			$secure_comment_url = $secure_url."/wp-comments-post.php";
		
			$replace_this = array($admin_url, $login_url, $comment_url);
			$with_this = array($secure_admin_url, $secure_login_url, $secure_comment_url);
			
			if(is_admin())
			{
				$includes_url = get_option("siteurl") . "/wp-includes";
				$secure_includes_url = $secure_url . "/wp-includes";
				$replace_this[] = $includes_url;
				$with_this[] = $secure_includes_url;
				
				$content_url = get_option("siteurl") . "/wp-content";
				$secure_content_url = $secure_url . "/wp-content";
				$replace_this[] = $content_url;
				$with_this[] = $secure_content_url;
			}
		
			if(is_preview() && ("on" === $_SERVER["HTTPS"]))
			{
				$site_url = get_option("siteurl");
				$secure_site_url = $secure_url;
				$replace_this[] = $site_url;
				$with_this[] = $secure_site_url;
			}
		
			return(str_replace($replace_this, $with_this, $buffer));
		}
	
		function as_post_link($link)
		{
			global $secure_url,$pagenow;
		
			if(("on" === $_SERVER["HTTPS"]) && ("wp-comments-post.php" != $pagenow))
				$link = preg_replace("|^".get_option("siteurl")."|", $secure_url, $link);
			return $link;
		}
		
	//
	//	redirect to wp-admin/ if on login page and insecure connection being used
	//	this means auth_redirect() is called and so secure login is forced
	//
	
		function as_login_redirect()
		{
			global $use_ssl;
			
			if($use_ssl && "on" !== $_SERVER["HTTPS"])
				echo('<meta http-equiv="Refresh" content="0;url=wp-admin/" />');
		}
		
	//
	//	sets auth cookie for shared SSL setup
	//
	
		function as_set_auth_cookie($cookie,$expire)
		{
			global $use_ssl,$use_shared;				
			if($use_ssl && $use_shared) setcookie(AUTH_COOKIE,$cookie,$expire,cookiepath(),COOKIE_DOMAIN);
		}
		
	//
	//	clear shared SSL cookie
	//
	
		function as_clear_auth_cookie()
		{
			setcookie(AUTH_COOKIE," ",time()-31536000,cookiepath(),COOKIE_DOMAIN);
		}
		
	//
	//	add custom hooks
	//
	
		add_action("admin_menu","as_config_page");
		add_action("init", "as_init");
		add_action("login_head","as_login_redirect");
		add_action("set_auth_cookie","as_set_auth_cookie");
		add_action("wp_logout","as_clear_auth_cookie");
		
		add_filter("preview_page_link", "as_post_link");
		add_filter("preview_post_link", "as_post_link");		
	}
	
//
//	support for WordPress versions pre-2.5
//	

	else require_once("admin-ssl-legacy.php");
		
?>