Description
Allows you to filter the settings for the user upload directory when using a file or image upload field.
The default directory will be /wpmembers/user_files/{user id}/ in your main uploads directory (usually /wp-content/uploads/). This is not secure from random sweeps of your possible directories. If uploaded files are more sensitive/personal in nature, consider other options such as obfuscation of the directory names by using randomized values. The examples below give some instruction on how to do this using the wpmem_user_upload_dir filter.
Parameters
$args
(array) (required) An array of arguments that make up the user upload directory.
Defaults:
$args = array(
'user_id' => $user_id,
'wpmem_dir' => 'wpmembers/',
'user_dir' => 'user_files/' . $user_id,
);Usage
This filter can be used to make changes to the directory a user uploaded file will be stored in. One of the parameters in the array is the $user_id so you can change directories based on the user ID. The sub directories are option in a sense, but one is not used, you must return the array key with an empty value.
The wpmem_dir subdirectory should have a trailing slash, but not leading slash (i.e. $args['wpmem_dir'] should be “directory_name/” not “/directory_name”). The user_dir subdirctory should likewise not contain a leading slash. The final directory in the user_dir subdirectory should not have a trailing slash ( i.e. $args['user_dir'] should be “user_dir/some_directory/someother_sub” but not “/user_dir/some_directory/someother_sub/”)
/**
* This example makes a completely custom path for
* user file uploads based on the specific user ID.
*/
add_filter( 'wpmem_user_upload_dir', function( $args ) {
// Change default directory if user ID is "10"
if ( 10 == $args['user_id'] ) {
$args['wpmem_dir'] = 'special_dir/',
$args['user_dir'] = 'special_sub'
}
// Make sure to return $args.
return $args;
});If you wanted to create user upload directories that obfuscate the directory name by using a hash value, you could consider the following use of the wpmem_user_upload_dir filter:
/**
* Add a random hash to the user upload directory.
*
* Change the default name of the user upload directory.
* This example completely removes the user ID value from the
* directory name, leaving it as a completely random string.
*
* Change $hash_len to set the length. Example creates a random
* string 36 characters long.
*/
add_filter( 'wpmem_user_upload_dir', function( $args ) {
// How long of a hash?
$hash_len = 36;
// Check if user already has a directory hash.
$hash = get_user_meta( $args['user_id'], 'wpmem_file_dir_hash', true );
if ( ! $hash ) {
/*
* If there is no existing hash, we need to create one.
*
* To make sure it is unique without having to do a for/while loop
* while checking the db, we can use the user ID in the string.
* Since the random hash is already long, inserting the user ID
* does not degrade the randomness. Theoretically, one could just
* add the user ID without this step, but I like to have everything
* being the same length so that a one digit user ID results in the
* same directory name length as a four digit user ID.
*
* This example makes it user ID + hash. For example, where the
* user ID is "234", the resulting direcotry would be like this:
*
* 234LXd2B8SE31u19TAS0SnwQW6ji
*
* For ultimate randomness in this example, consider switching to
* add the user ID to the end rather than the beginning. I did it
* at the beginning to allow a user with file system access to be
* able to browse the directory by user ID if they understood the
* directory name construction being done here.
*/
$uid_len = strlen( $args['user_id'] );
$hash = $args['user_id'] . wp_generate_password( ($hash_len-$uid_len), false, false );
update_user_meta( $args['user_id'], 'wpmem_file_dir_hash', $hash );
}
$args['user_dir'] = $hash;
return $args;
});Changelog
Added in version 3.1.0
Source
wpmem_user_upload_dir is located in includes/class-wp-members-forms.php