Home » Wordpress » Protect under-developpement Website / Custom URL per user and store IP

Protect under-developpement Website / Custom URL per user and store IP

Posted by: admin November 30, 2017 Leave a comment

Questions:

I want to protect a page under developpement. The problem is that people are sharing that link. I’d like to manually give a custom link to the users, store the IP they use and then prevent the link being reused on a different IP. I’m using wordpress, and It’s the entire site i’d like to protect. Also, is there a way to track who shared the URL?

Exemple :

I’d give a friend this http://exemple.com/abc, that link works as long as the user is on the IP that was first used. If that user shares that link to someone else or another IP tries to access the site using the URL I’d like to log it somehow.

Answers:

I’ll give you some basic advises, since this is relatively complicated and I don’t have the time to write all of the code 🙂 .

First you need to add a plain admin page – on this page initially you want to have a <form> with a text field and a submit field. The text field will be where you enter the page URL that you want to share.

You will also have an option stored in the database(we will create that later). It should be an array, to which you will later add the URL’s.

Once you submit the URL you will create a nonce for this URL – it must be unique for it(you can use uniqid() for instance). You will then store the URL in an array like this:

if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
    $urls = get_option( 'my_custom_links', array() );

    $id = uniqid();

    $urls[ $id ] = array(
        'url' => $_POST['my_url'],
        'ip' => '',
    );

    // Update the links.
    update_option( 'my_custom_links', $urls );
}

$urls = get_option( 'my_custom_links', array() );

// Display the form here...

// Display the URL's data
foreach ($urls as $id => $data) {
    echo '<p>URL: <strong>' . $data['url'] . '</strong><br />Share URL: <strong>' . add_query_arg( 'n', $id, home_url( '/' ) ) . '</strong>' . ( $data['ip'] ? '<br />Accessed from IP: <strong>' . $data['ip'] . '</strong>' : '' ) . '</p>';
}

Then you just need to add a function that will check if a user is allowed to view a specific URL, like so(add the code to your functions.php):

function my_site_protection() {
    global $pagenow;
    // If we're not on admin or login page and the user is not logged-in
    if ( ! is_admin() && 'wp-login.php' != $pagenow ) {
        $login_redirect = true;
        if ( isset( $_GET['n'] ) && $_GET['n'] ) {
            $n = $_GET['n'];
            $urls = get_option( 'my_custom_links', array() );
            $data = isset( $urls[ $n ] ) ? $urls[ $n ] : false;
            if ( $data ) {
                if ( ! $data['ip'] || $data['ip'] == $_SERVER['REMOTE_ADDR'] ) {
                    // If no IP is set, set it and update the option
                    if ( ! $data['ip'] ) {
                        $urls[ $id ]['ip'] = $_SERVER['REMOTE_ADDR'];
                        update_option( 'my_custom_links', $urls );
                    }
                    if ( add_query_arg( 'n', $id, $data['url'] ) == curPageURL() ) {
                        // Don't redirect if we're on the correct page
                        $login_redirect = false;
                    } else {
                        // Redirect the user to the proper URL
                        wp_redirect( add_query_arg( 'n', $id, $data['url'] ) );
                        exit;
                    }
                }
            }
        }
        // Redirect user to log-in screen
        $login_redirect && auth_redirect();
    }
}
add_action('init', 'my_site_protection', 1);

function curPageURL() {
    $pageURL = 'http';
    if ($_SERVER["HTTPS"] == "on") {
        $pageURL .= "s";
    }
    $pageURL .= "://";
    if ($_SERVER["SERVER_PORT"] != "80") {
        $pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
    } else {
        $pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
    }
    return $pageURL;
}

You’ll have to figure-out the rest on your own, but I gave you most of the stuff, so if you look around a bit, you’ll be able to accomplish that.

PP: I haven’t tested the code, but in theory it should work – tell me if some part of it doesn’t work.