WPFTS Pro Main Site WPFTS Community Forum
    • Recent
    • Tags
    • Popular
    • Register
    • Login
    Get WPFTS Pro today with 25% discount!

    Protect attachment file from downloading (without plugins)?

    Scheduled Pinned Locked Moved Recipes and Known Solutions
    1 Posts 1 Posters 696 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • EpsilonAdminE
      EpsilonAdmin
      last edited by EpsilonAdmin

      Well, lots of WPFTS Pro users asked: how we can prevent open/download attachment (PDF, DOCX) files from non-authorized users? They want files to be found by their content and then shown in search results. But when the non-authorized user trying to open this file, he should be redirected to the special page where he can log in or buy access, etc.

      The solution is pretty simple and only contains a dozen lines of PHP code.

      The idea is to show "attachment page" links instead of direct links to files in search results (you can get this using the respective checkbox in WPFTS Settings). And then replace this attachment page with the simple script which is checking user rights and make a proper action: whether redirection to the "login page" or outputs the file data without disclosing the actual file path.

      First, we need to find the single-attachment.php file in the root of your current theme (or better, child theme).

      In case the file does not exist, we need to create an empty one.

      Next step, we should put the code in this file like this:

      <?php
      
      global $post;  // Current post (attachment)
      
      // Check user rights
      // Note: this piece can be different depending on the user access management plugin which you're using
      $is_allowed = false;
      if (is_user_logged_in()) {
          // User is logged in
          $user = wp_get_current_user();
      
          // Check the user rights
          if (in_array('customer', $user->roles) || in_array('administrator', $user->roles)) {
              // User is a customer or admin
              $is_allowed = true;
          }
      }
      
      if ($is_allowed) {
          // Output file data
          $fn = get_attached_file($post->ID);
      	
          if (is_file($fn) && file_exists($fn)) {
              $mime = mime_content_type($fn);
      
              header('Content-Type: '.$mime);
              
              //header('Content-Disposition: attachment; filename="'.basename($fn).'"');	// Download
              header('Content-Disposition: inline; filename="'.basename($fn).'"');	// Open inline
      
              readfile($fn); // Passthrou the file data
          } else {
              // File error
              header('HTTP/1.0 404 Not Found');
              header('Content-Type: text/plain');
      
              echo 'This file is not available. Please check the link.';
          }
      			
      } else {
          // Show "not enough rights" message or redirect to the proper page
      
          // Case 1: Show the message
          //header('Content-Type: text/plain');
          //echo 'Not enough rights to download this file. Please log in and ensure that you have proper license.';
          
          // Case 2: Redirect to the "payment page" or "login page", whatever you need
          header('Location: /wp-login.php&redirect_to='.urlencode($_SERVER['REQUEST_URI']));
      }
      exit();
       
      

      This is a sample code, which means that you need to change some pieces for your exact website.

      Hope it's understood. If you have questions - ask below. Thanks!

      https://e-wm.org

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Suggested Topics

      • EpsilonAdminE

        [Solved] The files excerpt is not visible in Scientia Theme

        Watching Ignoring Scheduled Pinned Locked Moved Recipes and Known Solutions
        1
        0 Votes
        1 Posts
        435 Views
        No one has replied
      • EpsilonAdminE

        [Solved] The Astra theme does not show Smart Excerpt for files

        Watching Ignoring Scheduled Pinned Locked Moved Recipes and Known Solutions
        1
        0 Votes
        1 Posts
        913 Views
        No one has replied
      • EpsilonAdminE

        [Solved] Indexing and Search files by content in BuddyDrive

        Watching Ignoring Scheduled Pinned Locked Moved Recipes and Known Solutions buddydrive file search
        1
        0 Votes
        1 Posts
        727 Views
        No one has replied
      • EpsilonAdminE

        [Solved] Files not shown in TemplateToaster theme search results

        Watching Ignoring Scheduled Pinned Locked Moved Recipes and Known Solutions templatetoaster theme search
        1
        0 Votes
        1 Posts
        660 Views
        No one has replied
      • EpsilonAdminE

        How to search a post by the attached PDF file

        Watching Ignoring Scheduled Pinned Locked Moved Recipes and Known Solutions acf attachment meta pdf
        1
        0 Votes
        1 Posts
        847 Views
        No one has replied

      Additional Resources

      • My Account
      • Buy WPFTS Pro
      • Community Forum
      • Affiliate Program
      • Privacy Policy
      • Terms & Conditions
      • Contact Us
      • Coupon Partner

      Be the first to read the news!

      We are always improving our products, adding new functions and fixes. Subscribe now to be the first to get the updates and stay informed about our sales! We are not spammy. Seriously.

      Join Us Now!

      We are a professional IT-team. Many of us have been working in a Web IT field for more than 10 years. Our advanced experience of software development has been employed in the creation of the WordPress FullText Search plugin. All solutions implemented into the plugin have been used for 5 or more years in over 60 different web-projects.

      We are looking forward to your comments, requests and suggestions in relation to the current plugin and future updates.

      ewm-logo-450

      The forum powered by NodeBB | Contributors