frontycore/functions.php

## functions.php
<?php

/**
 * Locking whole web with simple password form
 * ACF fields:
 * 	- string 'wiki_password' - from settings, password to validate against the input form viewer login form
 * 	- bool 'wiki_lock_site' - from settings, whether the site should be only accessible with password
 *	- array 'wiki_allowed_posts' - from settings, relation filed returning an array of post IDs, which are allowed to be viewed without password
 */

// Initialize session and process login form, if sent
add_action('init', function() {
	if (!session_id()) session_start();

	// End processing if no login form data in $_POST
	if (!isset($_POST['viewer_password'])) return;


	// Login form nonce verification
	if (!isset($_POST['viewer_login_nonce']) || !wp_verify_nonce($_POST['viewer_login_nonce'], 'viewer_login')) {
		$_SESSION['wiki_login_msg'] = 'Ověření formuláře se nepovedlo. Jestli jste robot, tak běžte robotovat někam jinam!';

	// Given pasword is incorrect
	} else if ($_POST['viewer_password'] !== wiki_get_login_password())  {
		$_SESSION['wiki_login_msg'] = 'Zadali jste špatné heslo. Zkuste to znovu, nebo běžte do pryč...';

	// Save session
	} else {
		$_SESSION[wiki_get_login_session_name()] = time();
	}

	// Reload to referer or homepage
	$url = (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : get_home_url();
	wp_safe_redirect($url);
	exit();
}, 1);

// Get login password in plain-text
function wiki_get_login_password() {
	// return get_field('wiki_password', 'option');
	return 'heslo';
}

// Get session name based on password - new password = new session
function wiki_get_login_session_name() {
	return sha1(wiki_get_login_password());
}

// Render login form
function wiki_login_form() {
	$msg = null;
	if (isset($_SESSION['wiki_login_msg'])) {
		$msg = $_SESSION['wiki_login_msg'];
		unset($_SESSION['wiki_login_msg']);
	}
	?>
	<!DOCTYPE html>
	<html lang="<?php echo str_replace('_', '-', get_locale()) ?>">
		<head>
			<meta http-equiv="Content-Type" content="text/xhtml; charset=<?php bloginfo('charset'); ?>">
			<title><?php wp_title('|', true, 'right') ?></title>
		</head>
		<body>
			<?php if ($msg) { ?>
				<h2><?php echo $msg ?></h2>
			<?php } ?>
			<form action="<?php echo esc_url(home_url()) ?>" method="post">
				<input type="password" name="viewer_password" placeholder="Heslo">
				<?php wp_nonce_field('viewer_login', 'viewer_login_nonce') ?>
				<input type="submit" value="Přihlásit se">
			</form>
		</body>
	</html>
	<?php
}

// Does viewer session exist and is not expired?
function wiki_is_viewer_logged_in() {
	$sessionName = wiki_get_login_session_name();
	if (!isset($_SESSION[$sessionName]) || !is_numeric($_SESSION[$sessionName])) return false;
	$loggedIn = (new \DateTime())->setTimestamp(intval($_SESSION[$sessionName]));
	$expiration = (clone $loggedIn)->modify('+30 days'); // Session expire after given amount of time
	return new \DateTime() <= $expiration;
}

// Is user allowed to view the web?
function wiki_is_site_locked() {
	// Site is not locked by password
	if (!get_field('wiki_lock_site', 'option')) return false;

	// Current page / post / any CPT is allowed to be viewed without password
	$obj = get_queried_object();
	if ($obj instanceof WP_Post) {
		$allowedIds = array_filter((array)get_field('wiki_allowed_posts', 'option'));
		if (in_array($obj->ID, $allowedIds)) retrun false;
	}

	// Site is locked for users, who are not logged in admin nor have active viewer session
	return !is_user_logged_in() && !wiki_is_viewer_logged_in();
}

// Show login form if the site is locked
add_filter('template_redirect', function($template) {
	if (wiki_is_site_locked()) {
		wiki_login_form();
		exit();
	}
	return $template;
});
	<?php

