Is there any way at all to restrict direct access to files within a specific folder to only specific wordpress users that have that specific capability set?
Leave a Reply
You must be logged in to post a comment.
Is there any way at all to restrict direct access to files within a specific folder to only specific wordpress users that have that specific capability set?
You must be logged in to post a comment.
The easiest php solution would be to make a download script. It checks if the user has the right permissions and serves the file to the webclient. Or my preference setup a folder outside your web root and put the files there.
Set the file permissions with no anonymous access and let the webserver read them and output them in a php file like this. The below code reads the file and sents it to the browser.
edit 14-1:
create a normal upload box and when the file gets uploaded move it to a folder outside of your webroot directory (this folder can not be accessed by users through http, only the webserver.
$upload_dir.$filename is the full path to the directory outside the www folder.
The file can now only be accessed by the webserver. Store the location in a database with uploader info. Or create subdirectories for each user. You need something to differentiate the files for each user.
Now when you want to download a file create a script called download.php
In that script you check if the user has rights to the file.
now you want to pass a file_id or name to the download script.
so craft the link like url/download.php?file=$file. You have to call this directly or at the early stages of your plugin or you will get the headers already sent message. The script will check if the user has rights and start to output binary data.
It should be something like this, hope it helps. Its not the complete but should get you started.