s2member Secure File Browser

Description

s2Member Secure File Browser is a wordpress plugin for browsing files from the secure-files location of the s2Member® WordPress Memberships plugin.

Shortcode

You can display the file browser via the shortcode [s2member_secure_files_browser /].

The shortcode will display a file browser item with only granted directories for current user.

The shortcode can handle :

  • access-s2member-level0 directory for level #0 and more users
  • access-s2member-level1 directory for level #1 and more users
  • access-s2member-level2 directory for level #2 and more users
  • access-s2member-level3 directory for level #3 and more users
  • access-s2member-level4 directory for level #4 and more users
  • access-s2member-ccap-* custom capabilities directories for according users
  • any directory for all users in read only (unable to download)

All these featured folders can be located anywhere and they can be used several times.

Clicking on a file will launch the download according to the s2member files access control.

Please use the shortcode generator in the Dashboard > s2Member Menu > Secure File Browser to generate complex values.

Available shortcode options

  • collapseeasing : Easing function to use on collapse
  • collapsespeed : Speed of the collapse folder action in ms
  • cutdirnames : Truncate directory names to specific chars length
  • cutfilenames : Truncate file names to specific chars length
  • dirbase : Initial directory from the s2member-files directory
  • dirfirst : Show directories above files
  • displayall : Display all items without checking if user is granted to download them
  • displaybirthdate : Display files birth date
  • displaycomment : Display files comment
  • displayname : Display files displayname instead of regular files name
  • displaydownloaded : Show if a file has already been downloaded
  • displaysize : Display files size
  • displaymodificationdate : Display files modification date
  • dirzip : Let directories be downloaded
  • expandeasing : Easing function to use on expand
  • expandspeed : Speed of the expand folder action in ms
  • filterdir : A full regexp directories have to match to be displayed
  • filterfile : A full regexp files have to match to be displayed
  • folderevent : Event to trigger expand/collapse
  • hidden : Show hidden files or not
  • multifolder : Whether or not to limit the browser to one subfolder at a time
  • names : Replace files name with custom values
  • openrecursive : Whether or not to open all subdirectories when opening a directory
  • previewext : Display file preview button for these extensions
  • s2alertbox : Display the s2member confirmation box when a user tries to download a file
  • search : Let user search files
  • searchgroup : Group shortcodes with a single single search box
  • searchdisplay : How to display search results
  • sortby : Sort files in directories by a criteria

All informations about these options are well documented in :

  • Dashboard > s2Member > Secure File Browser panel for admin (manage_options capability)
  • Dashboard > Tools > Secure File Browser panel for users

Example (A shortcode has to be defined on one line, here is on several lines below only for better understanding) :

[s2member_secure_files_browser
    folderevent="mouseover"
    expandeasing="linear"
    expandspeed="200"
    collapseeasing="swing"
    collapsespeed="200"
    multifolder="0"
    openrecursive="1"
    dirbase="/"
    hidden="1"
    dirfirst="0"
    openrecursive="1"
    filterdir="%2F(access%7Ctata)%2Fi"
    filterfile="%2F%5C.(png%7Cjpe%3Fg%7Cgif%7Czip)%24%2Fi"
    names="access-s2member-level0:General|access-s2member-ccap-video:Videos"
    search="1"
    searchdisplay="4D"
/]

You can generate a shortcode with complex options with the Shortcode Generator in the Dashboard > s2Member > Secure File Browser panel

Widgets

You can display both fully customizable widgets for :

  • Top downloads
  • Latest downloads
  • Latest available files

Dashboard

The admin panel is reachable via the Dashboard > s2Member Menu > Secure File Browser menu.

