Requiring a Password / Passphrase to view contents of category with Wordpress

StackOverflow https://stackoverflow.com/questions/20406782

Question

I'm trying to set something up where when a user clicks on a category link within the navbar, it asks them for a password / passphrase to view that categories posts. I've done a lot of digging, and I can't seem to find a solution. Can anyone point me in the right direction? I figured I would be able to solve this with a little bit of script work, but I can't even find something to get me started. Help?

Était-ce utile?

La solution

I don't think this is something that would require a plugin. In this case I would write something along the lines of this.

This script is assuming the user is making a http POST request to this page, probably by submitting a form somewhere on your website.

If any of this looks foreign to you feel free to ask and I'll be happy to clarify :)

<?php
//Create new database connection
$idForPassword = 5;
$mysqli = new mysqli("localhost", "DBusername", "DBpassword", "DBName");

//Create new prepared statement
$stmt = $mysqli->prepare("SELECT password FROM sometable WHERE id = ?");
$stmt->bind_param("i", $idForPassword);

// execute query
$stmt->execute();

// bind result variables
$stmt->bind_result($result);

$stmt->fetch();

// Hash the password so we aren't storing a password as plain text in the database
// ideally you also add a salt to your password but since this is just an example
// I'll leave that part out
$password = md5($_POST['password']);

if($password == $result)
{
    //allow user access
}
else
{
    //deny user access
}

edit: A little more info on Salting and Hasing passwords. I'd recommend reading it whenever you get the chance since its a fairly easy way to implement basic level of security if you plan on storing passwords in a database.

The security issue with simple hashing (md5 et al) isn't really the speed, so much as the fact that it's idempotent; two different people with the same password will have the same hash, and so if one person's hash is brute-forced, the other one will as well. This facilitates rainbow attacks. Simply slowing the hash down isn't a very useful tactic for improving security. It doesn't matter how slow and cumbersome your hash algorithm is - as soon as someone has a weak password that's in a dictionary, EVERYONE with that weak password is vulnerable.

Also, hash algorithms such as md5 are for the purpose of generating a digest and checking if two things are probably the same as each other; they are not intended to be impossible to generate a collision for. Even if an underlying password itself requires a lot of brute forcing to determine, that doesn't mean it will be impossible to find some other bit pattern that generates the same hash in a trivial amount of time.

As such: please, please, PLEASE only use salted hashes for password storage. There is no reason to implement your own salted hash mechanism, either, as crypt() already does an excellent job of this.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top