Changeset 3454890

Timestamp:

02/05/2026 07:07:10 PM (7 weeks ago)

Author:

areziaal

Message:

Version 1.1.0

Location:

planned-outage

Files:

• tags/1.1.0 (added)
• tags/1.1.0/planned-outage.php (added)
• tags/1.1.0/readme.txt (added)
• trunk/planned-outage.php (modified) (13 diffs)
• trunk/readme.txt (modified) (4 diffs)

planned-outage/trunk/planned-outage.php

@@ -5 +5 @@
  * Requires at least: 6.3
  * Requires PHP:      7.0
- * Version:           1.0.0
+ * Version:           1.1.0
  * Author:            Troy Chaplin
  * License:           GPL-2.0-or-later
@@ -77 +77 @@
             add_settings_error( 'pobt_settings', 'tracking_reset', 'Duration tracking has been reset.', 'success' );
         }
+
+        // Handle regenerate bypass link action.
+        if ( isset( $_POST['pobt_regenerate_bypass'] ) && check_admin_referer( 'pobt_regenerate_bypass_action' ) ) {
+            update_option( 'pobt_bypass_key', wp_generate_password( 32, false ) );
+            add_settings_error( 'pobt_settings', 'bypass_regenerated', 'Bypass link has been regenerated. The previous link will no longer work.', 'success' );
+        }
         register_setting(
             'pobt_settings',
@@ -112 +118 @@
             )
         );
+        register_setting(
+            'pobt_settings',
+            'pobt_bypass_enabled',
+            array(
+                'type'              => 'boolean',
+                'default'           => false,
+                'sanitize_callback' => 'rest_sanitize_boolean',
+            )
+        );
     }
 
@@ -118 +133 @@
      */
     public function settings_page() {
-        $enabled     = get_option( 'pobt_enabled', false );
-        $retry_after = get_option( 'pobt_retry_after', 3600 );
-        $allow_bots  = get_option( 'pobt_allow_bots', false );
-        $template    = $this->get_maintenance_template();
-
-        // Track when maintenance was enabled.
+        $enabled        = get_option( 'pobt_enabled', false );
+        $retry_after    = absint( get_option( 'pobt_retry_after', 3600 ) );
+        $allow_bots     = get_option( 'pobt_allow_bots', false );
+        $bypass_enabled = get_option( 'pobt_bypass_enabled', false );
+        $template       = $this->get_maintenance_template();
+
+        // Track when maintenance was enabled (skip for pre-launch mode).
         // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Only checking if settings were updated, not processing form data.
-        if ( isset( $_GET['settings-updated'] ) && $enabled && ! get_option( 'pobt_enabled_at' ) ) {
+        if ( isset( $_GET['settings-updated'] ) && $enabled && 0 !== $retry_after && ! get_option( 'pobt_enabled_at' ) ) {
             update_option( 'pobt_enabled_at', time() );
             // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Only checking if settings were updated, not processing form data.
-        } elseif ( isset( $_GET['settings-updated'] ) && ! $enabled ) {
+        } elseif ( isset( $_GET['settings-updated'] ) && ( ! $enabled || 0 === $retry_after ) ) {
             delete_option( 'pobt_enabled_at' );
+        }
+
+        // Generate or remove bypass key based on setting.
+        // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Only checking if settings were updated, not processing form data.
+        if ( isset( $_GET['settings-updated'] ) && $bypass_enabled && ! get_option( 'pobt_bypass_key' ) ) {
+            update_option( 'pobt_bypass_key', wp_generate_password( 32, false ) );
+            // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Only checking if settings were updated, not processing form data.
+        } elseif ( isset( $_GET['settings-updated'] ) && ! $bypass_enabled ) {
+            delete_option( 'pobt_bypass_key' );
         }
         ?>
@@ -165 +190 @@
                         <td>
                             <select name="pobt_retry_after">
+                                <option value="0" <?php selected( $retry_after, 0 ); ?>>Pre-Launch (indefinite)</option>
                                 <option value="1800" <?php selected( $retry_after, 1800 ); ?>>30 minutes</option>
                                 <option value="3600" <?php selected( $retry_after, 3600 ); ?>>1 hour</option>
@@ -173 +199 @@
                                 <option value="86400" <?php selected( $retry_after, 86400 ); ?>>1 day (maximum recommended)</option>
                             </select>
-                            <p class="description">Tells search engines when to check back. For maintenance longer than 1 day, enable search engine access below.</p>
+                            <p class="description">Tells search engines when to check back. Select Pre-Launch for sites that aren't live yet. For maintenance longer than 1 day, enable search engine access below.</p>
                         </td>
                     </tr>
@@ -186 +212 @@
                         </td>
                     </tr>
+                    <tr>
+                        <th scope="row">Bypass Link</th>
+                        <td>
+                            <label>
+                                <input type="checkbox" name="pobt_bypass_enabled" value="1" <?php checked( $bypass_enabled, 1 ); ?>>
+                                Allow non-logged-in users to bypass maintenance mode via a secret link
+                            </label>
+                            <p class="description">When enabled, a unique URL is generated that lets anyone with the link browse the site normally during maintenance.</p>
+                            <?php
+                            $bypass_key = get_option( 'pobt_bypass_key' );
+                            if ( $bypass_enabled && $bypass_key ) :
+                                $bypass_url = add_query_arg( 'pobt_bypass', $bypass_key, home_url( '/' ) );
+                                ?>
+                                <div style="margin-top: 10px; padding: 10px; background: #f0f0f1; border-left: 4px solid #2271b1;">
+                                    <p style="margin: 0 0 6px 0;"><strong>Bypass URL:</strong></p>
+                                    <code style="display: block; padding: 6px 8px; background: #fff; word-break: break-all;"><?php echo esc_url( $bypass_url ); ?></code>
+                                    <p class="description" style="margin-top: 6px;">Share this link with anyone who needs to view the site during maintenance. The link sets a cookie so they can navigate freely for 12 hours.</p>
+                                </div>
+                            <?php endif; ?>
+                        </td>
+                    </tr>
                 </table>
 