Available features are :

  • Statistics : display all downloads/top downloads/top downloaders, sort and apply filters by date, user, file, IP Address, …
  • Statistics : download stats in XML and CSV format
  • Statistics : display current s2Member accounting, sort and apply filters by date, user, file and file
  • File Browser : Rename, delete, comment and add a display name for files and folders
  • Cache management : Rebuild file cache
  • Shortcode generator
  • Shortcode documentation
  • Settings : Received an email each time a user downloads a file
  • Settings : Received scheduled reports
  • Settings : How many logs you want to keep ?
  • Settings : Delete logs
  • Settings : Give access to others users to some parts of the admin menu

Don’t hesitate to ask me new features or report bugs on potsky.com !

What’s next?

All futures requests are handled on GitHub

Translators

  • Serbo-Croatian : Borisa Djuraskovic at http://www.webhostinghub.com
  • French : Potsky

Screenshots

  • File browser in action
  • Admin > File browser in action
  • Admin > File browser in action when deleting a directory
  • Admin > File browser in action when renaming a directory
  • Admin > Download statistics
  • Admin > Shortcode generator
  • Admin > Shortcode documentation
  • Admin > General settings for logs management and access
  • Admin > Notification settings for email reporting
  • Widget

Installation

Requirement : you need to install first the wonderful and free s2Member® plugin available here

s2member Secure File Browser is very easy to install (instructions) :
* Upload the /s2member-secure-file-browser folder to your /wp-content/plugins/ directory.
* Activate the plugin through the Plugins menu in WordPress®.

FAQ

s2Member secure files are always directly downloadable, how can I protect them by forcing php handling ?

It is recommended to add a deny from all directive in your httpd.conf for your s2member-files directory in order to avoid people directly access your protected files. Do not put the deny directive in the s2member-files/.htaccess because this file is always regenerated by s2member and your modifications are always overwritten.

Why s2member-files/.htaccess is not displayed ?

Even if you set shortcode option hidden to 1, .htaccess will never been displayed.

Are directories `access-s2member-level*` protected if they are not in the root directory ?

Yes ! And access-s2member-ccap* too !

The browser does not work, it displays `Invalid nonce` for registered users.

The authentication on your website is broken because of a plugin (AJAX requests not correctly handled).
This behaviour is correct and it is protecting your files !
It happens for example when your authentication is only performed in a HTTPS form and the navigation is done in HTTP.
If you use the WordPress HTTP plugin from http://mvied.com/projects/wordpress-https/ for example, you have to force HTTPS on each page which includes the s2member Secure File browser.

How to handle the `s2member-files/app_data` windows directory ?

In windows installations, put all files in s2member-files\app_data instead of s2member-files directory.

Reviews

Perfect addition to s2Member

This is a great plugin, picking up where s2Member leaves off in file management. It doesn’t seem to be perfectly current and I hope that the author continues to support it!

Read all 13 reviews

Contributors & Developers

“s2member Secure File Browser” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

0.4.19

  • Enhancement : Remove warning on PHP7 (part 1)(thanx to KTS915 : https://wordpress.org/support/topic/php-notice-73)
  • Enhancement : Add user firstname, user lastname and nickname when exporting CSV and XML files

0.4.18

  • New feature : you can inject %USERNAME%, %USEREMAIL% or %USERID% in the dir parameter of the shortcode

0.4.17

  • Security fix : XSS vulnerability in the jquery.prettyPhoto.js library fix

0.4.16

  • Bug fix : in some cases, downloading the CSV file could not work

0.4.15

  • Enhancement : Support for non standard mysql port

0.4.14

  • Enhancement : Add Serbo-Croatian language (by Borisa Djuraskovic at http://www.webhostinghub.com)

0.4.13

  • Enhancement : PHP 5.5 warning removed

0.4.12

  • Bug fix : dashboard navigator was broken in last version

0.4.11

  • Enhancement : plugin now always loads assets at the beginning even if the shortcode is not used on a page. It handles by this way some themes which load page content next to the assets.

