2

Fist of all, my PHP skills are almost zero, I used to have a friend to make this kind of things and I'm more into css and html and making the content of the web but since He disappeared I have to be in charge of this web of mine that works in Wordpress. He made an awesome app to download files that is not a WP Plugin but works fine, the only thing I wanna do is to make that tool into a "just if logged into the main web" tool. When click on the link that is manually generated it loads in a new page like:

"myweb[dot]com/folder1/Down.php?id=..."

I found that file ' Down.php ' that is something like this:

<?php
.
.
.
?>
<!DOCTYPE html>
<html lang="es-ES">
.
.
.
</html>

but I don't know how to add the wordpress user authentication, I found a code that could work... maybe, but I don't know how to use it, If you know how to do this or know another way I would very thankful if you could help me.

<?php 
if ( is_user_logged_in() ) :

    // Contenido solo para usuarios registrados    

else :

    // Mensaje para los que no pueden ver el contenido anterior
    echo 'Lo sentimos, este contenido sólo está disponible para usuarios registrados :-(';

endif;
?>

I already found a way to restrict the link's visiblity on the web(with a WP Plugin), but I also found that It's pretty easy to avoid it by guessing the direct link and that's pretty easy. Please, help me with this.

Sasori Akasuna
  • 25
  • 5
  • To use the `is_user_logged_in()` function, you'd need to load the WordPress code, which "Down.php" doesn't seem to be. See [this question](http://stackoverflow.com/q/5306612/1714); it's talking about `$wpdb`, but the principle's the same. As per the comment in the accepted answer, you only need to include `wp-load.php`. In terms of where exactly to put the `if`-`else` block, that's hard to say without seeing the code of "Down.php". – Hobo Jun 27 '16 at 03:57
  • Well forgot abot the 'else' statement, I just need the HTML to don't appear when Is not logged in on the main page, could you please give me some test code, especulation or something, I have more than a wordpress installation by the way, and my folders on the server are like: home/random_name/public_html(here is a WP Installation)/wp_main_ web_installation/download_folder(here are the app'Down.php' and the files to download) – Sasori Akasuna Jun 27 '16 at 05:13
  • The `else` statement isn't the tricky bit; it's understanding exactly the structure of "Down.php". But give me a few minutes and I'll post something that may help. – Hobo Jun 27 '16 at 05:20

1 Answers1

2

Based on my comment and your feedback, something like this might work. Put the code I've added right at the top, under <?php. It should (I haven't tested it) send a 403 (forbidden) response if the user isn't logged in.

<?php
$path = $_SERVER['DOCUMENT_ROOT'];
require_once $path . '/wp-load.php';

if ( ! is_user_logged_in() ) {
    header("HTTP/1.1 403 Forbidden" );
    die();
}

.
.
.
?>
<!DOCTYPE html>
<html lang="es-ES">
.
.
.
</html>

If WordPress isn't in public_html, it might fail (I'm not sure without testing) - it could need the directory name before wp-load.php. But if I've understood your question, that shouldn't be the case.

Hobo
  • 7,536
  • 5
  • 40
  • 50
  • OMG! It worked perfectly. For now, that would be all that I need. If you want I can send you that "Down.php" file now by email or something, and the files tree on my hostserver. Very very thank you. – Sasori Akasuna Jun 27 '16 at 05:46
  • Happy to help. No need to send me anything if it's working. Thanks for accepting my answer – Hobo Jun 27 '16 at 05:50
  • Just to add one little thing, the web is not right there on the public_html, yes there is a wordpress installation there and works like a cover sheet only, the admin have access there, but the main web is a subdomain, that is on: public_html/subdomain/. – Sasori Akasuna Jun 27 '16 at 05:57
  • Oh, forget about that, I just learn a little of how the 'Document_Root' works, and ther's nothing to worry about. – Sasori Akasuna Jun 27 '16 at 06:59