Ecommerce Shopify WordPress Discussion

WordPress hide specific file directory for all users except admin and owner

I would like to hide a specific file directory "<https://site.nl/wp-content/uploads/useruploads/[user_nicename][user_id]/test.pdf>" But only the admin and the user that matches with the folder should be able to view the content. Idea behind this: User can upload files. When uploading file it creates the folder. Only user that is admin or matches can view the folder. What I tried so far. Adding code to my .htaccess file so its no longer reachable. # Deny access to any files in this directory <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-content/uploads/useruploads/ - [F,L] </IfModule> Also added 1 file that check if the file is created and if it matches then it echo's the file in the header. This works sort of but Is this safe? (problem I currently have is that on each refresh it downloads a file) <?php require_once(__DIR__ . '/../../../../wp-load.php'); if (!is_admin()) { $current_user_id = get_current_user_id(); $current_user_info = get_userdata($current_user_id); $username = $current_user_info->user_nicename; $directory_path = WP_CONTENT_DIR . '/uploads/useruploads/' . $username . $current_user_id; if (file_exists($directory_path) && is_dir($directory_path)) { $dir = opendir($directory_path); echo '<h2>Your Uploaded Files:</h2>'; echo '<ul>'; while (($file = readdir($dir)) !== false) { if ($file != '.' && $file != '..') { echo '<li><a href="#" onclick="downloadFile(\'' . urlencode($file) . '\')">' . $file . '</a></li>'; } } echo '</ul>'; closedir($dir); } else { echo '<pre>'; var_dump($directory_path); echo '</pre>'; } } ?> <script> function downloadFile(fileName) { var link = document.createElement('a'); link.href = '<?php echo home_url('/file-access.php?file='); ?>' + fileName; link.download = fileName; document.body.appendChild(link); link.click(); document.body.removeChild(link); } </script> File to create the download: <?php if (!is_admin()) { if (!is_user_logged_in()) { $file = isset($_GET['file']) ? $_GET['file'] : ''; $file = sanitize_file_name($file); $current_user_id = get_current_user_id(); $current_user_info = get_userdata($current_user_id); $username = $current_user_info->user_nicename; $directory_path = WP_CONTENT_DIR . '/uploads/useruploads/' . $username . $current_user_id; $file_path = $directory_path . '/' . $file; if (file_exists($directory_path) && is_dir($directory_path)) { if (file_exists($file_path) && is_readable($file_path)) { header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($file_path) . '"'); // Use basename to get the file name header('Content-Length: ' . filesize($file_path)); readfile($file_path); exit; } else { wp_die('File not found or access denied.'); } } else { wp_die('Directory not found.'); } } } else { echo 'This script is only accessible on the front end.'; } ?>
Our products

The help you need, when you need it

App by Turbo Engine

3 apps • 5.0 average rating

Turbosify Speed Booster

5.0 (7)
Get better conversions by optimizing shopify store Google page speed Installed

Turbosify Translator for Wordpress Woocommerce

5.0 (74) Free Wordpress Woocommerce Plugin
Translate your wordpress website to multiple language within 1 click, no configuration needed, no No technical required

Grow your business here

Whether you want to sell products down the street or around the world, we have all the tools you need.