Using Meta Box Field to Restrict Content to Logged-in Users

This topic has 1 reply, 2 voices, and was last updated 1 year, 7 months ago by Peter.

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
April 20, 2023 at 7:51 PM #41565
Bret Carmichael
Participant
👋 Hi there,

I am trying to use Meta Box to restrict specific media (images, PDFs, etc.) to logged-in users. I created a custom field, which I have named privacy. It can have one of two values: member or public. I linked the Meta Box custom field to Attachements, so it is selectable on anything in my Media library.

When a media item, like a JPG, has a privacy value of member, the content should not be viewable anywhere on the internet, unless a user is logged-in to WordPress. When the privacy value is public, nothing needs to happen.

To accomplish this, I have some .htaccess code that refers file requests to a .php file where I check for two things: 1) that the visitor is logged-in to WordPress, and 2) whether the Meta Box privacy field has a value of member. When bot hare true, the visitor should be permitted to view member files. When the user is not logged-in, they should be restricted from viewing member files.

Unfortunately, despite several rewrite attempts, I'm unable to apply these restrictions. Nothing happens. I'm unsure if Meta Box can support this, or if I'm calling the field value wrong. Any suggestions will be greatly appreciated.

This is my .htaccess script, added to the root directory of WordPress:
```
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} -s
    RewriteRule ^wp-content/uploads/(.+)$ check-login-status.php?file=$1 [QSA,L]
</IfModule>
```
This is my check-login-status.php file, added to the root directory of WordPress:
```
<?php
// Make sure a file is specified
if(isset($_GET['file'])) {
    $file_path = realpath(ABSPATH . '/wp-content/uploads/' . $_GET['file']);
    
    // Check if the file exists
    if(file_exists($file_path)) {
        
        // Check if the user is logged in and the media file has a privacy value of "member"
        if(is_user_logged_in() && rwmb_meta('privacy') === 'member') {
            // Set appropriate headers
            header('Content-Description: File Transfer');
            header('Content-Type: application/octet-stream');
            header('Content-Disposition: attachment; filename="' . basename($file_path) . '"');
            header('Expires: 0');
            header('Cache-Control: must-revalidate');
            header('Pragma: public');
            header('Content-Length: ' . filesize($file_path));
            readfile($file_path);
            exit;
        } else {
            // User is not authorized to access the file
            wp_die(__('You are not authorized to access this file.'));
        }
    } else {
        // File does not exist
        wp_die(__('File not found.'));
    }
} else {
    // No file specified
    wp_die(__('No file specified.'));
}
```
Thank you!

Add New Note to this Reply
April 21, 2023 at 6:19 PM #41576

Peter
Moderator

Hello Bret,

I suggest you can try to add all arguments to the helper function rwmb_meta(), for example:

rwmb_meta( 'privacy', '', 123 );

where 123 is the attachment ID. Because the helper function is not executed in a loop so you need to add the post ID to the third argument.

Or you can try to use the function get_post_meta() if the code is executed earlier than the init hook with priority 20.

Please read more on the documentation
https://docs.metabox.io/functions/rwmb-meta/
https://developer.wordpress.org/reference/functions/get_post_meta/

Add New Note to this Reply
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.