mgritz
commented
6 years ago That would be a very helpful feature! Unfortunately my PHP is not that good... Would that actually be complicated? @benhuson
Open darenbaker opened 7 years ago
mgritz
commented
6 years ago That would be a very helpful feature! Unfortunately my PHP is not that good... Would that actually be complicated? @benhuson
alexanderkladov
commented
5 years ago @darenbaker & @mgritz
I was looking for a solution to this as well, because we have an iOS app, which uses wrapped, password-protected WordPress site as it's core. So I was planning on writing a small bypass function upon Wordpress init to feed the password into this plugin via a URL $_GET variable.
But, after reviewing the main core of password-protected.php file, it will turned out that this function: https://github.com/benhuson/password-protected/blob/49549c6c72f3d89e448b8f5a8d56284f40c327ba/password-protected.php#L293-L330 already takes care of all that out of the box!
All you need to do is add password_protected_pwd URL variable like so: example.com/?password_protected_pwd=PASSWORD
On top of that, you can also setup your own form on any other website, which can redirect you to the password protected site & auto-login by feeding a $_POST variable password_protected_pwd to the site.
Awesome!
NOTE 1: If you are passing your password using a $_GET variable, make sure to only use URL-safe passwords with no spaces, otherwise auto-login might not work.
NOTE 2: As far as I can see, the auto-login will only work with a base URL, which means that you can't redirect to a sub-page on the site & auto-login (i.e. example.com/some-page/?password_protected_pwd=password won't work).
benhuson
commented
5 years ago Great if that works :)
You may be able to ads a ‘redirect_to’ parameter if you want to redirect to a page after login:
example.com/?password_protected_pwd=PASSWORD&redirect_to=URL
In our implementation, we have a support site that is only for user of our web application. So we have a link from our application - which users have logged into - that points to another domain with our support site. Rather than having to communicate passwords to them all and hope they'll remember next time they want to access the site it would be awesome if in our link we could pass a value, include querystring, etc. that bypasses the login.