From d75c687a8b8633c88c889e6f36799c28811722d9 Mon Sep 17 00:00:00 2001
From: Eliurkis Diaz <eliurkis@gmail.com>
Date: Thu, 17 Sep 2020 15:08:23 -0400
Subject: [PATCH] Add ability to add pages/posts to the allowed list

---
 README.md              |  1 +
 admin/admin.php        | 38 ++++++++++++++++++++++++++++++++++++++
 password-protected.php | 28 ++++++++++++++++++++++++++++
 3 files changed, 67 insertions(+)

diff --git a/README.md b/README.md
index 9f6d2e6..92dd887 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ Features include:
 - Password protect your WordPress site with a single password.
 - Option to allow access to feeds.
 - Option to allow administrators access without entering password.
+- Option to unprotect pages and posts by ID (allowed list)
 - Works with Mark Jaquith's [Login Logo](https://wordpress.org/plugins/login-logo/) plugin.
 - Works with the [Uber Login Logo](https://wordpress.org/plugins/uber-login-logo/) plugin.
 
diff --git a/admin/admin.php b/admin/admin.php
index cbb971a..9f4961e 100644
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -163,6 +163,14 @@ public function password_protected_settings() {
 			'password_protected'
 		);
 
+        add_settings_field(
+            'password_protected_unprotected_pages',
+            __( 'Unprotected Pages', 'password-protected' ),
+            array( $this, 'password_protected_unprotected_pages_field' ),
+            $this->options_group,
+            'password_protected'
+        );
+
 		register_setting( $this->options_group, 'password_protected_status', 'intval' );
 		register_setting( $this->options_group, 'password_protected_feeds', 'intval' );
 		register_setting( $this->options_group, 'password_protected_rest', 'intval' );
@@ -172,6 +180,7 @@ public function password_protected_settings() {
 		register_setting( $this->options_group, 'password_protected_allowed_ip_addresses', array( $this, 'sanitize_ip_addresses' ) );
 		register_setting( $this->options_group, 'password_protected_remember_me', 'boolval' );
 		register_setting( $this->options_group, 'password_protected_remember_me_lifetime', 'intval' );
+        register_setting( $this->options_group, 'password_protected_unprotected_pages', array( $this, 'sanitize_pages' ) );
 
 	}
 
@@ -237,6 +246,25 @@ private function validate_ip_address( $ip_address ) {
 
 	}
 
+    /**
+     * Sanitize Pages
+     *
+     * @param   string  $val  List of page IDs, one per line
+     * @return  string        Sanitized list of pages.
+     */
+    public function sanitize_pages( $val ) {
+
+        $page_ids = explode( "\n", $val );
+        $page_ids = array_map( 'sanitize_text_field', $page_ids );
+        $page_ids = array_map( 'trim', $page_ids );
+        $page_ids = array_filter( $page_ids );
+
+        $val = implode( "\n", $page_ids );
+
+        return $val;
+
+    }
+
 	/**
 	 * Password Protected Section
 	 */
@@ -311,6 +339,16 @@ public function password_protected_remember_me_lifetime_field() {
 
 	}
 
+    /**
+     * Unprotected Pages Field
+     */
+    public function password_protected_unprotected_pages_field() {
+
+        echo '<textarea name="password_protected_unprotected_pages" id="password_protected_unprotected_pages" rows="3" class="large-text" />' . get_option( 'password_protected_unprotected_pages' ) . '</textarea>';
+        echo '<p class="description">' . esc_html__( 'Enter one Page/Post ID per line.', 'password-protected' ) . '</p>';
+
+    }
+
 	/**
 	 * Pre-update 'password_protected_password' Option
 	 *
diff --git a/password-protected.php b/password-protected.php
index 23c0e6c..fb15377 100644
--- a/password-protected.php
+++ b/password-protected.php
@@ -67,6 +67,7 @@ public function __construct() {
 		add_filter( 'pre_option_password_protected_status', array( $this, 'allow_feeds' ) );
 		add_filter( 'pre_option_password_protected_status', array( $this, 'allow_administrators' ) );
 		add_filter( 'pre_option_password_protected_status', array( $this, 'allow_users' ) );
+		add_filter( 'pre_option_password_protected_status', array( $this, 'allow_pages' ) );
 		add_filter( 'rest_authentication_errors', array( $this, 'only_allow_logged_in_rest_access' ) );
 		add_action( 'init', array( $this, 'compat' ) );
 		add_action( 'password_protected_login_messages', array( $this, 'login_messages' ) );
@@ -214,6 +215,33 @@ public function allow_users( $bool ) {
 
 	}
 
+    /**
+     * Allow Pages
+     *
+     * @param   boolean  $bool  Allow administrators.
+     * @return  boolean         True/false.
+     */
+    public function allow_pages( $bool ) {
+
+        if (is_admin() && (bool) get_option( 'password_protected_administrators' ) ) {
+            return 0;
+        }
+
+        if (is_user_logged_in() && (bool) get_option( 'password_protected_users' ) ) {
+            return 0;
+        }
+
+        $ppup_val = get_option( 'password_protected_unprotected_pages' );
+        if($ppup_val !== false && strlen(trim($ppup_val)) > 0) {
+            $unprotected_page_ids = explode( "\n", $ppup_val );
+            if( is_array($unprotected_page_ids) && is_page( $unprotected_page_ids ) ) {
+                return 0;
+            }
+        }
+
+        return $bool;
+    }
+
 	/**
 	 * Allow IP Addresses
 	 *