/** * Top-level method for running security check on content, then displaying * Access Denied message when appropriate. Overall, this is the core * validation method for PSC. * * @global object $post Gets db information about this post (used to determind post_type) * @global object $current_user Info for the currently logged in user * @param string $content * @return string */ public static function protect_content() { global $post, $page, $id, $current_user, $is_IIS; $secureallowed = true; $plugin_opts = get_option('contexture_ps_options'); //SET 401 CODE IF ON AD PAGE (AND NEVER BLOCK) if (!is_admin() && CTXPS_Queries::check_ad_status()) { if (!$is_IIS && php_sapi_name() != 'cgi-fcgi') { status_header(401); // This causes problems on IIS and some FastCGI setups } return; //Exit the function, no further checks are needed } //CONDITIONS WHERE USER SHOULD BE LET THROUGH if (current_user_can('edit_others_posts')) { return; //Exit the function, no further checks are needed } //ALLOW HOOK TO EXEMPT PAGES FROM PROTECTION - IF CURRENT PAGE IS IN ARRAY, END CHECK $force_public_pages = array(); if (isset($plugin_opts['force-public-pages']) && !empty($plugin_opts['force-public-pages'])) { $force_public_pages = str_getcsv(str_replace(' ', '', $plugin_opts['force-public-pages'])); } $force_public_pages = apply_filters('force_public_pages', $force_public_pages); if (in_array($post->ID, $force_public_pages)) { return; } //SITE-WIDE PROTECTION if ($plugin_opts['ad_opt_protect_site'] === 'true') { /**Groups that this user is a member of*/ $siteaccess = CTXPS_Queries::get_user_groups($current_user->ID, true); //User isnt in any groups, no more checking necessary if (empty($siteaccess)) { self::deny_access($plugin_opts); } //If $siteaccess returned anything, we can safely assume user has "Limited" //Since "Full" isn't implemented yet, we don't have to make that check or change the way get_user_groups works } //POST/PAGE-SPECIFIC PROTECTION if (!is_home() && !is_category() && !is_tag() && !is_feed() && !is_tax() && !is_admin() && !is_404() && !is_archive() && !is_search()) { //We may want to use a global override, so check first... if (!isset($useraccess)) { /**Groups that this user is a member of*/ $useraccess = CTXPS_Queries::get_user_groups($current_user->ID); } /**MERGE PAGE/TERM ARRAYS******************************************/ //Get any page requirements $pagereqs = self::get_post_protection($post->ID); //wp_die(sprintf('<pre>%s</pre>',print_r($pagereqs,true))); /**PAGE/SECTION CHECK**********************************************/ if ($pagereqs !== false && is_array($pagereqs)) { //Determine if user can access this content $pageallowed = self::check_access($useraccess, $pagereqs); //NOT ALLOWED TO ACCESS! if (!$pageallowed) { self::deny_access($plugin_opts); } } //If we reach this point, there's no reason to deny access } }