I am working on file sharing system where a user is able to upload a file to their account.
Now the uploading part works. I made it so it uploads the file into a specific directory based on the user_nicename and the user_id
Example:
https://site.nl/wp-content/uploads/useruploads/[user_nicename][user_id]/file.pdf
So now I was thinking to rewrite the URL when a user clicks on the file to a download.php file which checks if the user is the correct user.
.htaccess:
# Disable directory listing
Options -Indexes
# Rewrite requests to /wp-content/uploads/useruploads/ to download.php
RewriteRule ^wp-content/uploads/useruploads/(.*)$ /wp-content/themes/Child%20Theme/file-access/download.php?file=$1 [QSA,L]
Now the main problem is I am getting a permission error
My second inquiry is whether this is deemed safe. or should there be more authentication or should I do this in a complete different way?
Add htaccess in your useruploads folder, to redirect user to download.php file, where you can check, if the user is the correct user..
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^(.*)$ /download.php?path=$1 [L]
January 20, 2024
Turbo Multi-language Translator
Make the better internet purchasing globaly
Turbosify SEO Speed Booster
5.0 (7)•Free plan available
Get better conversions by improving store loading speed
Installed
Turbo Multi-language Chat - AI Customer service in one hand
January 20, 2024