stackoom
  简体   繁体   中英

Wordpress: Only logged in users can access files - and the server itself

 原文  2014-05-15 08:50:09       php/ wordpress/ .htaccess

Question

I have a .htaccess script located in my Wordpress upload-folder, where I only allow Logged in users to see the files, to prevent users sharing links to a members only area.

My problem is that I have a ZIP-functionality that access the folder as well, and this doesn't work together...

.htaccess: 

 RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a|jpeg|jpg|gif|png|bmp|pdf|doc|docx|ppt|pptx|)$
 RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
 RewriteRule . - [R=403,L]

ZIP-functionality: 

    global $current_user;
    get_currentuserinfo();

    $files = $allAssetFiles;
    $zip = new ZipArchive();
    $zip_name = "downloads/" . $current_user->display_name . time() . ".zip"; // Zip name
    $zip->open($zip_name,  ZipArchive::CREATE);
    foreach ($files as $file) {
        $path = $file;
        $zip->addFromString(basename($path), file_get_contents($path));
    }
    $zip->close();

The line that gives me the error is: 

$zip->addFromString(basename($path), file_get_contents($path));

And the error it self is this:

Warning: file_get_contents( http://domain.dev/wp-content/uploads/2014/05/7.-APPROACH-TO-BLOGGERS-KOLs.pdf ) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /Users/user/project/wp-content/themes/roots/templates/sortbar.php on line 41

What can I do to allow access from my server???

1 answers

solution1
 0 ACCPTED  2014-05-15 09:44:05

Two possibilities:

1: add a condition to your .htaccess that allows access from your server. This could look like this: 

RewriteCond %{REMOTE_ADDR} ^!1\.2\.3\.4$

(not tested, this is just to give you an idea).

2: Use direct paths on the filesystem.

Instead of 

http://domain.dev/wp-content/uploads/2014/05/7.-APPROACH-TO-BLOGGERS-KOLs.pdf

use 

/path/to/your/wordpressdir/wp-content/uploads/2014/05/7.-APPROACH-TO-BLOGGERS-KOLs.pdf

You can do this by just adding: 

$path = str_replace("http://domain.dev", "/path/to/your/wordpressdir", $file);

I'd prefere this version, as it only adds overhead to download the files again over the httpd just to zip them.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WordPress - How to block Access to specific files or directories for users that are not logged in? restrict access to image files for logged in users only in php PDFs files that can only be accessed by logged-in Joomla Users Upload files to a folder that only logged in users can read php How to allow only logged in user to access files in a folder on linux server How to restrict downloads only to users logged in Wordpress Show specific categories to logged in users only in WordPress Wordpress changes are visible only to logged in users Restrict content access only to Logged In users php allow access to pages to only logged in users
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM