Requiring a Password / Passphrase to view contents of category with Wordpress

Question

I'm trying to set something up where when a user clicks on a category link within the navbar, it asks them for a password / passphrase to view that categories posts. I've done a lot of digging, and I can't seem to find a solution. Can anyone point me in the right direction? I figured I would be able to solve this with a little bit of script work, but I can't even find something to get me started. Help?

Answer 1

I don't think this is something that would require a plugin. In this case I would write something along the lines of this.

This script is assuming the user is making a http POST request to this page, probably by submitting a form somewhere on your website.

If any of this looks foreign to you feel free to ask and I'll be happy to clarify :)

<?php
//Create new database connection
$idForPassword = 5;
$mysqli = new mysqli("localhost", "DBusername", "DBpassword", "DBName");

//Create new prepared statement
$stmt = $mysqli->prepare("SELECT password FROM sometable WHERE id = ?");
$stmt->bind_param("i", $idForPassword);

// execute query
$stmt->execute();

// bind result variables
$stmt->bind_result($result);

$stmt->fetch();

// Hash the password so we aren't storing a password as plain text in the database
// ideally you also add a salt to your password but since this is just an example
// I'll leave that part out
$password = md5($_POST['password']);

if($password == $result)
{
    //allow user access
}
else
{
    //deny user access
}

edit: A little more info on Salting and Hasing passwords. I'd recommend reading it whenever you get the chance since its a fairly easy way to implement basic level of security if you plan on storing passwords in a database.

The security issue with simple hashing (md5 et al) isn't really the speed, so much as the fact that it's idempotent; two different people with the same password will have the same hash, and so if one person's hash is brute-forced, the other one will as well. This facilitates rainbow attacks. Simply slowing the hash down isn't a very useful tactic for improving security. It doesn't matter how slow and cumbersome your hash algorithm is - as soon as someone has a weak password that's in a dictionary, EVERYONE with that weak password is vulnerable.

Also, hash algorithms such as md5 are for the purpose of generating a digest and checking if two things are probably the same as each other; they are not intended to be impossible to generate a collision for. Even if an underlying password itself requires a lot of brute forcing to determine, that doesn't mean it will be impossible to find some other bit pattern that generates the same hash in a trivial amount of time.

As such: please, please, PLEASE only use salted hashes for password storage. There is no reason to implement your own salted hash mechanism, either, as crypt() already does an excellent job of this.