First, sorry for my english.
I am developing a web application that works on wordpress. I have a folder called GSC, and inside it is my application.
The problem I have, is when I have to control access to users to that directory since all that part will be private, only for registered users.
I have tried with some plugin as wishlist member and only protects the main folder and has no control in subfolders so the application fails since it can not load all the necessary.
So I've searched everywhere and I can not find any more plugin, or I do not know if I should be by programming in each php file controlling if there is a user session, or if wordpress has something else to control access to folders, even look if it you can configure htaccess so that it depends on wordpress users but I do not know if you can.
If someone can give me some idea.
Thank you
Update:
My htaccess
RewriteEngine on
RewriteCond %{REQUEST_URI} ^.*gsc/formulario-clientes/.*
RewriteRule ^(.*)$ /wp-private.php?file=$1 [QSA,L]
Wp-private.php
<?php
/*
* dl-file.php
*
* Protect uploaded files with login.
*
* @link http://wordpress.stackexchange.com/questions/37144/protect-wordpress-uploads-if-user-is-not-logged-in
*
* @author hakre <http://hakre.wordpress.com/>
* @license GPL-3.0+
* @registry SPDX
*/
require_once('wp-load.php');
require_once ABSPATH . WPINC . '/formatting.php';
require_once ABSPATH . WPINC . '/capabilities.php';
require_once ABSPATH . WPINC . '/user.php';
require_once ABSPATH . WPINC . '/meta.php';
require_once ABSPATH . WPINC . '/post.php';
require_once ABSPATH . WPINC . '/pluggable.php';
require_once ABSPATH . 'wp-admin/includes/file.php';
$path = get_home_path()."gsc" ;
is_user_logged_in() || auth_redirect();
//list($basedir) = array_values(array_intersect_key(wp_upload_dir(), array('basedir' => 1)))+array(NULL);
$basedir = $path;
$file = rtrim($basedir,'/').'/'.str_replace('..', '', isset($_GET[ 'file' ])?'formulario-clientes/'.$_GET[ 'file' ]:'');
if (!$basedir || !is_file($file)) {
status_header(404);
// wp_redirect(home_url());
die('404 — File not found.'.$file);
exit();
}
$mime = wp_check_filetype($file);
if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) )
$mime[ 'type' ] = mime_content_type( $file );
if( $mime[ 'type' ] )
$mimetype = $mime[ 'type' ];
else
$mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 );
header( 'Content-Type: ' . $mimetype ); // always send this
if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) )
header( 'Content-Length: ' . filesize( $file ) );
$last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );
$etag = '"' . md5( $last_modified ) . '"';
header( "Last-Modified: $last_modified GMT" );
header( 'ETag: ' . $etag );
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
// Support for Conditional GET
$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
$_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
// If string is empty, return 0. If not, attempt to parse into a timestamp
$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;
// Make a timestamp for our most recent modification...
$modified_timestamp = strtotime($last_modified);
if ( ( $client_last_modified && $client_etag )
? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) )
: ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) )
) {
status_header( 304 );
exit;
}
// If we made it this far, just serve the file
readfile( $file );
It works and it allows me to access by wordpress user, except that a that I have in the code appears as and I do not know why.
any idea?