Restricting access to files within a specific folder [duplicate]

The easiest php solution would be to make a download script. It checks if the user has the right permissions and serves the file to the webclient. Or my preference setup a folder outside your web root and put the files there.

Set the file permissions with no anonymous access and let the webserver read them and output them in a php file like this. The below code reads the file and sents it to the browser.

header("Expires: 0"); 
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 
header("Cache-Control: private",false); 
header('Content-disposition: attachment; filename=". $file;
header("Content-Transfer-Encoding:  binary"); 
header("Content-Length: ". filesize(ABSPATH.$dir.$file); 
readfile($dir.$file);
exit();

edit 14-1:

create a normal upload box and when the file gets uploaded move it to a folder outside of your webroot directory (this folder can not be accessed by users through http, only the webserver.

if (move_uploaded_file( $_FILES["Filedata']['tmp_name'] , $upload_dir.$filename ) ) {
// code to do after the file has been copied succesfully. Update your database or something.
}

$upload_dir.$filename is the full path to the directory outside the www folder.
The file can now only be accessed by the webserver. Store the location in a database with uploader info. Or create subdirectories for each user. You need something to differentiate the files for each user.

Now when you want to download a file create a script called download.php
In that script you check if the user has rights to the file.

global $user;
if ($user->id == $uploaded_user_id) {
    header("Expires: 0"); 
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 
    header("Cache-Control: private",false); 
    header('Content-disposition: attachment; filename=". $file;
    header("Content-Transfer-Encoding:  binary"); 
    header("Content-Length: ". filesize(ABSPATH.$upload_dir.$file); 
    readfile($upload_dir.$file);
    exit();

}

now you want to pass a file_id or name to the download script.
so craft the link like url/download.php?file=$file. You have to call this directly or at the early stages of your plugin or you will get the headers already sent message. The script will check if the user has rights and start to output binary data.

It should be something like this, hope it helps. Its not the complete but should get you started.

Related Posts:

  1. How to Protect Uploads, if User is not Logged In?
  2. Cannot upload anything via wordpress
  3. Too slow Image upload in WordPress Media Library as image number increases
  4. How to Protect Uploads, if User is not Logged In?
  5. Handle image file and save it to media
  6. WordPress 3.5: Setting custom “full URL path to files” in the Media Library?
  7. Delete an attachment in the WP media modal window
  8. Upload images to remote server
  9. Rendering the uploaded file in a wp.media object
  10. WordPress Media Manager 3.5 – default link to
  11. How to wp_upload_bits() to a sub-folder?
  12. How to hide media uploads by other users in the Media menu?
  13. “Add Media” only shows “Full Size” under Attachment Display Settings
  14. Where do the favicons for Media Files come from
  15. Is it possible to trigger some JavaScript when Media Popup is opened?
  16. How to call WP3.5 Media Library manager?
  17. Creating a metabox to upload multiple images, Ignoring The Featured Image
  18. How to protect uploads in multisite if user is not logged in?
  19. Ignore a filter on the media library
  20. Change default tab of media manager
  21. get total number of images from media using xml-rpc
  22. Audio Playlist : How to bind events for “track change”, “track end”?
  23. Failed media import
  24. Upload mobi and epub file in the MEDIA of WP
  25. Media items hogging pretty permalinks
  26. Change WordPress’ media upload URL?
  27. WordPress media upload “HTTP error”
  28. Restrict file types in the uploader of a wp.media frame
  29. WordPress 3.0 Media Upload Directory
  30. How to import 55k images (uploaded via FTP) into WordPress Media libary? [closed]
  31. Different upload path per file type
  32. Proper way to change the path of uploads folder for existing WordPress site
  33. 3.5 Media Manager – callout in metaboxes
  34. How do I get allowed Media Library upload file extension list?
  35. Cannot upload .mp3 file to wordpress media
  36. HTTP Error when uploading files above 7mb unless using GD Image Editor
  37. Add instructions For Media Library Uploads
  38. Audio file’s length (duration) is missing from Attachment Details in Media Library [closed]
  39. How to replicate Media Library “Add New” on Plugin Settings Page
  40. Media Manager: refresh library after new selection
  41. Switch between tabs on “Insert Media” dialog
  42. Bulk edit of EXIF data for jpeg images uploaded in the media library?
  43. Video uploaded with the native media uploader gives Error 404
  44. How organize uploaded media in WP?
  45. Display attachments by the ID of the post being edited in the wp.media frame (frontend)
  46. Overriding of the template for the Attachment “thumbnails” in the Media Grid isn’t working
  47. Limit number of images to upload in wp.media function
  48. WordPress Issue : The uploaded file could not be moved to wp-content/uploads/
  49. Allow Editor Role to Edit Media
  50. Using wp_enqueue_media() with switch_to_blog() issue
  51. Bulk image importing from folders
  52. how to upload file to media library using link [closed]
  53. WordPress media uploader – upload tabs not hiding
  54. Media Manager (since 3.5): How to show an empty Media Library when creating a media frame?
  55. Upload video in custom folder
  56. Media Library not showing images but still acknowledges existence
  57. Set Maximum Width for an uploaded image
  58. upload_max_filesize is set to 64 MB already but WordPress is still showing 2 MB
  59. Remove delete-attachment button for every media
  60. PHP error when trying to upload .mp3 files via Media Library [closed]
  61. Get images attached to a specific page
  62. Is there a way in WordPress to convert images to WebP without a plugin?
  63. How to disable (and hide) the Media Library for certain users?
  64. How to change the text of the “You are about to permanently delete these items…” alert message when deleting media from the media library?
  65. Open Media Uploader Link in single post or page
  66. Remove Media File Items From Server That Do Not Exist in Media Library
  67. Add SWF file to wordpress through custom template
  68. Attaching images to multiple galleries
  69. Whats wrong with my wp gallery?
  70. Uploaded images result in a file url with full path on disk appended
  71. How to re-house images in uploads/YYYY/MM
  72. Using WP-CLI “wp media import” to sync files to the media library
  73. Publish / unpublish media items in the media library
  74. Efficient way to move media folder to another folder
  75. WordPress append -1 to the image name
  76. Make inline uploader (plupload) on options page upload to a specific folder
  77. How to add HTML into error message
  78. Images not displaying on site or media library
  79. Replicate Media Galley Edit view in Add Media View
  80. Front-End Upload media with category
  81. Creating multiple instances of Media Uploader
  82. How to manually set an attachment in a post?
  83. Adding attachment custom field metadata to TinyMCE tag
  84. Insert Link to Audio versus Embed Audio Player
  85. Media not displaying other users uploads – WordPress 4.9.2
  86. Change default ‘file not supported’ error message
  87. How to create different media uploader frames / filter library depending on a custom action
  88. Organising and display thousands of photos in media library
  89. cant able to upload media to my wordpress blog
  90. Organizing the Media Library for Cleanup
  91. Insert media while posting is not working with new wordpress update
  92. Customize WordPress Upload Directory
  93. Import of 200+ sermons
  94. controlling whether upload is attached to post or not
  95. Edit Image/Image Details – Replace button missing
  96. Media Library is not loading on grid view in admin panel
  97. Blurry Images WordPress 5.8.1
  98. Add link to media files in backend and modify linked images in the frontend
  99. Save Custom Meta Value on Media Upload
  100. upload image to wordpress media library failed for custom post type

Leave a Comment