2013-05-14 16:35



I am trying to figure out how to use this in a wordpress environment:

From: Block direct url access but allow download

1st: .htaccess(in uploads folder)

Order Deny,Allow
Deny from all

2nd: (in wp-content folder "thePHPfile.php")

if( !empty( $_GET['name'] ) )

 //if( is_user_logged_in() )
    $file_name = preg_replace( '#[^-\w]#', '', $_GET['name'] );
    $the_file = "{$_SERVER['DOCUMENT_ROOT']}/wp-content/uploads/2013/05/oprotunity.jpg";
    //$the_file = "{$_SERVER['DOCUMENT_ROOT']}/wp-content/uploads/2013/05/{$file_name}.jpg";
    if( file_exists( $the_file ) )
      header( 'Cache-Control: public' );
      header( 'Content-Description: File Transfer' );
      header( "Content-Disposition: attachment; filename={$the_file}" );
      header( 'Content-Type: image/jpeg' );
      header( 'Content-Transfer-Encoding: binary' );
      readfile( $the_file );


If I comment out the is_user_logged_in statement it works like a charm. I would like to add some conditional statements so I can serve the file to a role or even specific users by id or name. I can to the leg work but I am not sure how to get the needed functions from WordPress.

in the src area I put (wp-content directory)/thePHPfile.php?name=my-image-name

How do I use wordpress functions in the file?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • dongtu1958 dongtu1958 8年前

    In order to call Wordpress functions from an arbitrary script you'll need to include the Wordpress "start". This is not index.php. The file you need to include is wp-blog-header.php from your wordpress root directory. Once this is loaded, it will give you access to all the Wordpress functions.

    点赞 评论 复制链接分享