s2member Secure File Browser Plugin

s2Member Secure File Browser is a wordpress plugin for browsing files from the secure-files location of the s2Member® WordPress Memberships plugin.

Shortcode

You can display the file browser via the shortcode [s2member_secure_files_browser /].

The shortcode will display a file browser item with only granted directories for current user.

The shortcode can handle :

• access-s2member-level0 directory for level #0 and more users
• access-s2member-level1 directory for level #1 and more users
• access-s2member-level2 directory for level #2 and more users
• access-s2member-level3 directory for level #3 and more users
• access-s2member-level4 directory for level #4 and more users
• access-s2member-ccap-* custom capabilities directories for according users
• any directory for all users in read only (unable to download)

All these featured folders can be located anywhere and they can be used several times.

Clicking on a file will launch the download according to the s2member files access control.

Please use the shortcode generator in the Dashboard > s2Member Menu > Secure File Browser to generate complex values.

Available shortcode options

• collapseeasing : Easing function to use on collapse
• collapsespeed : Speed of the collapse folder action in ms
• cutdirnames : Truncate directory names to specific chars length
• cutfilenames : Truncate file names to specific chars length
• dirbase : Initial directory from the s2member-files directory
• dirfirst : Show directories above files
• displayall : Display all items without checking if user is granted to download them
• displaybirthdate : Display files birth date
• displaycomment : Display files comment
• displayname : Display files displayname instead of regular files name
• displaydownloaded : Show if a file has already been downloaded
• displaysize : Display files size
• displaymodificationdate : Display files modification date
• dirzip : Let directories be downloaded
• expandeasing : Easing function to use on expand
• expandspeed : Speed of the expand folder action in ms
• filterdir : A full regexp directories have to match to be displayed
• filterfile : A full regexp files have to match to be displayed
• folderevent : Event to trigger expand/collapse
• hidden : Show hidden files or not
• multifolder : Whether or not to limit the browser to one subfolder at a time
• names : Replace files name with custom values
• openrecursive : Whether or not to open all subdirectories when opening a directory
• previewext : Display file preview button for these extensions
• s2alertbox : Display the s2member confirmation box when a user tries to download a file
• search : Let user search files
• searchgroup : Group shortcodes with a single single search box
• searchdisplay : How to display search results
• sortby : Sort files in directories by a criteria

All informations about these options are well documented in :

• Dashboard > s2Member > Secure File Browser panel for admin (manage_options capability)
• Dashboard > Tools > Secure File Browser panel for users

Example (A shortcode has to be defined on one line, here is on several lines below only for better understanding) :

[s2member_secure_files_browser folderevent="mouseover" expandeasing="linear" expandspeed="200" collapseeasing="swing" collapsespeed="200" multifolder="0" openrecursive="1" dirbase="/" hidden="1" dirfirst="0" openrecursive="1" filterdir="%2F(access%7Ctata)%2Fi" filterfile="%2F%5C.(png%7Cjpe%3Fg%7Cgif%7Czip)%24%2Fi" names="access-s2member-level0:General|access-s2member-ccap-video:Videos" search="1" searchdisplay="4D" /] 

You can generate a shortcode with complex options with the Shortcode Generator in the Dashboard > s2Member > Secure File Browser panel

Widgets

You can display both fully customizable widgets for :

• Top downloads
• Latest downloads
• Latest available files

Dashboard

The admin panel is reachable via the Dashboard > s2Member Menu > Secure File Browser menu.

Available features are :

• Statistics : display all downloads/top downloads/top downloaders, sort and apply filters by date, user, file, IP Address, …
• Statistics : download stats in XML and CSV format
• Statistics : display current s2Member accounting, sort and apply filters by date, user, file and file
• File Browser : Rename, delete, comment and add a display name for files and folders
• Cache management : Rebuild file cache
• Shortcode generator
• Shortcode documentation
• Settings : Received an email each time a user downloads a file
• Settings : Received scheduled reports
• Settings : How many logs you want to keep ?
• Settings : Delete logs
• Settings : Give access to others users to some parts of the admin menu

Don’t hesitate to ask me new features or report bugs on potsky.com !

What’s next?

All futures requests are handled on GitHub

Translators

• Serbo-Croatian : Borisa Djuraskovic at http://www.webhostinghub.com
• French : Potsky

Requirement : you need to install first the wonderful and free s2Member® plugin available here

s2member Secure File Browser is very easy to install (instructions) :
* Upload the /s2member-secure-file-browser folder to your /wp-content/plugins/ directory.
* Activate the plugin through the Plugins menu in WordPress®.

1. 

   File browser in action

2. 

   Admin > File browser in action

3. 

   Admin > File browser in action when deleting a directory

4. 

   Admin > File browser in action when renaming a directory

5. 

   Admin > Download statistics

6. 

   Admin > Shortcode generator

7. 

   Admin > Shortcode documentation

8. 

   Admin > General settings for logs management and access

9. 

   Admin > Notification settings for email reporting

10. 

    Widget

s2Member secure files are always directly downloadable, how can I protect them by forcing php handling ?

It is recommended to add a deny from all directive in your httpd.conf for your s2member-files directory in order to avoid people directly access your protected files. Do not put the deny directive in the s2member-files/.htaccess because this file is always regenerated by s2member and your modifications are always overwritten.

Why s2member-files/.htaccess is not displayed ?

Even if you set shortcode option hidden to 1, .htaccess will never been displayed.

Are directories `access-s2member-level*` protected if they are not in the root directory ?

Yes ! And access-s2member-ccap* too !

The browser does not work, it displays `Invalid nonce` for registered users.

