How can I let a user access a WordPress protected page with a URL that will submit the password in the form below?
I want to be able to let a user get to a password protected WordPress page without needing to type the password, so when they go to the page, the password is submitted by a POST URL on page load.
This not intended to be secure in any respect; I’ll need to hardcode the password in the URL and the PHP. It’s just for simplicity for the user.
Edit 4/19/10: As per answers below, it’s possible to set a cookie directly to allow users to not have to enter a password. Letting search bots in is best done by detecting the user agent and redirecting, as bots aren’t going to deal with cookies.
This is the form (which is WordPress core code):
<form action="http://mydomain.com/wp-pass.php" method="post">
Password: <input name="post_password" type="password" size="20" />
<input type="submit" name="Submit" value="Submit" /></form>
This is wp-pass.php (which is WordPress core code):
<?php
require( dirname(__FILE__) . '/wp-load.php');
if ( get_magic_quotes_gpc() )
$_POST['post_password'] = stripslashes($_POST['post_password']);
setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
?>
Rather than keep appending in the previous answer, I’ll try to explain the problem a bit further here.
The way WordPress passwording works, is:
is sent to
wp-pass.php
.wp-pass.php
takes the providedpassword, puts it in a cookie and
redirects the user back ot the
original page.
and if the password is correct, it
will show the page.
The problem here is that search engines don’t accept cookies. So, you have two options:
$_GET
variables.I’d love to expand on the latter answer if you want, but I do wonder; if you’re going to give search engines access to passworded content, anyone will have access. Why not just remove the password?
Change $_POST to $_REQUEST everywhere in wp-pass.php.
That code is only looking at the POST variables, not the GET variables in the URL. The REQUEST global contains both the POST, and the GET variables, which is what you want.
There’s probably a better way, but I don’t know WordPress.
EDIT
The problem is those parameters are in the GET array, not the POST array. So using a regular link with parameters isn’t going to work. You can use a form with a hidden field. You can style the submit button to look like a link, if you want.
If you want to do this without editing WP’s core, you can use cURL to simulate POST variables like this:
In your comment in this answer:
Beware about this practice. Search engines could interpret this as Cloaking.
I’m not saying they are automatically going to know you’re doing this, maybe they’ll never will. But it’s interesting to know the risks involved.
I would like to know your intents about this practice to know if there are other alternatives that fit your needs.
First I don’t know how search engines react to javascript, but could something like this work?
Call
mydomain.com/wp-pass.php?post_password=mypassword&Submit=Submit
Add these 2 js function:
Add to the body tag,
OnLoad="setPassword();"
I dont know how robots react to this…
I think the previous answers are rather more convoluted than they need to be.
If everyone can read the page, do not password protect it. That is by far the most neat solution. What is the password for if everyone and his dog can read the page?
If you really feel the need to make a link that uses POST though, here is the way to do it:
(Sorry if this background is redundant, but it seems like from your question like it is worth mentioning: HTTP supports various methods on URLs; POST is on, GET is another. When you normal-fetch a url, like with an <a> element, you are using the GET method.)
I agree that modifying core files to replace $_POST with $_REQUEST is unnecessary. What you want is a link element that uses the POST method. To do that, make a simple form like so:
You can add style=”border: 0; background: transparent;” and so on to the second input to make it look like a normal link if you want. It is a bit cumbersome, but works fine whenever you need to send a link using the POST method.
PS. Using Wireshark to inspect POST variables is a big waste of time. Install the Firebug FF extension and use the net panel. It will massively speed up working these sorts of things out.