… bypass password prompt with direct link to protected page?

  • Resolved mmolino

    (@mmolino)


    15 years, 1 month ago

    I have a password protected page on my blog. Some family members have a hard time remembering the password or typing it in. As simple as typing in a password is, I’d like to make it even simpler. I’d like to create a direct link that would bypass the password.

    I don’t want to change the default behavior. If someone clicks the link in the header, they should be prompted for the password. If they enter it correctly, they should get to the correct page. I just want a direct link that I can email people that will completely bypass that (by putting the password in the URL, not just setting a flag which renders the password useless).

    I’m fairly competent with wordpress and mokeying around in PHP… if someone could at least point me in the right direction, I might be able to hack something together myself.

    Thanks in advance for any help you can offer.

    PS – I realize this is very insecure, but it’s not like I’m hiding government secrets. It’s just a page with some home movies in flash format.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter mmolino

    (@mmolino)

    No one responded so I decided to stop being so lazy and figure it out myself ??

    Here is my solution if anyone else ever need it.

    I opened up wp-includes/post_template.php and changed the function post_password_required() as follows

    function post_password_required( $post = null ) {
	$post = get_post($post);

	if ( empty($post->post_password) )
		return false;

	if ( $_GET['get_password'] == $post->post_password )
		return false;

	if ( !isset($_COOKIE['wp-postpass_' . COOKIEHASH]) )
		return true;

	if ( $_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password )
		return true;

	return false;
}

    All I did was add this part:

    if ( $_GET['get_password'] == $post->post_password )
		return false;

    So basically, the page behaves normally. If someone clicks it, it asks for a password… BUT, if I want to send someone a link, I just add &get_password=**** to the end of the URL and the link will by pass the password prompt.

    This is fantastic, I am going to use it for an online game. Thanks so much for sharing this!


    Berserc

    I’m interested in using this for a page instead of a post. I tried to follow these instructions and they don’t seem to apply for pages. Any suggestions?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘… bypass password prompt with direct link to protected page?’ is closed to new replies.