I am working on file sharing system where a user is able to upload a file to their account.
Now the uploading part works. I made it so it uploads the file into a specific directory based on the user_nicename and the user_id
Example:
https://site.nl/wp-content/uploads/useruploads/[user_nicename][user_id]/file.pdf
So now I was thinking to rewrite the URL when a user clicks on the file to a download.php file which checks if the user is the correct user.
.htaccess:
# Disable directory listing
Options -Indexes
# Rewrite requests to /wp-content/uploads/useruploads/ to download.php
RewriteRule ^wp-content/uploads/useruploads/(.*)$ /wp-content/themes/Child%20Theme/file-access/download.php?file=$1 [QSA,L]
Now the main problem is I am getting a permission error
My second inquiry is whether this is deemed safe. or should there be more authentication or should I do this in a complete different way?
Add htaccess in your useruploads folder, to redirect user to download.php file, where you can check, if the user is the correct user..