Word Press Plugin that lets anyone upload but no one download? Securely (SSL)?
October 18, 2010 1:59 PM   Subscribe

Using Word Press as a CMS, we would like to have an (easy) way for any random client to upload a file.

However, it's very important that the file *WOULD THEN BE INACCESSABLE WITHOUT ME FTPING IN TO GET IT*. That second part is VERY important. Just as important is that the file upload is done over SSL. Bonus would be tracking the IP address and/or username (if done by someone logged in) and ap/pre-pending that to the file. But I don't want people to have to do something silly like login and access the control panel, make a new post and save it as a draft... etc. Even if the file WAS inaccessible after that (which I don't think it is), it's still too cumbersome.

Is there a plugin like this out there that "Just Works" for Wordpress? Or am I going to have to code something specific? I can't believe that no one has done this before... but I've been wrong way more then I'll admit to. :) I've Google around a bit and am not currently seeing anything that fits my bill. I'm very sorry if there's something obvious that I've just missed.

Also, I'm not a coding god. In fact, while not entirely true, for the sake of this question, assume I suck at coding.

Thanks in advance, Me-fites! I do appreciate the help! :)
posted by TrueVox to Computers & Internet (7 answers total) 2 users marked this as a favorite
 
Look around for stuff aimed at academics; this is the kind of problem a teacher accepting submissions has to address. I'd bet you'll find at least one plugin.

As far as SSL only you simply need the page accepting the upload to only be accessible via https. You should be able to find a lot of information on how to force pages to be that way, including under wordpress.
posted by phearlez at 3:13 PM on October 18, 2010


Erm... I'd have a custom template form for upload which then pointed to a php file on the server (which was not part of Wordpress) which took the input of the form and wrote it to a MySQL database. Create a database such:

Username
IP
DateTime
BLOB (Binary Large Object)


It's a pretty easy thing to setup, could be done in an hour of coding on your own, though I imagine if you take a look over at sitepoint.com you'll find tutorials and example code that already do this kind of thing. If you want more help/pointers, send me a message.
posted by Biru at 3:44 PM on October 18, 2010


Check out Gravity Forms. May still require some customization to make it inaccessible from the admin area, but it would save you starting from scratch.
posted by TallulahBankhead at 4:28 PM on October 18, 2010


Why not just use htaccess to deny access to all files in the directory that wordpress dumps the files in?

It should take you less than a minute.
posted by Brian Puccio at 7:39 PM on October 18, 2010


Response by poster: OK, this gives me a lot to work with. It looks like there is no magic "plugin" that will do this. I'll try looking towards the options that you have all suggested. And thank you for the option to msg you, Biru - I may take you up on that if I can't find a simpler solution!

And Brian, that would work, I suppose, for limiting access, but I have no idea how they would upload in the first place (perhaps I'm missing something obvious).
posted by TrueVox at 1:06 PM on October 19, 2010


Not that I use WordPress, but I thought WordPress lets people post content of various sorts, including attachments. If it doesn't, switch to something more robust. drupal + filefield module will do it in minutes.
posted by Brian Puccio at 4:47 PM on October 19, 2010


Response by poster: Yes, I was actually working with Drupal for a while, but there's so much in Drupal that I had to do via hacky plugins that "just worked" in WP, I decided to make the switch.
posted by TrueVox at 10:30 AM on October 20, 2010


« Older No slider bar for contrast...now what?   |   Where is the cheapest alignment that will get the... Newer »
This thread is closed to new comments.