@@ -191 +238 @@
             </form>
 
-            <?php $enabled_at = get_option( 'pobt_enabled_at', 0 ); ?>
-            <?php if ( $enabled_at ) : ?>
-                <hr style="margin: 30px 0;">
-                <h2>Duration Tracking</h2>
-                <p>Maintenance mode was enabled on: <strong><?php echo esc_html( wp_date( 'F j, Y \a\t g:i a', $enabled_at ) ); ?></strong></p>
-                <p class="description">If this date is incorrect (e.g., from a previous maintenance period), you can reset it.</p>
+            <?php if ( $bypass_enabled && get_option( 'pobt_bypass_key' ) ) : ?>
                 <form method="post" style="margin-top: 10px;">
-                    <?php wp_nonce_field( 'pobt_reset_tracking_action' ); ?>
-                    <input type="hidden" name="pobt_reset_tracking" value="1">
-                    <?php submit_button( 'Reset Duration Tracking', 'secondary', 'submit', false ); ?>
+                    <?php wp_nonce_field( 'pobt_regenerate_bypass_action' ); ?>
+                    <input type="hidden" name="pobt_regenerate_bypass" value="1">
+                    <?php submit_button( 'Regenerate Bypass Link', 'secondary', 'submit', false ); ?>
+                    <p class="description" style="margin-top: 6px;">Generate a new bypass link. The previous link will stop working immediately.</p>
                 </form>
             <?php endif; ?>
 
-            <div class="card" style="max-width: 600px; margin-top: 20px; padding: 16px 20px;">
-                <h3 style="margin: 0 0 12px 0; font-size: 14px; font-weight: 600;">SEO Recommendations</h3>
-                <ul style="list-style: disc; margin: 0 0 0 20px; padding: 0; line-height: 1.8;">
-                    <li><strong>Under 2 hours:</strong> Default settings are fine.</li>
-                    <li><strong>2-24 hours:</strong> Consider enabling search engine access.</li>
-                    <li><strong>Over 1 day:</strong> Always enable search engine access. Extended 503 responses can cause pages to be removed from search indexes.</li>
-                </ul>
-            </div>
+            <?php if ( 0 !== $retry_after ) : ?>
+                <?php $enabled_at = get_option( 'pobt_enabled_at', 0 ); ?>
+                <?php if ( $enabled_at ) : ?>
+                    <hr style="margin: 30px 0;">
+                    <h2>Duration Tracking</h2>
+                    <p>Maintenance mode was enabled on: <strong><?php echo esc_html( wp_date( 'F j, Y \a\t g:i a', $enabled_at ) ); ?></strong></p>
+                    <p class="description">If this date is incorrect (e.g., from a previous maintenance period), you can reset it.</p>
+                    <form method="post" style="margin-top: 10px;">
+                        <?php wp_nonce_field( 'pobt_reset_tracking_action' ); ?>
+                        <input type="hidden" name="pobt_reset_tracking" value="1">
+                        <?php submit_button( 'Reset Duration Tracking', 'secondary', 'submit', false ); ?>
+                    </form>
+                <?php endif; ?>
+
+                <div class="card" style="max-width: 600px; margin-top: 20px; padding: 16px 20px;">
+                    <h3 style="margin: 0 0 12px 0; font-size: 14px; font-weight: 600;">SEO Recommendations</h3>
+                    <ul style="list-style: disc; margin: 0 0 0 20px; padding: 0; line-height: 1.8;">
+                        <li><strong>Under 2 hours:</strong> Default settings are fine.</li>
+                        <li><strong>2-24 hours:</strong> Consider enabling search engine access.</li>
+                        <li><strong>Over 1 day:</strong> Always enable search engine access. Extended 503 responses can cause pages to be removed from search indexes.</li>
+                    </ul>
+                </div>
+            <?php endif; ?>
         </div>
         <?php
@@ -249 +307 @@
 
