installation instructions. Author: BCG Version: 1.2 Date: 2008-08-12 17:47 Author URI: http://www.kerrins.co.uk/ * Release Notes Version 1.2 detects Apache version and alters default HTTPS detection values accordingly support for WordPress 2.6 - but only by disabling the new 'secure' cookies forces wp-admin/users.php to be secure as well - the page has password entry Version 1.1 new feature: site-side URLs can be secured in the same way as admin URLs new feature: option to detect HTTPS on custom server setups Akismet's WordPress API Key config page added to default additional URLs improved regular expression in as_ob_handler() for adding absolute hrefs more redirection bugfixes for shared ssl, changes to common functions security enhancements, force script to die if Admin SSL pages accessed directly Version 1.0 new feature: full support for WordPress 2.2+, moved legacy code to separate file new feature: debug and reset modes for troubleshooting - do not leave enabled new feature: support for WordPress MU, but only with Private SSL new feature: secure additional custom pages defined on the config page new feature: if options are not set, inserts default values into database new feature: user can decide where you want Admin SSL's options page removed short tags from admin-ssl-config.php in line with WP plugins code of practice configuration page no longer allows non-HTTPS shared URLs to be saved more bugfixes to redirection, significant code enhancements and commenting Version 0.72 redirection bugfixes and code enhancements, improved force SSL login feature Version 0.71 full legacy version (0.64) added (realised it was incomplete!) filtering $location in wp_redirect() to ensure redirection to secure URL bugfixes for creating siteurl cookie for use in Shared SSL setups WordPress compliant readme added, with screenhots Version 0.70 support for both WP 2.5 and WP pre-2.5 using WP options and configuration page for Shared SSL code cleanup and commenting, removing all unnecessary functions Version 0.67 - removing unnecessary overloaded functions Version 0.66 - updated to work with WP 2.5 Version 0.65 - securing /wp-content/ pages * Development History admin-ssl 0.64 by Haris (haris.tv) secure-admin 0.2 by Ryan Boren */ // // if you are experiencing problems, set this to 'true' and messages will be logged // in the Admin SSL directory (usually /wp-content/plugins/admin-ssl/debug.log // define("DEBUG",false); // // if this is 'true' then the database will be updated with the default options - use if // you cannot access admin-ssl-reset.php after setting wrong Shared SSL settings // you MUST change back to false after resetting, or you will not be able to enable SSL // define("RESET",false); /* * * * * * * * * DO NOT EDIT BELOW THIS LINE - USE THE CONFIG PAGE TO CHANGE SETTINGS * * * * * * * * * */ // // requires $wp_version check - this plugin WILL BREAK earlier versions of WordPress and WPMU // if(isset($wp_version) && strpos($wp_version,"wordpress-mu") === false && $wp_version >= 2.2) { // // // DEBUG MODE AND FUNCTIONS // // if(!defined("TEST") || $first_test): require_once("includes/debug.php"); require_once("includes/functions.php"); endif; // // // OPERATING DIRECTORY AND WPMU DETECTION // // // // get operating directory and log environment variables // $slash = strpos(__FILE__,"/") === false ? "\\" : "/"; $path = str_replace($slash."admin-ssl.php","",__FILE__); $dir = substr($path,strrpos($path,$slash)+1); as_log("### ADMIN SSL BEGINS ###"); as_log("HTTP Host: ".host()." Request URI: ".req_uri()." Redirect to: ".redirect_to()." Found admin-ssl.php in - path: $path - directory: $dir"); // // if operating directory is mu-plugins, get the name of admin-ssl directory // $plugins_dir = "plugins"; $config_page = $wp_version < 2.5 ? "config-page-old.php" : "config-page.php"; if($dir === "mu-plugins") { $d_mu_plugins = dir($path); $tmp = ""; // // loop through the main plugins directory // while(false !== ($plugin_dir = $d_mu_plugins->read())) { if($plugin_dir !== "." && $plugin_dir !== "..") { // // build the path to each entry - if it is a subfolder, open it // $plugin_path = $path.$slash.$plugin_dir; if(is_dir($plugin_path)) { $d_plugin = dir($plugin_path); // // loop through each item in this subfolder, searching for $config_page // while(false !== ($entry = $d_plugin->read())) { if(is_file($plugin_path.$slash.$entry) && $entry === $config_page) { $tmp = $plugin_dir; break(2); } } } } } // // if the loop finds the config file it saves the directory as $tmp and breaks the loop // if($tmp) { $dir = $tmp; $plugins_dir = "mu-plugins"; $config_parent = "wpmu-admin.php"; as_log("Using WPMU - Admin SSL directory changed to: $dir"); } } // // function returns true if WPMU has been detected // if(!defined("TEST") || $first_test): function is_wpmu() { global $plugins_dir; return($plugins_dir === "mu-plugins" ? true : false); }endif; // // log variables just defined // as_log("Plugins directory: $plugins_dir Config page: $config_page Is WPMU: ".(is_wpmu() ? "Yes" : "No")); // // // GET (OR SET DEFAULT) OPTIONS // // require_once("includes/options.php"); // // // THIS IS WHERE THE REAL STUFF BEGINS... // // if(!defined("TEST") || $first_test): // // // WORDPRESS HOOKS - CHECKING HTTP/HTTPS // // require_once("includes/https.php"); // // // WORDPRESS HOOKS - CONFIGURATION // // require_once("includes/config.php"); // // // WORDPRESS HOOKS - COOKIE HANDLING // // require_once("includes/cookies.php"); // // // ADD WORDPRESS HOOKS // // require_once("includes/hooks.php"); // // // REPLACE WP 2.6 COOKIE CODE // // require_once("includes/wp-2.5-auth-cookies.php"); endif; } ?>