-2

How to mask external download links as internal links and to be only accessible by logged-in users? And even logged-in members shouldn't see the external download site domain if they logged-in and looked at posts. It should be masked for everyone. Plus they shouldn't get access to download url if they copy/paste the url into their browser if they don't logged-in to wordpress site.

Like the direct download link example here: www.externallink.com/direct-download-link1

We want to mask it like as our internal url: www.ourwebsiteurl.com/direct-download-link1

and this above link should only be accessible by logged-in members.

How to do?

We've tried below codes inside functions.php and single post.php. But nothing happened, nothing changed. We have full control of external download link site. And it is perl based script which generates different download links.

$user = wp_get_current_user();
if( $user->exists ) {
    add_filter( 'public_link_root', function() { return 'example.com'; } );
}

$some_link = apply_filters('public_link_root', 'ourwebsite.com') . '/resources';
echo '<a href="' . $some_link . '">View Resources</a>';

or this one:

$link_to_output = apply_filters( 'public_link_root', 'ourwebsite.com' ) . '/resources/whatever/here';

or in functions.php:

function custom_link() {
     $user = wp_get_current_user();
     return (is_user_logged_in())? "www.example.com/direct-download-link1":"just_a_dummy_link";
}

single.php:

echo '<a href="' . custom_link() . '">View Resources</a>';

I expected to all urls of www.externallink.com domain will be changed to www.ourwebsiteurl.com but nothing changed with above codes. The links should be masked for even logged-in members. And those links shouldn't be work if they copy and paste those urls into their browser if they are not logged-in.

maxwassim
  • 9
  • 7
  • If you have no control over the direct downliad link (directdownloadsite.com), i dont really see the need for mask anything because a user can just share the link to anyone and so it is always accessible for a user who is not logged in. Maybe re-think your general logic in the application. – Aaron May 13 '19 at 06:58
  • I can not even find any documentation for a WP filter called `public_link_root` … where did you get this from? Is this supposed to be part of the functionality of some additional plugin, or what? – 04FS May 13 '19 at 07:50
  • Aaron i have the control of directdownloadsite.com site and its script – maxwassim May 14 '19 at 06:17

1 Answers1

0

Update

OP's comments: "What about redirection? It can be seen i know i just wanted at least hide those urls so most of them wont know it."

The easiest way is to edit the .htaccess file on your server 

Redirect 301 /resources https://external.com/direct-download-link1

Edited

Perhaps you can create your own custom function using is_user_logged_in() (see doc). Anywhere you want to put a link, call your custom function:

So in functions.php:

function custom_link() {
    // will only show link when user is logged in
    if (is_user_logged_in()) {
        // this only shows the "internal" link which will be redirected to external link
        echo '<a href="https://www.example.com/resources">View Resources</a>';
    }
}

And on your page:

   custom_link(); //will not show link if user not logged in
chatnoir
  • 2,185
  • 1
  • 15
  • 17
  • Applied the above code into functions.php and single.php but it didn't change the url or mask. Nothing happened. It should be mask www.externaldownloadsite.com domain with www.mysite.com domain on wordpress posts . You've posted the complete url – maxwassim May 14 '19 at 06:41
  • I meant even the logged-in users shouldnt see the link and it should be masked for them too. – maxwassim May 14 '19 at 06:46
  • The `a href` attribute cannot be faked. Clicking that will call whatever URL that's there. Even if you "hide" the URL within javascript, it can still be seen in both the javascript and by looking at network connections to that URL. If you don't want any user to know the real download URL, you need to write your own PHP script on your own server. Call that script, which then calls the download server and pass the results back to your user. – chatnoir May 14 '19 at 06:58
  • What about redirection? It can be seen i know i just wanted at least hide those urls so most of them wont know it. – maxwassim May 14 '19 at 07:15
  • Does it just for one url or every urls that belong to specified external domain? – maxwassim May 14 '19 at 08:40
  • That just means that anytime your server sees https://www.example.com/resources it will redirect to https://www.external.com/direct_download_link1 . You can do more complicated redirections though but I think it's best to put that under a new question. – chatnoir May 14 '19 at 08:45
  • No. I was asked for how to mask external.com to ourwebsite.com – maxwassim May 14 '19 at 08:48
  • So that .htacess will "mask" your external link (only for downloads, otherwise the new address will show in your browser address bar), in the sense that when you click `https://ourwebsite.com/resources` it will redirect to `www.external.com/direct_download_link1` – chatnoir May 14 '19 at 08:54
  • ok and that code in functions.php will mask the external download links as internal inside every posts first, right? and then htaccess will come in play when they click links as https://ourwebsite.com/resources then it will redirect to external, seems logical will try that – maxwassim May 14 '19 at 09:45
  • Exactly, and non-logged-in users won't even see a link to click. – chatnoir May 14 '19 at 10:00
  • it worked but when i log out copy and paste the link https://ourwebsite.com/resources/downloadlink1.html into browser address bar it still download , so non logged in users still able to access the download link , can we also do non-logged in function for htaccess base? – maxwassim May 14 '19 at 11:04
  • Unfortunately no you can't. – chatnoir May 14 '19 at 11:06
  • and then this goes useless as they still can access the download link by simply pasting it to url however i have control over external download site how can i do that on that server side? – maxwassim May 14 '19 at 11:09
  • No easy way to do that on the server-side the way it's set up here. You might have to write a php on your internal site to test for is_user_logged_in() and then call the external link and pass through all the info. However this is not so simple and also getting a lot further away from your original question. – chatnoir May 14 '19 at 11:13