0.4.10

  • Enhancement : plugin now checks by itself the wordpress upgrade include (problem with some customers)

0.4.9

  • Bug fix : remove debug messages in the music player
  • Bug fix : change database mysql engine to reduce overhead

0.4.8

  • New feature : preview for pictures
  • New feature : configuration paths in inc/define.php
  • Bug fix : navigator in all statistics panel fix

0.4.7

  • New feature : change files display name in admin
  • Bug fix : downloaded files were no more tracked when link was directly displayed in a page/post

0.4.6

  • Enhancement : plugin is now compatible for PHP installations between 5.2 and 5.3.6
  • Enhancement : plugin is now compatible on Windows Servers
  • New feature : export all stats as xml and csv files from the statistics menu
  • New feature : remove all stats from the settings menu
  • New feature : group shortcodes with single search
  • Bug fix : language fix for french
  • Bug fix : all meta data not displayed in search result

0.4.5

  • Enhancement : force mp3 flash player (fallback to html5) because of a bug in Chrome when playing mp3 via html5 and downloading a file in the same time
  • Enhancement : large directories/files supported (tested up to 100000 files in 10000 directories)
  • Enhancement : display fixes for all browsers and especially Firefox
  • New feature : sort files by birth date (date when then was available in your s2member-files directory)
  • New feature : display birth date column
  • New feature : display file comments in browser
  • New feature : add comments in the dashboard
  • Bug fix : top downloader in notification reports was empty

0.4.1

  • New feature : sortby shortcode option
  • New feature : modification date display shortcode option
  • New feature : order files by modification date, addition date, size
  • Enhancement : disable previews for non logged users
  • Bug fix : IE fix for search button
  • Bug fix : mp3 previews in flash fallback was not working in IE and FF.
  • Bug fix : searchdisplay shortcode option was not included in the generator
  • Bug fix : filterfile was not working anymore in 0.4
  • Bug fix : report notification was blank in 0.4
  • Bug fix : download zip link was displayed even if dirzip shortcode option was disabled

0.4

  • New feature : cut filename shortcode option
  • New feature : already downloaded file warnings shortcode option
  • New feature : ability to download directories as zip files
  • New feature : search files
  • New feature : filesize display shortcode option
  • New feature : mp3 preview shortcode option
  • New feature : new widget for new and modified available files
  • New feature : file caching with new dashboard menu to manually update
  • Bug fix : french language fix

0.3.7

  • Publishing fix

0.3.6

  • Enhancement : Add admin statistics (total downloads, unique files and unique downloaders)
  • Enhancement : Add FAQ “Invalid Nonce”
  • Enhancement : Add vsa file extension

0.3.5

  • New feature : New admin submenu with top rated downloads, higher downloaders, …
  • New feature : New shortcode option to display the s2member alert box before a download
  • New feature : New shortcode option to let people view directories but must be logged in to download
  • New feature : Add rights in settings for file manager and stats access
  • New feature : Widget for top downloads or latest downloads
  • New feature : Notification daily reports
  • Enhancement : HTML entities for email reports
  • Enhancement : Add WP and PHP version checks
  • Security fix : Protect plugin subdirectories

0.3.2

  • Hotfix for recursive browsing

0.3.1

  • Publishing fix

0.3

  • New language : french
  • New feature : display file size
  • New feature : admin : Statistics – display all downloads, sort and apply filters by date, user, file, IP Address, …
  • New feature : admin : Statistics – display current s2Member accounting, sort and apply filters by date, user, file and file
  • New feature : admin : File Browser – Rename and delete files and folders
  • New feature : admin : Shortcode generator
  • New feature : admin : Shortcode documentation
  • New feature : admin : Settings – Received an email each time a user downloads a file
  • New feature : admin : Settings – How many logs you want to keep ?
  • Bug fix : dirbase could not work as expected sometimes
  • Enhancement : total plugin rewriting for best performance, practices and security

0.2.1

  • Publishing fix

0.2

  • Enhancement : file and directories icons are now clickable
  • New feature : shortag option filterdir
  • New feature : shortag option filterfile
  • New feature : shortag option openrecursive
  • Security fix : real path check perform to forbid browsing above s2member-files directory
  • Bug fix : dirbase now works as expected

0.1

  • First release