I’m using the Media Library on the front end of my website and I’d like to stop users from being able to spam my server by uploading an unlimited number of files.
As such, I’d like to do one or maybe all of the below:
- Give users a maximum upload capacity; i.e. users can upload up to 10 megabytes of files.
- Limit the number of files a user can upload on a per-post basis
- Limit the number of files a user can upload when they click the “Insert” button, i.e. the Flash uploader and Classic uploader will only let you upload, for instance, 2 files at a time.
None of these are bullet-proof but they’d hopefully make such “spamming” a difficulty.
Thanks in advance,
Assuming that you’re providing upload functionality via WordPress’ native functions, lik wp_handle_upload or something more high-level, we come to the conclusion that several hooks are going to be pulled.
http://core.trac.wordpress.org/browser/tags/3.3/wp-admin/includes/file.php#L212
The wp_handle_upload function would probably be the last native function to touch the file, and would know all the information that is necessary to keep track of.
Two hooks inside this function are of interest: wp_handle_upload and wp_handle_upload_prefilter. The latter comes first, this could check against the current limits and prevent the file from being uploaded. The former would track filesizes and count. Storing the information would be handled by none other than update_user_meta.
add_filter( 'wp_handle_upload', 'wpse47580_update_upload_stats' );
function wpse47580_update_upload_stats( $args ) {
$file = $args['file'];
$size = filesize( $file ); // bytes
$user_id = get_current_user_id();
$upload_count = get_user_meta( $user_id, 'upload_count', $single = true );
$upload_bytes = get_user_meta( $user_id, 'upload_bytes', $single = true );
update_user_meta( $user_id, 'upload_count', $upload_count + 1 );
update_user_meta( $user_id, 'upload_bytes', $upload_bytes + $size );
}
add_filter( 'wp_handle_upload_prefilter', 'wpse47580_check_upload_limits' );
function wpse47580_check_upload_limits( $file ) {
$user_id = get_current_user_id();
$upload_count = get_user_meta( $user_id, 'upload_count', $single = true );
$upload_bytes = get_user_meta( $user_id, 'upload_bytes', $single = true );
$filesize = /* get filesize from $file array */;
$upload_bytes_limit_reached = apply_filters( 'wpse47580_upload_bytes_limit_reached', 1024*1024*10 ) > ( $filesize + $upload_bytes );
$upload_count_limit_reached = apply_filters( 'wpse47580_upload_count_limit_reached', 100 ) > ( $upload_count + 1 );
if ( $upload_count_limit_reached || $upload_bytes_limit_reached )
$file['error'] = 'Upload limit has been reached for this account!';
return $file;
}
Theoretically, this works; practically – untested. Let us know how it goes.
Per post upload limits would be kept in the post meta, probably like {$user_id}_upload_count etc. Don’t see why that wouldn’t work.
If you’re using custom code to handle uploads (which I doublt), then you can implement your own actions and filters just like wp_handle_uploads does.
