Page 1 of 1

Protecting images

PostPosted: January 23rd, 2012, 4:47 am
by philipt18
I have images that I want to be viewable only by members of the site (level 1). I would be very interested to hear suggestions on how to go about this. Ideally I'd like the image to be replaced with a message saying it's only viewable by members, but at the very least I don't want it to be shown to non-members.

I thought about putting the images in a sub-directory of my public_html directory, and then using URI Restrictions to restrict access to that sub-directory. This kind of works, but doesn't solve the issue of displaying a message when someone who is not a member tries to view the image. I was wondering what other solutions people have come up with for this problem.

Is there a way of displaying a different image for non-members (i.e. a kind of placeholder image that says members-only)? Is there a way to prevent images from being downloaded by users, even if they are members? Is there a way to hide the URL to the image?

Any suggestions on how best to handle protecting images using s2member would be greatly appreciated. Thanks.

Re: Protecting images

PostPosted: January 23rd, 2012, 7:50 pm
by Eduan
Here's a setup you can use:
1. Create a page, with no page/post protections from s2Member.

2. Use s2Member conditionals to show the message if the user is not registered, and to show the image link/inline if they are registered, you can find the shortcode versions under WP Admin -> s2Member -> API / Scripting -> Simple/Shortcode Conditionals.

You can find the PHP versions under WP Admin -> s2Member -> API / Scripting -> Advanced/PHP Conditionals. For these you will need the Exec-PHP plugin or any other WordPress plugin that allows you to insert PHP into posts/pages.

3. Protect the image with the s2Member file protections, you can choose to show it inline, or to make the users download the image. Check this video on how to set them up. You can also check under WP Admin -> s2Member -> Download Options for all the info on how to accomplish the file restrictions, and on how to show it inline.

Hope this helps. :)

Re: Protecting images

PostPosted: January 24th, 2012, 6:04 am
by philipt18
So, if the image is linked to as:

<img src="http://SITENAME/RESTRICTED.PNG">

I would instead put:

<img src="[s2If current_user_can(access_s2member_level1)]
http://SITENAME/wordpress/?s2member_fil ... nload_key=<?php echo s2member_file_download_key("RESTRICTED.PNG"); ?>
[/s2If]
[s2If !current_user_can(access_s2member_level1)]
http://SITENAME/images/PLACEHOLDER.PNG
[/s2If]">

Where the RESTRICTED.PNG is now in the s2member-files folder, and PLACEHOLDER.PNG is what is shown to users who don't have access to the image?

Can I have sub-folders in the /wordpress/wp-content/plugins/s2member-files folder? If so, how would I create the URL to link to files in sub-folders? Thanks.

Re: Protecting images

PostPosted: January 24th, 2012, 8:10 am
by Eduan
I believe that would work yes.

You can have sub-folders, you can have as many sub-folders as you want, s2Member won't limit you on this manner, just make sure you don't confuse yourself. ;)

In order to put a sub-folder in the url simply put another forward slash ( / ), so if I want to access a normal file the url would be:
wp-content/plugins/s2member-files/file-in-the-s2member-files-folder

That would give me access to any file in the s2Member files folder, just make sure to put the name correctly, because it's case sensitive.

And so, if you want to access a sub-folder, simply put:
wp-content/plugins/s2member-files/sub-folder/file-in-the-sub-folder

Does this make sense?

Re: Protecting images

PostPosted: January 24th, 2012, 8:42 am
by camillemm
I use the conditionnal php functions to protect images ... and the WP library. You just have to get complex name for the image so it won't be guessed by non members and prevent the wp-content directory to be browsed by visitors (using .htaccess). I suggest to create an attachment.php in your theme containing

Code: Select all
<?php
header ('HTTP/1.1 301 Moved Permanently');
header ('Location: '.get_permalink($post->post_parent));
?>


so the visitor cannot visit the image attachment page.
Well, it's only if you want to use the image functions in WP :-)

Re: Protecting images

PostPosted: January 24th, 2012, 9:27 am
by philipt18
I notice that s2member-files has a .htaccess file with lots of stuff in it. Do I need to copy that to sub-folders as well?

Thanks.

Eduan wrote:I believe that would work yes.

You can have sub-folders, you can have as many sub-folders as you want, s2Member won't limit you on this manner, just make sure you don't confuse yourself. ;)

In order to put a sub-folder in the url simply put another forward slash ( / ), so if I want to access a normal file the url would be:
wp-content/plugins/s2member-files/file-in-the-s2member-files-folder

That would give me access to any file in the s2Member files folder, just make sure to put the name correctly, because it's case sensitive.

And so, if you want to access a sub-folder, simply put:
wp-content/plugins/s2member-files/sub-folder/file-in-the-sub-folder

Does this make sense?

Re: Protecting images

PostPosted: January 24th, 2012, 9:45 am
by Eduan
Not really, that should only be on the main WordPress folder.

