WordPress.org

Ready to get started?Download WordPress

Forums

How to restrict file downloads to specific users? (22 posts)

  1. spacewalk
    Member
    Posted 6 years ago #

    For the Web site of a design firm, I want to create a Client Support page that is dynamically built especially for the logged-in client, and that contains all info (text, calendar, deadlines, and especially file downloads) pertaining to that client, and which *only* that client should see. I envision this user scenario:

    1. User goes to a static front-end "Client" page and logs in with a username and password.
    2. The page uses the now-authenticated username to dynamically build on the fly a custom page for that user, listing all information relevant to him/her, including a list of available file-downloads which have been uploaded by the company and associated somehow with that user. And this info is visible only if you're logged in.

    In WP, can you in fact:

    A) Associate uploaded files with a specific user, maybe by using categories?
    B) Make these files not visible to all users?
    C) Get the username and supply it as a parameter to a function that will return a linked list of files that have that username as a category? Make such a file-list visible only if the user is logged in?

    Something like that? Thanks.

  2. Maxaud
    Member
    Posted 6 years ago #

    This is interesting and would be interested myself in knowing more how to do this.

  3. cmherskovic
    Member
    Posted 6 years ago #

    Have you found a plugin that does this or figured out a way to buildit in the WP?

    This would work great for my service company, my clients would be able to download their workorders and service reports!

    Thanks!

  4. akulavolk
    Member
    Posted 6 years ago #

    Another vote for the above. It's be a great feature to have built in to WordPress.

    I've tried a few "solutions" in the past that never worked out for various reasons including the "WordPress Download Manager" plugin (which is out of date/broken...couldn't get it to work), .htaccess files + web page logins (too confusing for some users) and paFileDB (which doesn't restrict hot-linking and can't deal with administrator-locked password accounts--i.e. shared logins). Two related additions to this request:

    1) To avoid messing with .htaccess files and all that complication, it would be good if files could be encrypted or stored in a database or something so that they can't be accessed by hot linking.

    2) It would be nice to have a "locked" user that the administrator could control...so users will need a user name/password from the administrator, but not be allowed to change their password. Why? This feature would make a great "Press Center," where I could post info for press that's not ready for the public and search engines. Just send press an e-mail with name/login and they get the files in a few clicks.

    BTW, I just noticed the "Drain Hole" Plugin. I'll give it a try to see if it works...

  5. cmherskovic
    Member
    Posted 6 years ago #

    I have been trying to find someone to create a plugin that does the above via guru, elance, and GAF but havent found anyone yet.

    I will keep you guys up to date with the processes.

    What specs should I include in the project?

    Thanks!

  6. michaelb123
    Member
    Posted 6 years ago #

    yet another vote. HOWEVER! under most circumstances, with regard to commercial application whereby something is paid for, the transaction processor will refer the purchaser to a landing page. THAT CAN BE ANYWHERE. so actually building this feature into WP... that kind of thing is more for the shopping cart which does have the communication with the TP.

  7. Joni
    Member
    Posted 6 years ago #

    I've never been able to find such a thing for my web design site so I just use PHPCollab. It's a click away in another directory, and you CAN style it so it integrates with the rest of your site design. My clients do seem to love its functionality. It's got a built in forum, milestones, Gannt charts, etc. The problem is you can probably, via a plugin and/or some vicious hacking, get WP to accept logins and present a certain screen to the logged in user, but that's where all the functionality that you want stops. So my recommendation is to save the headache and use a tool designed specifically to interact with your web design clients, PHP Collab. ActiveCollab is a great app as well, a friend of a friend developed it. I'm just so used to PHP Collab, been using it for years.

  8. djeloso
    Member
    Posted 6 years ago #

    All though not the exact solution, you could always set up something like it with http://mu.wordpress.org/. I haven't used it myself, but was considering it when I thought about doing something along the lines of what you made clear above. And then we can just hope that they upgrade MU to WP 2.5.

  9. blackc2004
    Member
    Posted 6 years ago #

    Hi, I am actually in the process of building something like this for my company's wordpress site.

    Currently we have four systems:
    1) WordPress which manages all the pages.
    2) Zen Cart for checkout/order processing.
    3) VTiger for Knowledge base, order tracking, and support calls.
    4) An internal system which manages support contracts, dynamic device updates, etc.

    I have written a plugin which currently works with all three of them via WebService calls to determine what level of access the user has to our protect content areas. Each protected page is then assigned a "lowestLevel" and as long as the user has a level equal to or higher, they can view that page.