     /**
+     * Checks if the current visitor has bypass access via query param or cookie.
+     *
+     * Sets a cookie on first valid access so subsequent page loads don't need the query param.
+     *
+     * @return bool True if the visitor has a valid bypass token.
+     */
+    private function has_bypass_access() {
+        $bypass_key = get_option( 'pobt_bypass_key' );
+
+        if ( ! $bypass_key ) {
+            return false;
+        }
+
+        // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- This is a public-facing bypass token, not a form submission.
+        $query_token  = isset( $_GET['pobt_bypass'] ) ? sanitize_text_field( wp_unslash( $_GET['pobt_bypass'] ) ) : '';
+        $cookie_token = isset( $_COOKIE['pobt_bypass'] ) ? sanitize_text_field( wp_unslash( $_COOKIE['pobt_bypass'] ) ) : '';
+
+        if ( hash_equals( $bypass_key, $query_token ) || hash_equals( $bypass_key, $cookie_token ) ) {
+            // Set cookie if not already present or if arriving via query param.
+            if ( $query_token && ( ! $cookie_token || ! hash_equals( $bypass_key, $cookie_token ) ) ) {
+                setcookie(
+                    'pobt_bypass',
+                    $bypass_key,
+                    array(
+                        'expires'  => time() + ( 12 * HOUR_IN_SECONDS ),
+                        'path'     => '/',
+                        'secure'   => is_ssl(),
+                        'httponly' => true,
+                        'samesite' => 'Lax',
+                    )
+                );
+            }
+
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
      * Checks if the current request is for the homepage.
      *
@@ -282 +380 @@
         }
 
+        // Allow bypass via secret link if enabled.
+        if ( get_option( 'pobt_bypass_enabled', false ) && $this->has_bypass_access() ) {
+            return $template;
+        }
+
         // Allow search engine bots through if enabled.
         if ( get_option( 'pobt_allow_bots', false ) && $this->is_search_engine_bot() ) {
@@ -293 +396 @@
         }
 
+        $retry_after = absint( get_option( 'pobt_retry_after', 3600 ) );
+
         nocache_headers();
         status_header( 503 );
-        header( 'Retry-After: ' . absint( get_option( 'pobt_retry_after', 3600 ) ) );
+
+        if ( $retry_after > 0 ) {
+            header( 'Retry-After: ' . $retry_after );
+        }
 
         // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound -- WordPress core global.
@@ -329 +437 @@
     public function duration_warning() {
         if ( ! get_option( 'pobt_enabled', false ) ) {
+            return;
+        }
+
+        // Skip duration warnings in pre-launch mode.
+        if ( 0 === absint( get_option( 'pobt_retry_after', 3600 ) ) ) {
             return;
         }
@@ -364 +477 @@
         delete_option( 'pobt_enabled' );
         delete_option( 'pobt_enabled_at' );
+        delete_option( 'pobt_bypass_key' );
     }
 }

planned-outage/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 6.3
 Tested up to: 6.9
-Stable tag: 1.0.0
+Stable tag: 1.1.0
 Requires PHP: 7.0
 License: GPLv2 or later
@@ -22 +22 @@
 * Logged-in users bypass maintenance mode
 * Configurable expected duration (Retry-After header)
+* Pre-launch mode for sites that aren't live yet
 * Optional search engine bot access during maintenance
+* Bypass link to let non-logged-in users preview the site during maintenance
 * Admin bar indicator when maintenance mode is active
-* Duration warning after 3 days of maintenance
+* Duration warning after 3 days of maintenance (except in pre-launch mode)
 * Returns proper 503 status code for SEO
 
@@ -50 +52 @@
 = Who can see the site when maintenance mode is enabled? =
 
-All logged-in users can browse the site normally. Only logged-out visitors see the maintenance template. You can also enable search engine bots to bypass maintenance mode.
+All logged-in users can browse the site normally. Only logged-out visitors see the maintenance template. You can also enable search engine bots to bypass maintenance mode, or generate a bypass link for non-logged-in users.
 
 = What is the Expected Duration setting? =
 
-This sets the Retry-After HTTP header, which tells search engines how long to wait before checking your site again. Options range from 30 minutes to 1 day.
+This sets the Retry-After HTTP header, which tells search engines how long to wait before checking your site again. Options range from 30 minutes to 1 day. You can also select "Pre-Launch (indefinite)" for sites that aren't live yet, which disables duration tracking and admin warnings.
+
+= What is the Bypass Link? =
+
+When enabled, the plugin generates a secret URL you can share with anyone who needs to view the site during maintenance without logging in. A 12-hour cookie is set on first visit so they can navigate freely. You can regenerate the link at any time to invalidate the previous one.
 
 = Should I enable Search Engine Access? =
@@ -70 +76 @@
 == Changelog ==
 
+= 1.1.0 =
+* Added bypass link feature for sharing preview access with non-logged-in users
+* Added pre-launch mode (indefinite duration) that disables time tracking and admin warnings
+* Bypass link sets a 12-hour cookie for seamless navigation
+* Regenerate bypass link to invalidate previous links
+
 = 1.0.0 =
 * Initial release