Give users a maximum upload capacity; limit the number of files a user can upload OR limit the number of files per upload

I’m using the Media Library on the front end of my website and I’d like to stop users from being able to spam my server by uploading an unlimited number of files.

As such, I’d like to do one or maybe all of the below:

Read More
  1. Give users a maximum upload capacity; i.e. users can upload up to 10 megabytes of files.
  2. Limit the number of files a user can upload on a per-post basis
  3. Limit the number of files a user can upload when they click the “Insert” button, i.e. the Flash uploader and Classic uploader will only let you upload, for instance, 2 files at a time.

None of these are bullet-proof but they’d hopefully make such “spamming” a difficulty.

Thanks in advance,

Related posts

Leave a Reply

2 comments

  1. Assuming that you’re providing upload functionality via WordPress’ native functions, lik wp_handle_upload or something more high-level, we come to the conclusion that several hooks are going to be pulled.

    http://core.trac.wordpress.org/browser/tags/3.3/wp-admin/includes/file.php#L212

    The wp_handle_upload function would probably be the last native function to touch the file, and would know all the information that is necessary to keep track of.

    Two hooks inside this function are of interest: wp_handle_upload and wp_handle_upload_prefilter. The latter comes first, this could check against the current limits and prevent the file from being uploaded. The former would track filesizes and count. Storing the information would be handled by none other than update_user_meta.

    add_filter( 'wp_handle_upload', 'wpse47580_update_upload_stats' );
    function wpse47580_update_upload_stats( $args ) {
        $file = $args['file'];
        $size = filesize( $file ); // bytes
    
        $user_id = get_current_user_id();
    
        $upload_count = get_user_meta( $user_id, 'upload_count', $single = true );
        $upload_bytes = get_user_meta( $user_id, 'upload_bytes', $single = true );
    
        update_user_meta( $user_id, 'upload_count', $upload_count + 1 );
        update_user_meta( $user_id, 'upload_bytes', $upload_bytes + $size );
    }
    
    add_filter( 'wp_handle_upload_prefilter', 'wpse47580_check_upload_limits' );
    function wpse47580_check_upload_limits( $file ) {
        $user_id = get_current_user_id();
    
        $upload_count = get_user_meta( $user_id, 'upload_count', $single = true );
        $upload_bytes = get_user_meta( $user_id, 'upload_bytes', $single = true );
    
        $filesize = /* get filesize from $file array */;
        $upload_bytes_limit_reached = apply_filters( 'wpse47580_upload_bytes_limit_reached', 1024*1024*10 ) > ( $filesize + $upload_bytes );
        $upload_count_limit_reached = apply_filters( 'wpse47580_upload_count_limit_reached', 100 ) > ( $upload_count + 1 );
    
        if ( $upload_count_limit_reached || $upload_bytes_limit_reached )
            $file['error'] = 'Upload limit has been reached for this account!';
    
        return $file;
    }
    

    Theoretically, this works; practically – untested. Let us know how it goes.

    Per post upload limits would be kept in the post meta, probably like {$user_id}_upload_count etc. Don’t see why that wouldn’t work.

    If you’re using custom code to handle uploads (which I doublt), then you can implement your own actions and filters just like wp_handle_uploads does.

  2. I’ve amended Soulseekah’s code somewhat as the apply_filter variables weren’t working for me – probably because I don’t understand them!

    # [File Upload]
    #
    # Two filters to give users a maximum upload limit of 10Mb and 100 files.
    # This function runs after the file has been uploaded.
    add_filter( 'wp_handle_upload', 'wpse47580_update_upload_stats' );
    function wpse47580_update_upload_stats( $args ) {
        $size = filesize( $args['file'] );
    
        $user_id = get_current_user_id();
    
        $upload_count = get_user_meta( $user_id, 'upload_count', true );
        $upload_bytes = get_user_meta( $user_id, 'upload_bytes', true );
    
        update_user_meta( $user_id, 'upload_count', $upload_count + 1 );
        update_user_meta( $user_id, 'upload_bytes', $upload_bytes + $size );
    }
    
    # This function runs before the file is uploaded.
    add_filter( 'wp_handle_upload_prefilter', 'wpse47580_check_upload_limits' );
    function wpse47580_check_upload_limits( $file ) {
        $user_id = get_current_user_id();
    
        $upload_count = get_user_meta( $user_id, 'upload_count', true );
        $upload_bytes = get_user_meta( $user_id, 'upload_bytes', true );
    
        $filesize = $file['size']; // bytes
    
        $upload_bytes_limit_reached = ( ( $filesize + $upload_bytes ) > ( 1024 * 1024 * 10 ) );
    
        $upload_count_limit_reached = ( $upload_count + 1 ) > 100;
    
        if ( $upload_count_limit_reached || $upload_bytes_limit_reached )
            $file['error'] = 'Upload limit has been reached for this account!';
    
        return $file;
    }
    

    This would be really simple to make a plugin from so I might release it at some point in the future, when I’ve developed an interface for it.