[29-Sep-2024 04:17:27 UTC] PHP Warning:  Cannot modify header information - headers already sent in /wp-content/plugins/wp-basic-authentication/wp-basic-authentication.php on line 83

[29-Sep-2024 04:17:27 UTC] PHP Warning:  Cannot modify header information - headers already sent in /wp-content/plugins/wp-basic-authentication/wp-basic-authentication.php on line 84

[29-Sep-2024 15:00:57 UTC] PHP Warning:  Cannot modify header information - headers already sent in /wp-content/plugins/wp-basic-authentication/wp-basic-authentication.php on line 75

…every time someone hits the site.

This answer might help you:

https://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php

After fully localized this great plugin to zh_TW, I found a UI string without I18N code.

inc\class-wpba-setting.php line 58 should be the following.

<script type='text/javascript' src='https://storage.ko-fi.com/cdn/widget/Widget_2.js'></script><script type='text/javascript'>kofiwidget2.init('<?php esc_html_e( 'Tip Me on Ko-fi', 'wp-basic-authentication' ); ?>', '#29abe0', 'J3J6HM43W');kofiwidget2.draw();</script>

Making the donation button localizable may be a good idea.

Hello nutttaro,

is it possible to add a bypass for 127.0.0.1 to your plugin?

The background is simply that it should be usable for devolopment, but your lock means that wp-cli cannot be executed.

A sketch would be e.g.:

    public function basic_auth_handler()
    {
 
        $enable = $this->options['enable'] ?? 0;
        $username = $this->options['username'] ?? '';
        $password = $this->options['password'] ?? '';
 
        $access = False;
 
        if ( defined( 'WP_CLI' ) && WP_CLI ) {
            if (!$_SERVER['REQUEST_URI'] || $_SERVER['REMOTE_ADDR'] === '127.0.0.1') {
                $access = True;
         
            }     
        } 
      if ($enable && $username)
        {
            if( $access === False){
                $AUTH_USER = $username;
                $AUTH_PASS = $password;
                header('Cache-Control: no-cache, must-revalidate, max-age=0');
                $has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
                $is_not_authenticated = (
                    (!$has_supplied_credentials ||
                    $_SERVER['PHP_AUTH_USER'] != $AUTH_USER ||
                    $_SERVER['PHP_AUTH_PW'] != $AUTH_PASS) 
                );
      
                if ($is_not_authenticated) {
                    header('HTTP/1.1 401 Authorization Required');
                    header('WWW-Authenticate: Basic realm="Access denied"');
                    exit;
                }
            }
       
        }

_

This would improve the plugin and be helpful for WordPress development.

Thank you for your work, I would be happy to receive an answer.

Best Regards

I have a multisite and I think that is why when using this plugin it is asking for the login twice. Have you experienced this before and is there anything I can do to fix it?

I have setup basic authentication using the plugin WP Basic Authentication and confirmed it’s working properly.

The code for getting all the images from the site using the API

<?php

    $login = base64_encode("Username:Password");

    $url =  'https://mysite.org.il/wp-json/wp/v2/media';
    $ch = curl_init();

    curl_setopt( $ch, CURLOPT_URL, $url );
    curl_setopt($ch,  CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    curl_setopt( $ch, CURLOPT_HTTPHEADER, [
        'Authorization: Basic ' . $login,
    ] );
    $result = curl_exec( $ch );
    curl_close( $ch );
    print_r( json_decode( $result ) );

?>

Posting using the following code returns the error

stdClass Object ( [code] => rest_cannot_create [message] => Sorry, you are not allowed to create posts as this user. [data] => stdClass Object ( [status] => 401 ) )

The user is the only user defined in the site so it's the admin.

This is the upload code

<?php
    $filename = "IMG_0965.jpg";
    $login = base64_encode("Username:Password");

    $file = file_get_contents( $filename );
    $mime = mime_content_type( $filename );
    $url =  'https://mysite.org.il/wp-json/wp/v2/media';
    $ch = curl_init();

    curl_setopt( $ch, CURLOPT_URL, $url );
    curl_setopt( $ch, CURLOPT_POST, 1 );
    curl_setopt($ch,  CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt( $ch, CURLOPT_POSTFIELDS, $file );
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    curl_setopt( $ch, CURLOPT_HTTPHEADER, [
        'Content-Type: '.$mime,
        'Content-Disposition: attachment; filename="'.$filename.'"',
        'Authorization: Basic ' . $login,
    ] );
    $result = curl_exec( $ch );
    curl_close( $ch );
    print_r( json_decode( $result ) );
?>

Any help with understanding the problem and how to fix this will be much appreciated.