I have a .htaccess script located in my WordPress upload-folder, where I only allow Logged in users to see the files, to prevent users sharing links to a members only area.
My problem is that I have a ZIP-functionality that access the folder as well, and this doesn’t work together…
.htaccess:
RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a|jpeg|jpg|gif|png|bmp|pdf|doc|docx|ppt|pptx|)$
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . - [R=403,L]
ZIP-functionality:
global $current_user;
get_currentuserinfo();
$files = $allAssetFiles;
$zip = new ZipArchive();
$zip_name = "downloads/" . $current_user->display_name . time() . ".zip"; // Zip name
$zip->open($zip_name, ZipArchive::CREATE);
foreach ($files as $file) {
$path = $file;
$zip->addFromString(basename($path), file_get_contents($path));
}
$zip->close();
The line that gives me the error is:
$zip->addFromString(basename($path), file_get_contents($path));
And the error it self is this:
Warning:
file_get_contents(http://domain.dev/wp-content/uploads/2014/05/7.-APPROACH-TO-BLOGGERS-KOLs.pdf)
[function.file-get-contents]: failed to open stream: HTTP request
failed! HTTP/1.1 403 Forbidden in
/Users/user/project/wp-content/themes/roots/templates/sortbar.php on line 41
What can I do to allow access from my server???
Two possibilities:
1: add a condition to your .htaccess that allows access from your server. This could look like this:
(not tested, this is just to give you an idea).
2: Use direct paths on the filesystem.
Instead of
use
You can do this by just adding:
I’d prefere this version, as it only adds overhead to download the files again over the httpd just to zip them.