El Dorado: secure files question

You are not logged in

secure files question « Wordpress « almost effortless

Thu, 07 Feb 2008, 4:14pm	#1
Bruceper New member Registered: Feb, 2008 Last visit: Fri, 18 Apr 2008 Posts: 6	Many thanks for the secure files plugin. I have a question and hte issue is I don't know how to impliment it. While this plugin is great and stops the general public from being able to download files if they're not logged in, it still allows users of all user levels to download the files and that's where my issue comes in. Is there any way to incorporate the ability to require a userlevel so the link would be valid? From what it appears, every time a user requests a file that is secured by Secure Files the plugin is called. I think it would be a mostly simple matter of requiring a userlevel of x to allow the download, otherwise send them off to a redirect page. Could you or anyone else help me out with this? Thanks Bruce
Offline	Link

Thu, 07 Feb 2008, 4:14pm

Bruceper: New member; Registered: Feb, 2008; Last visit: Fri, 18 Apr 2008; Posts: 6

Many thanks for the secure files plugin. I have a question and hte issue is I don't know how to impliment it.

While this plugin is great and stops the general public from being able to download files if they're not logged in, it still allows users of all user levels to download the files and that's where my issue comes in.

Is there any way to incorporate the ability to require a userlevel so the link would be valid?

From what it appears, every time a user requests a file that is secured by Secure Files the plugin is called. I think it would be a mostly simple matter of requiring a userlevel of x to allow the download, otherwise send them off to a redirect page.

Could you or anyone else help me out with this?

Thanks
Bruce

Offline

Link

Fri, 08 Feb 2008, 1:05am	#2
Trevor Administrator Registered: Sep, 2005 Last visit: 5 hours ago Posts: 226	Sorry, but I didn't design this plugin to work that way. It relies on the "registered users" plugin to ensure the user is logged in, so it's really not even part of the plugin. You could have someone enhance the plugin to support this, but I don't need it, so it's not planned on my end,
Offline	Link

Sat, 09 Feb 2008, 11:55am	#3
Bruceper New member Registered: Feb, 2008 Last visit: Fri, 18 Apr 2008 Posts: 6	I was able to do what I needed after searching for related code and getting some examples. While your plugin is great, it just didn't work for my blog as it was. My blog requires users to sign in to view hidden content. But I also have a paid membership available. The paid membership links were available to anyone that knew the URL, your mod fixed this by at least forcing the user to sign up. But it still allowed users that weren't paid members but were registered to download the files. Now it has been set to require them to have at least level1 before they can download (which is what my paid members are set to).
Offline	Link

Sat, 09 Feb 2008, 11:55am

Bruceper: New member; Registered: Feb, 2008; Last visit: Fri, 18 Apr 2008; Posts: 6

I was able to do what I needed after searching for related code and getting some examples.

While your plugin is great, it just didn't work for my blog as it was. My blog requires users to sign in to view hidden content. But I also have a paid membership available.

The paid membership links were available to anyone that knew the URL, your mod fixed this by at least forcing the user to sign up. But it still allowed users that weren't paid members but were registered to download the files.

Now it has been set to require them to have at least level1 before they can download (which is what my paid members are set to).

Offline

Link

Sat, 09 Feb 2008, 10:43pm	#4
Trevor Administrator Registered: Sep, 2005 Last visit: 5 hours ago Posts: 226	Sounds good - any chance you'll post the source code for other people to use? I've had at least a couple of people ask about this kind of thing, so I'm sure it would be useful to someone.
Offline	Link

Fri, 28 Mar 2008, 1:31am	#5
Bruceper New member Registered: Feb, 2008 Last visit: Fri, 18 Apr 2008 Posts: 6	Sorry about that, I totally missed coming back and posting the code. This is really a kick butt plugin and I hope you continue to develop it. What reminded me to come back was that I saw there was an update ;) In line 67 of secure-files.php change if (isset($_GET["$sf_prefix"])) { to if (current_user_can('level_1') && isset($_GET["$sf_prefix"])) { Of course you can change the level to whatever level of user you require. For myself I use the hidepost plugin to force users to register, and then I used Role Manager to create a new Role for users with a level of 1. That Role is for Paid Subscribers. The great thing about the secure files plugin is that I can have the download link in plain sight, but only Paid Subscribers can download it. It also saves me from people sharing "hidden" link downloads and just getting the files for free.
Offline	Link

