Wordpress: Only logged in users can access files - and the server itself

StackOverflow https://stackoverflow.com/questions/23673432

  •  23-07-2023
  •  | 
  •  

Вопрос

I have a .htaccess script located in my Wordpress upload-folder, where I only allow Logged in users to see the files, to prevent users sharing links to a members only area.

My problem is that I have a ZIP-functionality that access the folder as well, and this doesn't work together...

.htaccess:

 RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a|jpeg|jpg|gif|png|bmp|pdf|doc|docx|ppt|pptx|)$
 RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
 RewriteRule . - [R=403,L]

ZIP-functionality:

    global $current_user;
    get_currentuserinfo();

    $files = $allAssetFiles;
    $zip = new ZipArchive();
    $zip_name = "downloads/" . $current_user->display_name . time() . ".zip"; // Zip name
    $zip->open($zip_name,  ZipArchive::CREATE);
    foreach ($files as $file) {
        $path = $file;
        $zip->addFromString(basename($path), file_get_contents($path));
    }
    $zip->close();

The line that gives me the error is:

$zip->addFromString(basename($path), file_get_contents($path));

And the error it self is this:

Warning: file_get_contents(http://domain.dev/wp-content/uploads/2014/05/7.-APPROACH-TO-BLOGGERS-KOLs.pdf) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /Users/user/project/wp-content/themes/roots/templates/sortbar.php on line 41

What can I do to allow access from my server???

Это было полезно?

Решение

Two possibilities:

1: add a condition to your .htaccess that allows access from your server. This could look like this:

RewriteCond %{REMOTE_ADDR} ^!1\.2\.3\.4$

(not tested, this is just to give you an idea).

2: Use direct paths on the filesystem.

Instead of

http://domain.dev/wp-content/uploads/2014/05/7.-APPROACH-TO-BLOGGERS-KOLs.pdf

use

/path/to/your/wordpressdir/wp-content/uploads/2014/05/7.-APPROACH-TO-BLOGGERS-KOLs.pdf

You can do this by just adding:

$path = str_replace("http://domain.dev", "/path/to/your/wordpressdir", $file);

I'd prefere this version, as it only adds overhead to download the files again over the httpd just to zip them.

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top