How to mask external download links to be only accessible by logged-in users?
Like the direct download link example: www.example/direct-download-link1
We want to mask it like: www.ourwebsite/direct-download-link1
and this above link should only be accessible by logged-in members.
How to do?
How to mask external download links to be only accessible by logged-in users?
Like the direct download link example: www.example/direct-download-link1
We want to mask it like: www.ourwebsite/direct-download-link1
and this above link should only be accessible by logged-in members.
How to do?
Share Improve this question asked May 8, 2019 at 19:15 maxwassimmaxwassim 15 bronze badges 4- let me understand this better, You want to check whether current user is logged in to change displaying URL, am I right? – Vishwa Commented May 9, 2019 at 5:09
- not changing the displaying of URL but they shouldnt get access when they copy outside of wp and paste into their browser url bar. So it may be something like a redirect url but only for logged in members – maxwassim Commented May 9, 2019 at 5:50
- IMO, if someone has the direct link (Ex: website/file.jpg), then they can share it outside, and others can have access to file directly. to avoid that, you can add session to the download link at the download site. or add ip filter (should be the same ip that logged in user clicked on), but to do that, you have to pass users ip value to download server – Vishwa Commented May 9, 2019 at 5:54
- yes but the easy way is just mirroring external link structure – maxwassim Commented May 9, 2019 at 17:18
1 Answer
Reset to default 0I will make an assumption, based on your question:
You care how your link is output by the back-end and a JS-based solution is not good, since it defeats the assumed security.
My suggestion? Instead of doing checks virtually everywhere in your codebase where there's an output link, in your set-up, as early as possible after the user has logged in, do:
$user = wp_get_current_user();
if( $user->exists ) {
add_filter( 'public_link_root', function() { return 'example'; } );
}
Whenever you have to output a link, instead of doing that check over and over, because it's already established that the user's logged in, if you wrote your system in the correct manner (and you can do additional checks), do:
$link_to_output = apply_filters( 'public_link_root', 'ourwebsite' ) . '/resources/whatever/here';
Don't forget to esc_url whenever you output the link, you can wrap all this in a function if you want.