I am developing a web application that works on wordpress. Then I have a folder called GSC, and within it is the application.
The problem I have is when I have to control access to users to that directory since all that part will be private, only for registered users.
I have tried with some plugin as a wishlist member and it only protects the main folder and has no control in subfolders so the application fails since it can not load everything necessary.
So I've searched everywhere and I can not find any plugin anymore, or I do not know if it should be done by programming in each php file controlling if there is a user session, or if wordpress has something else to control access to folders, even see if you can configure htaccess so that it depends on wordpress users but I do not know if you can.
If someone can enlighten me and give me some idea.
Thank you very much
Update;
My htaccess
RewriteEngine on
RewriteCond %{REQUEST_URI} ^.*gsc/formulario-clientes/.*
RewriteRule ^(.*)$ /wp-private.php?file=$1 [QSA,L]
Wp-private.php
<?php
/*
* dl-file.php
*
* Protect uploaded files with login.
*
* @link http://wordpress.stackexchange.com/questions/37144/protect-wordpress-uploads-if-user-is-not-logged-in
*
* @author hakre <http://hakre.wordpress.com/>
* @license GPL-3.0+
* @registry SPDX
*/
require_once('wp-load.php');
require_once ABSPATH . WPINC . '/formatting.php';
require_once ABSPATH . WPINC . '/capabilities.php';
require_once ABSPATH . WPINC . '/user.php';
require_once ABSPATH . WPINC . '/meta.php';
require_once ABSPATH . WPINC . '/post.php';
require_once ABSPATH . WPINC . '/pluggable.php';
require_once ABSPATH . 'wp-admin/includes/file.php';
$path = get_home_path()."gsc" ;
is_user_logged_in() || auth_redirect();
//list($basedir) = array_values(array_intersect_key(wp_upload_dir(), array('basedir' => 1)))+array(NULL);
$basedir = $path;
$file = rtrim($basedir,'/').'/'.str_replace('..', '', isset($_GET[ 'file' ])?'formulario-clientes/'.$_GET[ 'file' ]:'');
if (!$basedir || !is_file($file)) {
status_header(404);
// wp_redirect(home_url());
die('404 — File not found.'.$file);
exit();
}
$mime = wp_check_filetype($file);
if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) )
$mime[ 'type' ] = mime_content_type( $file );
if( $mime[ 'type' ] )
$mimetype = $mime[ 'type' ];
else
$mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 );
header( 'Content-Type: ' . $mimetype ); // always send this
if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) )
header( 'Content-Length: ' . filesize( $file ) );
$last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );
$etag = '"' . md5( $last_modified ) . '"';
header( "Last-Modified: $last_modified GMT" );
header( 'ETag: ' . $etag );
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
// Support for Conditional GET
$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
$_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
// If string is empty, return 0. If not, attempt to parse into a timestamp
$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;
// Make a timestamp for our most recent modification...
$modified_timestamp = strtotime($last_modified);
if ( ( $client_last_modified && $client_etag )
? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) )
: ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) )
) {
status_header( 304 );
exit;
}
// If we made it this far, just serve the file
readfile( $file );
It works and it allows me to access by wordpress user, except that a line is commented and I do not know why. And it is necessary since I have a whole form and its functionality in that require.
Any ideas?