使图像私人在Word preSS [英] Make images private in Wordpress

问题描述

我在做一个网站，我想为私人。最重要的部分是，在域上的图像不能被看到，而不在第一用户记录。    所以，我想所有的流量重定向到www.DOMAINNAME.com/wp-admin（也可用于图像），如果没有登录的用户。

I'm making a site, that I would like to make private. The most important part, is that the images on the domain can't be seen, without the user logging in first. So I would like all traffic to be redirected to www.DOMAINNAME.com/wp-admin (also for images), if the user isn't logged in.

下面是我已经试过：

1）插件。我都试过字preSS强制登录，该插件的 WP-需要登陆和的即将推出网页和维护模式。

1) Plugins. I've tried both Wordpress Force Login , the plugin wp-require-login and a Coming soon page and Maintenance mode.

2）添加从<一个函数href="http://stackoverflow.com/questions/22519805/how-to-make-word$p$pss-blog-completely-invisible-to-public-not-private">this回答。这是这样的：

2) Adding a function from this answer. Which is this:

function is_login_page() {
    return in_array( $GLOBALS['pagenow'], array( 'wp-login.php', 'wp-register.php' ) );
}

function wpse_make_blog_private() {
    if ( ! is_user_logged_in() && ! is_admin() && ! is_login_page() ) { 
    global $wp_query;
    $wp_query->set_404();
    }
}
add_action( 'wp', 'wpse_make_blog_private' );

这些东西不重定向流量，如果我去了直接网址的形象（如<一个href="http://www.DOMAINNAME.com/uploads/2015/10/foobar.jpg">http://www.DOMAINNAME.com/uploads/2015/10/foobar.jpg ）。

可以在做些什么呢？

-----------------编辑1 --------------

----------------- EDIT 1 --------------

梅维斯指出，这个词preSS可能无法正确​​载入，如果你在直接URL为图像类型，所以他建议，它应该在Apache级来完成。

Mevius pointed out, that Wordpress might not be loaded, if you type in the direct URL to an image, so he suggests, that it should be done on apache-level.

-------------编辑完1的-----------

------------- END OF EDIT 1 -----------

推荐答案

您可以以此为复杂或只要你想的那么简单。最简单的就是检查引用所建议的Hemnath眸里但可以很容易地欺骗。

You can make this as complicated or as simple as you want. The simplest is to check the referrer as suggested by Hemnath Mouli but that can spoofed easily.

不过，如果你想要去的非常深的...;）

However, if you want to go really deep... ;)

使用.htacess文件与重写规则，以所有图像改写成自举字preSS和检查用户的身份验证状态的PHP脚本。你也应该.htaccess文件添加到您的图像文件夹，拒绝直接访问该文件夹排除极端情况。

Use .htacess file with a RewriteRule to rewrite all images into a PHP script that bootstraps Wordpress and checks the user's authentication status. Also you should add an .htaccess file to your images folder to deny direct access to the folder to exclude edge cases.

警告：本code为概念恰恰证明，让你开始！

的.htaccess

重写规则^（* \（JPG |。GIF | PNG））？$ isAuthenticated.php PATH = $ 1

isAuthenticated.php

require_once("wp-blog-header.php");

$allowedExtensions = array("jpg", "gif", "png");

$path = $_SERVER["DOCUMENT_ROOT"].DIRECTORY_SEPARATOR.$_REQUEST["path"];
$pathInfo = pathinfo($path);

// Check if the Wordpress user is logged in and if the file extension is allowed
// @see https://codex.wordpress.org/Function_Reference/is_user_logged_in
if (!is_user_logged_in() || !in_array($pathInfo["extension"], $allowedExtensions)) {
    header("HTTP/1.1 403 Forbidden");
    exit;
}

if(!file_exists($path)) {
    header("HTTP/1.1 404 Not Found");
    exit;
}

// Display the file and set the correct mimetype
$resource = finfo_open(FILEINFO_MIME_TYPE);
$mimetype = finfo_file($resource, $path);
finfo_close($resource);

header("Content-Type: ".$mimetype);
readfile($path);

这篇关于使图像私人在Word preSS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！