Redirect users back to protected files after WordPress login

Prevent Direct Access plugin provides an easy way to protect WordPress media files against Google and unwanted users. When users access your protected file without proper File Access Permission (FAP), they will be redirected to “No Access Page” which is 404 error page by default.

In certain cases, you want to redirect your users to WordPress login page instead. And once they’re logged in with the correct FAP, they should be redirected back to that protected file automatically.

In this article, we’re going to show you how to achieve that.

Handle pda_gold_redirect_to_login_page hook

Since version 3.0.25, the Prevent Direct Access team has released a new hook pda_gold_redirect_to_login_page that helps other developers and website owners to redirect anonymous users to WordPress login page after the File Access Permission (FAP) process completed.

<?php
add_filter( 'pda_gold_redirect_to_login_page', 'handle_redirect_to_login_page', 10, 1 );
?>

After the filter registration, we need to implement handle_redirect_to_login_page by the following snippet.

/**
 * Handle the hook pda_gold_redirect_to_login_page. Set pda_gold_id cookie to current attachment ID.
 *
 * @param int $attachment_id Attachment's ID.
 *
 * @return bool
 */
function handle_redirect_to_login_page( $attachment_id ) {
	if ( ! is_user_logged_in() ) {
		setcookie( 'pda_gold_att_id', $attachment_id, time() + 86400, '/', wp_parse_url( site_url() )['host'] );
		return wp_login_url(); // You can return your custom login page here.
	}
	return false;
}

By default, pda_gold_redirect_to_login_page filter will pass us the current attachment’s ID that the user is trying to access. If the user has not logged in yet, we will set the pda_gold_att_id cookie to attachment’s ID and return the login page URL. Please note that you can use the default WordPress login page or a custom one.

Next, we will need a little bit of effort to work around with a WordPress filter.

Handle login_redirect filter

We will register the login_redirect filter to use all 3 parameters like this:

<?php 
add_filter( 'login_redirect', 'pda_login_redirect_handler', 10, 1 ); 
?>

pda_login_redirect_handler is function WordPress will call during the authentication process. You can change the function name but it should be a unique one.

<?php
/**
 * Handle logic_redirect hook
 *
 * @param string $redirect_to Redirect URL.
 *
 * @return mixed
 */
function pda_login_redirect_handler( $redirect_to ) {
	if ( empty( $_COOKIE['pda_gold_att_id'] ) ) {
		return $redirect_to;
	}
	$post_id = sanitize_text_field( wp_unslash( $_COOKIE[‘pda_gold_att_id’] ) );
	unset( $_COOKIE['pda_gold_att_id'] );
	setcookie( 'pda_gold_att_id', '', time() - 3600, '/' );
	return wp_get_attachment_url( $post_id );
}

?>

The logic behinds pda_login_redirect_handler function is pretty simple. We will get back the pda_gold_att_id cookie’s value, unset it, and return the attachment URL.

Below are the full source codes for your reference:

That’s all. Now you can redirect unlogged-in users to your WordPress login page. After logging in, if they have the right FAP, they should be able to access your protected files.