How to Restrict File Type Uploads by User Name in WordPress

Home » Snippets » How to Restrict File Type Uploads by User Name in WordPress
0

Created with:

Visibility: 

public

Creator: WPTurbo Team

Customize with WPTurbo AI
X

Add Snippet To Project

New Project
Add To Existing Project

Managing file uploads on your WordPress site can sometimes be a daunting task, especially if you want to implement certain restrictions. One common situation could be limiting the types of files that can be uploaded based on the user’s name. This can be particularly useful for content-driven or membership-focused websites. If you found yourself in this scenario and are scratching your head on how to go about it, you’re in the right place. This article will guide you step-by-step on how to restrict file type uploads by user name on your WordPress site.

					function wpturbo_restrict_file_uploads_by_username( $file ) {
    $current_user = wp_get_current_user();

    // List the usernames of users who can only upload certain file types
    $restricted_users = array( 'user1', 'user2', 'user3' );

    if ( in_array( $current_user->user_login, $restricted_users ) ) {
        // Specify the file types that the restricted users can upload
        $allowed_file_types = array( 'jpg', 'jpeg', 'png', 'gif' );

        $filetype = wp_check_filetype( $file['name'] );

        if ( ! in_array( $filetype['ext'], $allowed_file_types ) ) {
            $file['error'] = 'Sorry, you are not allowed to upload ' . $filetype['ext'] . ' files.';
        }
    }

    return $file;
}
add_filter( 'wp_handle_upload_prefilter', 'wpturbo_restrict_file_uploads_by_username' );
				

In the PHP snippet provided, we’re defining a new function titled wpturbo_restrict_file_uploads_by_username() which is put into place to limit the types of files certain users can upload to a WordPress site.

We begin by retrieving the current user object through the wp_get_current_user() function.

$current_user = wp_get_current_user();

Then, make a list of usernames that will have restricted upload permissions, you can add the names manually to the restricted_users array as needed.

$restricted_users = array( 'user1', 'user2', 'user3' );

The next step is to check if the current user is included in the restricted list by using an in_array() function. If user_login is in the restricted_users array, it is then specified which file types the restricted users can upload. In our example, restricted users are only allowed to upload .jpg, .jpeg, .png, and .gif files.

if ( in_array( $current_user->user_login, $restricted_users ) ) {
    $allowed_file_types = array( 'jpg', 'jpeg', 'png', 'gif' );

We then make use of the wp_check_filetype() function to verify the type of file being uploaded by checking the ‘name’ key on the ‘$file’ array.

 $filetype = wp_check_filetype( $file['name'] );

The final check happens when we cross-verify that the $filetype['ext'] exists in the $allowed_file_types array. If it doesn’t exist, we display an error message.

 if ( ! in_array( $filetype['ext'], $allowed_file_types ) ) {
            $file['error'] = 'Sorry, you are not allowed to upload ' . $filetype['ext'] . ' files.';
        }

Finally the $file variable is returned, regardless of whether it’s been modified (if the logged-in user is in the restricted list and they were trying to upload a disallowed file type) or not.

return $file;

The function is then hooked into the wp_handle_upload_prefilter filter, this will apply the restrictions imposed by the function before the upload is handled by WordPress.

add_filter( 'wp_handle_upload_prefilter', 'wpturbo_restrict_file_uploads_by_username' );

Register an account to save your snippets or go Pro to get more features.