The authentication on your website is broken because of a plugin (AJAX requests not correctly handled).
This behaviour is correct and it is protecting your files !
It happens for example when your authentication is only performed in a HTTPS form and the navigation is done in HTTP.
If you use the WordPress HTTP plugin from http://mvied.com/projects/wordpress-https/ for example, you have to force HTTPS on each page which includes the s2member Secure File browser.

How to handle the `s2member-files/app_data` windows directory ?

In windows installations, put all files in s2member-files\app_data instead of s2member-files directory.

0.4.19

• Enhancement : Remove warning on PHP7 (part 1)(thanx to KTS915 : https://wordpress.org/support/topic/php-notice-73)
• Enhancement : Add user firstname, user lastname and nickname when exporting CSV and XML files

0.4.18

• New feature : you can inject %USERNAME%, %USEREMAIL% or %USERID% in the dir parameter of the shortcode

0.4.17

• Security fix : XSS vulnerability in the jquery.prettyPhoto.js library fix

0.4.16

• Bug fix : in some cases, downloading the CSV file could not work

0.4.15

• Enhancement : Support for non standard mysql port

0.4.14

• Enhancement : Add Serbo-Croatian language (by Borisa Djuraskovic at http://www.webhostinghub.com)

0.4.13

• Enhancement : PHP 5.5 warning removed

0.4.12

• Bug fix : dashboard navigator was broken in last version

0.4.11

• Enhancement : plugin now always loads assets at the beginning even if the shortcode is not used on a page. It handles by this way some themes which load page content next to the assets.

0.4.10

• Enhancement : plugin now checks by itself the wordpress upgrade include (problem with some customers)

0.4.9

• Bug fix : remove debug messages in the music player
• Bug fix : change database mysql engine to reduce overhead

0.4.8

• New feature : preview for pictures
• New feature : configuration paths in inc/define.php
• Bug fix : navigator in all statistics panel fix

0.4.7

• New feature : change files display name in admin
• Bug fix : downloaded files were no more tracked when link was directly displayed in a page/post

0.4.6

• Enhancement : plugin is now compatible for PHP installations between 5.2 and 5.3.6
• Enhancement : plugin is now compatible on Windows Servers
• New feature : export all stats as xml and csv files from the statistics menu
• New feature : remove all stats from the settings menu
• New feature : group shortcodes with single search
• Bug fix : language fix for french
• Bug fix : all meta data not displayed in search result

0.4.5

• Enhancement : force mp3 flash player (fallback to html5) because of a bug in Chrome when playing mp3 via html5 and downloading a file in the same time
• Enhancement : large directories/files supported (tested up to 100000 files in 10000 directories)
• Enhancement : display fixes for all browsers and especially Firefox
• New feature : sort files by birth date (date when then was available in your s2member-files directory)
• New feature : display birth date column
• New feature : display file comments in browser
• New feature : add comments in the dashboard
• Bug fix : top downloader in notification reports was empty

0.4.1

• New feature : sortby shortcode option
• New feature : modification date display shortcode option
• New feature : order files by modification date, addition date, size
• Enhancement : disable previews for non logged users
• Bug fix : IE fix for search button
• Bug fix : mp3 previews in flash fallback was not working in IE and FF.
• Bug fix : searchdisplay shortcode option was not included in the generator
• Bug fix : filterfile was not working anymore in 0.4
• Bug fix : report notification was blank in 0.4
• Bug fix : download zip link was displayed even if dirzip shortcode option was disabled

0.4

• New feature : cut filename shortcode option
• New feature : already downloaded file warnings shortcode option
• New feature : ability to download directories as zip files
• New feature : search files
• New feature : filesize display shortcode option
• New feature : mp3 preview shortcode option
• New feature : new widget for new and modified available files
• New feature : file caching with new dashboard menu to manually update
• Bug fix : french language fix

0.3.7

• Publishing fix

0.3.6

• Enhancement : Add admin statistics (total downloads, unique files and unique downloaders)
• Enhancement : Add FAQ “Invalid Nonce”
• Enhancement : Add vsa file extension

0.3.5

• New feature : New admin submenu with top rated downloads, higher downloaders, …
• New feature : New shortcode option to display the s2member alert box before a download
• New feature : New shortcode option to let people view directories but must be logged in to download
• New feature : Add rights in settings for file manager and stats access
• New feature : Widget for top downloads or latest downloads
• New feature : Notification daily reports
• Enhancement : HTML entities for email reports
• Enhancement : Add WP and PHP version checks
• Security fix : Protect plugin subdirectories

0.3.2

• Hotfix for recursive browsing

0.3.1

• Publishing fix

0.3

• New language : french
• New feature : display file size
• New feature : admin : Statistics – display all downloads, sort and apply filters by date, user, file, IP Address, …
• New feature : admin : Statistics – display current s2Member accounting, sort and apply filters by date, user, file and file
• New feature : admin : File Browser – Rename and delete files and folders
• New feature : admin : Shortcode generator
• New feature : admin : Shortcode documentation
• New feature : admin : Settings – Received an email each time a user downloads a file
• New feature : admin : Settings – How many logs you want to keep ?
• Bug fix : dirbase could not work as expected sometimes
• Enhancement : total plugin rewriting for best performance, practices and security

0.2.1

• Publishing fix

0.2

• Enhancement : file and directories icons are now clickable
• New feature : shortag option filterdir
• New feature : shortag option filterfile
• New feature : shortag option openrecursive
• Security fix : real path check perform to forbid browsing above s2member-files directory
• Bug fix : dirbase now works as expected

0.1

• First release