	/**
	* Locking whole web with simple password form
	* ACF fields:
	* - string 'wiki_password' - from settings, password to validate against the input form viewer login form
	* - bool 'wiki_lock_site' - from settings, whether the site should be only accessible with password
	* - array 'wiki_allowed_posts' - from settings, relation filed returning an array of post IDs, which are allowed to be viewed without password
	*/

	// Initialize session and process login form, if sent
	add_action('init', function() {
	if (!session_id()) session_start();

	// End processing if no login form data in $_POST
	if (!isset($_POST['viewer_password'])) return;


	// Login form nonce verification
	if (!isset($_POST['viewer_login_nonce']) \|\| !wp_verify_nonce($_POST['viewer_login_nonce'], 'viewer_login')) {
	$_SESSION['wiki_login_msg'] = 'Ověření formuláře se nepovedlo. Jestli jste robot, tak běžte robotovat někam jinam!';

	// Given pasword is incorrect
	} else if ($_POST['viewer_password'] !== wiki_get_login_password()) {
	$_SESSION['wiki_login_msg'] = 'Zadali jste špatné heslo. Zkuste to znovu, nebo běžte do pryč...';

	// Save session
	} else {
	$_SESSION[wiki_get_login_session_name()] = time();
	}

	// Reload to referer or homepage
	$url = (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : get_home_url();
	wp_safe_redirect($url);
	exit();
	}, 1);

	// Get login password in plain-text
	function wiki_get_login_password() {
	// return get_field('wiki_password', 'option');
	return 'heslo';
	}

	// Get session name based on password - new password = new session
	function wiki_get_login_session_name() {
	return sha1(wiki_get_login_password());
	}

	// Render login form
	function wiki_login_form() {
	$msg = null;
	if (isset($_SESSION['wiki_login_msg'])) {
	$msg = $_SESSION['wiki_login_msg'];
	unset($_SESSION['wiki_login_msg']);
	}
	?>
	<!DOCTYPE html>
	<html lang="<?php echo str_replace('_', '-', get_locale()) ?>">
	<head>
	<meta http-equiv="Content-Type" content="text/xhtml; charset=<?php bloginfo('charset'); ?>">
	<title><?php wp_title('\|', true, 'right') ?></title>
	</head>
	<body>
	<?php if ($msg) { ?>
	<h2><?php echo $msg ?></h2>
	<?php } ?>
	<form action="<?php echo esc_url(home_url()) ?>" method="post">
	<input type="password" name="viewer_password" placeholder="Heslo">
	<?php wp_nonce_field('viewer_login', 'viewer_login_nonce') ?>
	<input type="submit" value="Přihlásit se">
	</form>
	</body>
	</html>
	<?php
	}

	// Does viewer session exist and is not expired?
	function wiki_is_viewer_logged_in() {
	$sessionName = wiki_get_login_session_name();
	if (!isset($_SESSION[$sessionName]) \|\| !is_numeric($_SESSION[$sessionName])) return false;
	$loggedIn = (new \DateTime())->setTimestamp(intval($_SESSION[$sessionName]));
	$expiration = (clone $loggedIn)->modify('+30 days'); // Session expire after given amount of time
	return new \DateTime() <= $expiration;
	}

	// Is user allowed to view the web?
	function wiki_is_site_locked() {
	// Site is not locked by password
	if (!get_field('wiki_lock_site', 'option')) return false;

	// Current page / post / any CPT is allowed to be viewed without password
	$obj = get_queried_object();
	if ($obj instanceof WP_Post) {
	$allowedIds = array_filter((array)get_field('wiki_allowed_posts', 'option'));
	if (in_array($obj->ID, $allowedIds)) retrun false;
	}

	// Site is locked for users, who are not logged in admin nor have active viewer session
	return !is_user_logged_in() && !wiki_is_viewer_logged_in();
	}

	// Show login form if the site is locked
	add_filter('template_redirect', function($template) {
	if (wiki_is_site_locked()) {
	wiki_login_form();
	exit();
	}
	return $template;
	});