Submit WordPress form password programmatically

Question

How can I let a user access a WordPress protected page with a URL that will submit the password in the form below?

I want to be able to let a user get to a password protected WordPress page without needing to type the password, so when they go to the page, the password is submitted by a POST URL on page load.

This not intended to be secure in any respect; I'll need to hardcode the password in the URL and the PHP. It's just for simplicity for the user.

Edit 4/19/10: As per answers below, it's possible to set a cookie directly to allow users to not have to enter a password. Letting search bots in is best done by detecting the user agent and redirecting, as bots aren't going to deal with cookies.

This is the form (which is WordPress core code):

<form action="http://mydomain.com/wp-pass.php" method="post">

Password: <input name="post_password" type="password" size="20" />

<input type="submit" name="Submit" value="Submit" /></form>

This is wp-pass.php (which is WordPress core code):

<?php
require( dirname(__FILE__) . '/wp-load.php');

if ( get_magic_quotes_gpc() )
    $_POST['post_password'] = stripslashes($_POST['post_password']);

setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);

wp_safe_redirect(wp_get_referer());
?>

Answer 1

Rather than keep appending in the previous answer, I'll try to explain the problem a bit further here.

The way Wordpress passwording works, is:

1. The original page has a form, which is sent to wp-pass.php.
2. wp-pass.php takes the provided password, puts it in a cookie and redirects the user back ot the original page.
3. The original page checks the cookie and if the password is correct, it will show the page.

The problem here is that search engines don't accept cookies. So, you have two options:

1. Change the code Wordpress uses for passworded content to something that also accepts $_GET variables.
2. Use cURL to send the cookie using headers, having a separate page search engines can use.

I'd love to expand on the latter answer if you want, but I do wonder; if you're going to give search engines access to passworded content, anyone will have access. Why not just remove the password?

Answer 2

Change $_POST to $_REQUEST everywhere in wp-pass.php.

That code is only looking at the POST variables, not the GET variables in the URL. The REQUEST global contains both the POST, and the GET variables, which is what you want.

There's probably a better way, but I don't know WordPress.

EDIT

The problem is those parameters are in the GET array, not the POST array. So using a regular link with parameters isn't going to work. You can use a form with a hidden field. You can style the submit button to look like a link, if you want.

<form action="http://mydomain.com/wp-pass.php" method="post">
<input name="post_password" type="hidden" value="totally insecure password here" />
<input type="submit" name="Submit" value="Click here to enter your account" />
</form>