admin管理员组

文章数量:1023895

How to mask external download links to be only accessible by logged-in users?

Like the direct download link example: www.example/direct-download-link1

We want to mask it like: www.ourwebsite/direct-download-link1

and this above link should only be accessible by logged-in members.

How to do?

How to mask external download links to be only accessible by logged-in users?

Like the direct download link example: www.example/direct-download-link1

We want to mask it like: www.ourwebsite/direct-download-link1

and this above link should only be accessible by logged-in members.

How to do?

  • links
  • membership
  • s2member
Share Improve this question asked May 8, 2019 at 19:15 maxwassimmaxwassim 15 bronze badges 4
  • let me understand this better, You want to check whether current user is logged in to change displaying URL, am I right? – Vishwa Commented May 9, 2019 at 5:09
  • not changing the displaying of URL but they shouldnt get access when they copy outside of wp and paste into their browser url bar. So it may be something like a redirect url but only for logged in members – maxwassim Commented May 9, 2019 at 5:50
  • IMO, if someone has the direct link (Ex: website/file.jpg), then they can share it outside, and others can have access to file directly. to avoid that, you can add session to the download link at the download site. or add ip filter (should be the same ip that logged in user clicked on), but to do that, you have to pass users ip value to download server – Vishwa Commented May 9, 2019 at 5:54
  • yes but the easy way is just mirroring external link structure – maxwassim Commented May 9, 2019 at 17:18
Add a comment  | 

1 Answer 1

Reset to default 0

I will make an assumption, based on your question:

You care how your link is output by the back-end and a JS-based solution is not good, since it defeats the assumed security.

My suggestion? Instead of doing checks virtually everywhere in your codebase where there's an output link, in your set-up, as early as possible after the user has logged in, do:

$user = wp_get_current_user();
if( $user->exists ) {
    add_filter( 'public_link_root', function() { return 'example'; } );
}

Whenever you have to output a link, instead of doing that check over and over, because it's already established that the user's logged in, if you wrote your system in the correct manner (and you can do additional checks), do:

$link_to_output = apply_filters( 'public_link_root', 'ourwebsite' ) . '/resources/whatever/here';

Don't forget to esc_url whenever you output the link, you can wrap all this in a function if you want.

How to mask external download links to be only accessible by logged-in users?

Like the direct download link example: www.example/direct-download-link1

We want to mask it like: www.ourwebsite/direct-download-link1

and this above link should only be accessible by logged-in members.

How to do?

How to mask external download links to be only accessible by logged-in users?

Like the direct download link example: www.example/direct-download-link1

We want to mask it like: www.ourwebsite/direct-download-link1

and this above link should only be accessible by logged-in members.

How to do?

  • links
  • membership
  • s2member
Share Improve this question asked May 8, 2019 at 19:15 maxwassimmaxwassim 15 bronze badges 4
  • let me understand this better, You want to check whether current user is logged in to change displaying URL, am I right? – Vishwa Commented May 9, 2019 at 5:09
  • not changing the displaying of URL but they shouldnt get access when they copy outside of wp and paste into their browser url bar. So it may be something like a redirect url but only for logged in members – maxwassim Commented May 9, 2019 at 5:50
  • IMO, if someone has the direct link (Ex: website/file.jpg), then they can share it outside, and others can have access to file directly. to avoid that, you can add session to the download link at the download site. or add ip filter (should be the same ip that logged in user clicked on), but to do that, you have to pass users ip value to download server – Vishwa Commented May 9, 2019 at 5:54
  • yes but the easy way is just mirroring external link structure – maxwassim Commented May 9, 2019 at 17:18
Add a comment  | 

1 Answer 1

Reset to default 0

I will make an assumption, based on your question:

You care how your link is output by the back-end and a JS-based solution is not good, since it defeats the assumed security.

My suggestion? Instead of doing checks virtually everywhere in your codebase where there's an output link, in your set-up, as early as possible after the user has logged in, do:

$user = wp_get_current_user();
if( $user->exists ) {
    add_filter( 'public_link_root', function() { return 'example'; } );
}

Whenever you have to output a link, instead of doing that check over and over, because it's already established that the user's logged in, if you wrote your system in the correct manner (and you can do additional checks), do:

$link_to_output = apply_filters( 'public_link_root', 'ourwebsite' ) . '/resources/whatever/here';

Don't forget to esc_url whenever you output the link, you can wrap all this in a function if you want.

本文标签: membershipHow to mask external download links to be only accessible by loggedin users

版权声明:本文标题:membership - How to mask external download links to be only accessible by logged-in users? 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://it.en369.cn/questions/1745511774a2153857.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。