Re: Protecting images

PostPosted: January 24th, 2012, 9:55 am
by philipt18
Taking a second look, I'm not sure where to insert the sub-directory name since I don't have

wp-content/plugins/s2member-files/file-in-the-s2member-files-folder


in my original example. For sub-directory SUBFOLDER would it be?:

<img src="[s2If current_user_can(access_s2member_level1)]http://genealogy.org.il/wordpress/?s2member_file_download=SUBFOLDER/1923_nurses.png&s2member_file_download_key=<?php echo s2member_file_download_key("1923_nurses.png"); ?>
[/s2If]


I'm not sure that makes sense. Do I need the subfolder for the key also?

Thanks.

Eduan wrote:I believe that would work yes.

You can have sub-folders, you can have as many sub-folders as you want, s2Member won't limit you on this manner, just make sure you don't confuse yourself. ;)

In order to put a sub-folder in the url simply put another forward slash ( / ), so if I want to access a normal file the url would be:
wp-content/plugins/s2member-files/file-in-the-s2member-files-folder

That would give me access to any file in the s2Member files folder, just make sure to put the name correctly, because it's case sensitive.

And so, if you want to access a sub-folder, simply put:
wp-content/plugins/s2member-files/sub-folder/file-in-the-sub-folder

Does this make sense?

Re: Protecting images

PostPosted: January 24th, 2012, 10:57 am
by Eduan
EDIT: This is an edit to the post above: The s2member-files folder should come with an .htaccess file, you must preserve that file.

You would insert the sub-folder in the s2member-files folder.

So let's say I have the sub-folder named "images", in which I'm going to insert images, so the URL for that would be:
/s2member-files/images

Now, in that folder I want a file named "image-1-cat.png", so the URL for that file would be:
/s2member-files/images/image-1-cat.png

Is that clear?

Now, if I want to protect that file with level 1, I would add
/s2member-files/access-s2member-level1/images/image-1-cat.png

The shortcode for all of this would be:
[s2If current_user_is(s2member_level1)]
This is an image, only for members level 1:
[s2File download="access-s2member-level1/images/image-1-cat.png" inline="yes" /]
[/s2If]
[s2If !current_user_is(s2member_level1)]
You must be a member level 1 in order to see this image
[/s2If]

Hope this clears some things up. :)

Re: Protecting images

PostPosted: January 24th, 2012, 11:29 am
by philipt18
Just to be clear, I don't need to copy the .htaccess file to sub-folders, right?

Also, I'm not clear on the folder access-s2member-level1 you created. There is nothing special to that name is there? I didn't see a way to restrict different folders with different levels. Is that just a name you made up, or is there actually a sub-folder you can use for specific levels?

If I left out that just used images/ it would be the same, no?

Also, the shortcodes you've used would actually prevent someone with a level higher than 1 from accessing the files, right? Instead, if I wanted all users from level 1 and up to access, I would use [s2If current_user_can(access_s2member_level1)] I would guess.

Eduan wrote:EDIT: This is an edit to the post above: The s2member-files folder should come with an .htaccess file, you must preserve that file.

You would insert the sub-folder in the s2member-files folder.

So let's say I have the sub-folder named "images", in which I'm going to insert images, so the URL for that would be:
/s2member-files/images

Now, in that folder I want a file named "image-1-cat.png", so the URL for that file would be:
/s2member-files/images/image-1-cat.png

Is that clear?

Now, if I want to protect that file with level 1, I would add
/s2member-files/access-s2member-level1/images/image-1-cat.png

The shortcode for all of this would be:
[s2If current_user_is(s2member_level1)]
This is an image, only for members level 1:
[s2File download="access-s2member-level1/images/image-1-cat.png" inline="yes" /]
[/s2If]
[s2If !current_user_is(s2member_level1)]
You must be a member level 1 in order to see this image
[/s2If]

Hope this clears some things up. :)

Re: Protecting images

PostPosted: January 24th, 2012, 12:57 pm
by Eduan
philipt18 wrote:Just to be clear, I don't need to copy the .htaccess file to sub-folders, right?

You are correct. :)

philipt18 wrote:Also, I'm not clear on the folder access-s2member-level1 you created. There is nothing special to that name is there? I didn't see a way to restrict different folders with different levels. Is that just a name you made up, or is there actually a sub-folder you can use for specific levels?

This is a special folder, this folder specifies that only level 1 will be able to access the files in this sub-folder, so it is essential if you have different levels. Check under WP Admin -> s2Member -> API / Scripting -> Custom Capability & Member Level Files for more information on the subject.

philipt18 wrote:If I left out that just used images/ it would be the same, no?

The same to what? If you mean the restrictions will be the same, then yes.

philipt18 wrote:Also, the shortcodes you've used would actually prevent someone with a level higher than 1 from accessing the files, right? Instead, if I wanted all users from level 1 and up to access, I would use [s2If current_user_can(access_s2member_level1)] I would guess.

You are correct. :)

Re: Protecting images

PostPosted: January 24th, 2012, 1:57 pm
by philipt18
What does [s2file] get re-written as, the URL to that file? i.e. to display the image inline, would I put?:

<img src="[s2File download="access-s2member-level1/images/image-1-cat.png" inline="yes" /]">

Re: Protecting images

PostPosted: January 24th, 2012, 2:10 pm
by Eduan
Yes, that shortcode will automatically bring out the correct url.

You don't need to use the <img src="" />, the inline="yes" in the shortcode should make the image appear there.

Hope this helps. :)