    Currently it's just static content, which is the same for all users, but the idea is there to make it dynamic, including file downlaods, based on what the user has purchased in the store and when support expires.

    My next step is to build in a Knowledge base.

    Just thought I'd put in my two cents and see if anyone has suggestions.

  10. edebiyat01
    Member
    Posted 6 years ago #

    Thanks

  11. softwud
    Member
    Posted 6 years ago #

    Hello Everyone,

    My name is Paolo and I'm a software / WordPress developer with SoftWUD. I've just started looking into something similar myself, so I was just wondering if anyone has found a good commercial grade solution to this problem?!

    If not and there is enough interest in such a plugin, I would consider developing such a plugin for a modest price.

    If you are interested for such a plugin, or any other WordPress plugins or services, you can contact me at softwud@softwud.com.

    Regards,
    Paolo

  12. cmherskovic
    Member
    Posted 6 years ago #

    Hey All,

    I have someone working on writing the plugin for me (via elance). I will let you know when its done, and setup a demo for you all to check it out.

    All the best!

  13. casperse
    Member
    Posted 6 years ago #

    cool! keep os posted...(-;

  14. Marc P Gangmei
    Member
    Posted 6 years ago #

    How do I restrict download link which are meant only for registered users only

  15. Kalessin
    Member
    Posted 6 years ago #

  16. Maxaud
    Member
    Posted 6 years ago #

    The best I can come close to is making a page for each client and using the below plugin to restict viewing of that page only to their user id.

    http://urbangiraffe.com/plugins/user-permissions/

  17. Maxaud
    Member
    Posted 6 years ago #

    The below program would be a good plugin to use for this but it doesn't work for wordpress 2.5.X

    http://bluesome.net/post/2006/01/01/121/

  18. NPSites
    Member
    Posted 6 years ago #

    If the content you are posting as downloads has a commercial value then you really should use .htaccess

    I thought there was a way to authenticate wp users with htaccess so if you have them logged in then .htaccess should be valid for the downloads too

    look for a private wp website plugin I think thats where i saw the auth by htaccess for login

  19. flick
    Member
    Posted 5 years ago #

    This is Private WP, although this plugin (AskApache Password Protect) looks pretty useful as well.

  20. hunter4
    Member
    Posted 5 years ago #

    Maybe you should combine the plugins

    User Permissions

    http://urbangiraffe.com/plugins/user-permissions/

    and use drain hole as download manager

    http://urbangiraffe.com/plugins/drain-hole/

  21. flick
    Member
    Posted 5 years ago #

    @hunter4: Drain Hole looks really good. Thanks ;)

  22. Anonymous
    Unregistered
    Posted 5 years ago #

    Interesting project...

    I have only just started tinkering with WP code and just from quickly reading the docs and playing with the source for the last 45 minutes.

    I would say it's possible but would require some interesting work arounds.

    1. Files do not appear to be stored in database but instead in publically accessible folders wp-content/uploads to be exact.

    2. WP has quite an extensive API so one should be able to call:

    - is_user_logged_in()
    - wp_get_current_user()
    - auth_redirect()

    Assuming one of the API functions returns the user ID of the currently logged in individual -- which I am willing to bet one does.

    This code would be relatively trivial to implement in the template using the above API. The problem is, the files are publically available/accessible so anyone could access that file.

    I see two ways around that:

    1. Each page/post would have its associated owner and would need to use a template with a list of client ID's allowed to access the content and attached files. Because files need to be publically accessible (otherwise they would have to login again with .htaccess) you could maybe use random names which are not easily guessed or copied.

    This is of course not bullet proof because if Apache is configured to show directory listings and the directory doesn't have a index.html your files are shown anyways.

    2. The better approach but more difficult would be to .htaccess the directory and use a proxy script to actually fetch the files and have the same checks as the template does to verify that the file is allowed to be viewed by allowed members only.

    Here is the problem with the above approach. When you insert the link to the file using the image browser the files are accessed via HTTP so the .htaccess login prompt would be visible. You would need to hack WP to use the proxy script as well and then the checks are unnessecary from the admin backend. But you could probably avoid hacking WP actually by using some mod_rewrite trickery to have requests forwarded to the proxy.

    Then you could check to see if the user logged in is admin in which case checks are ignored...and the file is simply returned.

    Hmmm...yea sorry for babbling...just putting it out there. If anyone has any critique for my approach and it's validity I'd love to hear it...as I begin to poke around the WP codebase.

    Cheers :)

Topic Closed

This topic has been closed to new replies.

About this Topic