0

In general, the question is: How to mask external download links as internal links and to be only accessible by logged-in wp users at htaccess level or with PHP script? We have Perl based script at our external URL and its generating different download URLs. If you help how can we apply it on an external site we can do so.

We successfully redirect www.ourwebsite.com/resources to external download link by simple htaccess code:

Redirect 301 /resources https://external.com/direct-download-link1

However, if the URLs (www.ourwebsite.com/resources/download-1.html etc.) are scraped by WordPress members and share & paste into their browser address bars when they don't log in then the download links are still accessible. We want to prevent it. So how to disallow non-members from accessing download links directly?

Hasitha Jayawardana
  • 2,326
  • 4
  • 18
  • 36
diladadufe
  • 3
  • 1
  • On the download script, can't you just check for the WP user session and see if they're logged in? If not logged in show 404 error or whatever. – BadHorsie May 14 '19 at 11:39
  • so how can i do that? can you show an example code for it? – diladadufe May 14 '19 at 11:44
  • Have you tried searching for it? https://stackoverflow.com/questions/19946972/wordpress-check-if-user-is-logged-in – BadHorsie May 20 '19 at 21:06

1 Answers1

0

If you can change where the redirect goes have it go to a PHP page where you may load WordPress and check the role of the user to make sure they are logged in.

require('../wp-load.php');  // modify to reflect where your PHP file is in relation to Wordpress
$roles = wp_get_current_user()->roles;  // get current users role

if (!in_array('alloweduserrole',$roles)) {  // modify to match your roles that are allowed to download

    header('Location: http://www.ourwebsite.com/');
    exit;

}  // end of if user does not have the proper role
Dave
  • 5,108
  • 16
  • 30
  • 40