How to make htaccess redirected download urls be only accessible by logged-in members on Wordpress?

Question

In general, the question is: How to mask external download links as internal links and to be only accessible by logged-in wp users at htaccess level or with PHP script? We have Perl based script at our external URL and its generating different download URLs. If you help how can we apply it on an external site we can do so.

We successfully redirect www.ourwebsite.com/resources to external download link by simple htaccess code:

Redirect 301 /resources https://external.com/direct-download-link1

However, if the URLs (www.ourwebsite.com/resources/download-1.html etc.) are scraped by WordPress members and share & paste into their browser address bars when they don't log in then the download links are still accessible. We want to prevent it. So how to disallow non-members from accessing download links directly?

Answer 1

If you can change where the redirect goes have it go to a PHP page where you may load WordPress and check the role of the user to make sure they are logged in.

require('../wp-load.php');  // modify to reflect where your PHP file is in relation to Wordpress
$roles = wp_get_current_user()->roles;  // get current users role

if (!in_array('alloweduserrole',$roles)) {  // modify to match your roles that are allowed to download

    header('Location: http://www.ourwebsite.com/');
    exit;

}  // end of if user does not have the proper role