Thank you for your kind words!
I haven’t looked at s2Member in detail, but presumably it is preventing the user’s browser from downloading the PDF exactly because of the ‘members-only’ protection it places on the file.
s2Member would need to allow logged-in (and authorized) users to access the file via ‘AJAX’ rather than just directly by URL.
I presume that the URL you try to use in the shortcode gives you the file without problems if you enter it straight into the browser bar.
A workaround could be to upload the PDF files to the regular WordPress media area but with an obscure filename. If the embed shortcode only appears on protected pages of your site, and your media area is not searchable, then it shouldn’t be possible for outside users to guess the URL to the file… That may not provide all the protection you want, but it could be a good start!
Dan
Thread Starter
KTS915
(@kts915)
Dan,
Thanks for this.
The workaround sounds good in some circumstances but, for some of the sites I would like to use it on, all that would happen is that one member would share the file name with non-members, and they’d all have open access. So this would probably be OK in some circumstances but not others.
Might there be a way for PDF Embedder to give itself a WordPress role? Then maybe I could add the relevant capability to that role to make accessing the file from an s2Member protected folder work?
When PDF Embedder fetches the PDF from your server, it should be logged on as your underlying user – so should effectively have the same role as that user. So in theory, s2Member should be able to serve the file only to those users who are authorized to see it.
I haven’t studied this in too much detail, but from s2Member’s website it looks like there are ways to deal with ‘non-download’ files that you want to see inline, such as images and PDFs. It could certainly be worth looking at their docs or talking to them about this.
In any case, of course if you trust your users to view the file then you have to be able to trust them not to share it against your wishes… Even if the direct link might not work for other users, the authorized users can easily save the PDF to disk and just share it without your site!
You might actually like the Secure version of PDF Embedder which makes it difficult to obtain the download link at all, even if you are an authorized user. (Of course this still has limitations – if you’re sharing the information with a user at all, they can always just write it all down by hand and make their own version of the PDF if they really want!)
See http://wp-pdf.com/secure/
Please also note that I am better able to respond to emails than comments here: [email protected]
Thanks,
Dan
Thread Starter
KTS915
(@kts915)
Thanks, Dan. Issue resolved!
The explanation you provided in your first paragraph made me realize what my problem was: I hadn’t set the right permissions on the server for the PDF file. It was allowing root access only.
Now that I have it set correctly, everything is working beautifully, and PDF Embedder even recognizes the special s2Member hyperlink structure!
Thanks again!
That’s great news! Thank you for letting us know so others may use these two plugins together too.
Dan