Fri, 28 Mar 2008, 1:31am

Bruceper: New member; Registered: Feb, 2008; Last visit: Fri, 18 Apr 2008; Posts: 6

Sorry about that, I totally missed coming back and posting the code. This is really a kick butt plugin and I hope you continue to develop it. What reminded me to come back was that I saw there was an update ;)

In line 67 of secure-files.php change

if (isset($_GET["$sf_prefix"])) {

if (current_user_can('level_1') && isset($_GET["$sf_prefix"])) {

Of course you can change the level to whatever level of user you require. For myself I use the hidepost plugin to force users to register, and then I used Role Manager to create a new Role for users with a level of 1. That Role is for Paid Subscribers.

The great thing about the secure files plugin is that I can have the download link in plain sight, but only Paid Subscribers can download it.

It also saves me from people sharing "hidden" link downloads and just getting the files for free.

Offline

Link

Fri, 28 Mar 2008, 8:42am	#6
Trevor Administrator Registered: Sep, 2005 Last visit: 5 hours ago Posts: 226	That's a great idea. Usually, I use secure files with the "registered only" plugin. http://wordpress.org/extend/plugins/registered-... That way, all users have to be registered for anything, including getting at the secure files. Perhaps it's worth me putting in an option in the admin menu to allow people to optionally set this user level value if they like. My apologies for the multiple updates to the plugin in the last few hours. I'll have one last update this weekend to allow for file deletion from the admin menu, and that should be it for a while.
Offline	Link

Fri, 28 Mar 2008, 8:42am

Trevor: Administrator; Registered: Sep, 2005; Last visit: 5 hours ago; Posts: 226

That's a great idea. Usually, I use secure files with the "registered only" plugin.

http://wordpress.org/extend/plugins/registered-...

That way, all users have to be registered for anything, including getting at the secure files. Perhaps it's worth me putting in an option in the admin menu to allow people to optionally set this user level value if they like.

My apologies for the multiple updates to the plugin in the last few hours. I'll have one last update this weekend to allow for file deletion from the admin menu, and that should be it for a while.

Offline

Link

Sun, 30 Mar 2008, 11:39pm	#7
Bruceper New member Registered: Feb, 2008 Last visit: Fri, 18 Apr 2008 Posts: 6	An option for that would kick butt.
Offline	Link

Fri, 11 Apr 2008, 2:40pm	#8
Trevor Administrator Registered: Sep, 2005 Last visit: 5 hours ago Posts: 226	OK, I just committed an update for this plugin: http://wordpress.org/extend/plugins/secure-files/ Now, it allows file deletion if can_edit_pages, adds a new option to restrict downloads to a certain user_level (optional), and cleans out problematic filenames on upload. Please let me know what you think, and thanks for the great idea about user levels!
Offline	Link

Mon, 14 Apr 2008, 11:14am	#9
Bruceper New member Registered: Feb, 2008 Last visit: Fri, 18 Apr 2008 Posts: 6	The plugin works well. Now if you don't mind, one other piece I'd like to see added would be the ability to edit the error message that users see right from the admin panel. Actually what might be best is a choice between error text and sending users to a URL. Other than that it's all good.
Offline	Link

Mon, 14 Apr 2008, 8:32pm	#10
Trevor Administrator Registered: Sep, 2005 Last visit: 5 hours ago Posts: 226	That's a good idea, Bruceper. I'll add it to the list and get to it at some point. If you're interested and need it quickly, you could take a crack at it and I'd be happy to help if necessary.
Offline	Link

Home » Forum Topics » almost effortless » Wordpress

Newest User: marek.dzik@gmail.com