Kistenstein Club Document Portal
| 开发者 | kistenstein |
|---|---|
| 更新时间 | 2026年6月23日 23:47 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
- Nextcloud-style file explorer — folder navigation with breadcrumb trail
- Upload — button and drag-and-drop from desktop
- PDF preview — inline browser preview via modal iframe, no download required
- Drag-and-drop move — drag files or folders onto other folders or breadcrumb items to move them
- Folder management — create, rename and delete folders
- File management — rename and delete (soft-delete) files
- Soft-delete trash — deleted items are kept for a configurable retention period (default 180 days)
- Admin trash view — restore or permanently delete items; configurable retention directly in the trash panel
- Two protection modes per area — choose for every area whether it is restricted to a WordPress role/group, or unlocked with a single shared password
- Upload permissions by role — define which WordPress role may upload, rename and delete files
- Secure file delivery — all files are streamed through WordPress, and the upload folder is blocked from direct HTTP access, so protected files cannot be downloaded by guessing their URL
- Page password manager — editors can view and update the shared password of a password-protected page directly inside the portal (optional)
- Fully translatable — every string uses the
kistenstein-club-document-portaltext domain; the interface follows each user’s WordPress language
- Only a specific role / group — only logged-in users who hold the chosen WordPress role can open the area. Each member needs their own WordPress account. Best when you want individual accounts (e.g. a board with named members).
- Shared password — the area’s page is protected with WordPress’ built-in page password. Everyone uses the same password — no individual accounts needed. Best for a members’ area where you simply hand out one password.
[kcdp_explorer folder="documents"]
Renders a file explorer for the named sub-folder. The area’s protection mode is configured in the setup wizard.
[kcdp_explorer folder="members" manage_password="1"]
Adds a shared-password manager panel for editors (requires the Password-Protected Page ID to be set under File Portal → Advanced).
[kcdp_trash]
Trash view with restore and permanent-delete actions. Visible to administrators only.
[kcdp_audit]
Audit log of all file actions (upload, download, delete, restore …). Visible to administrators only.
Configuration
- After activation you are taken to File Portal → Set Up.
- Tick the areas your association needs, name each page, and choose how each area is protected (role/group or shared password).
- Pick which role may upload and manage files.
- Save — the pages are created automatically. Add
[kcdp_trash]to a restricted admin page to manage deleted files.
.htaccess file written into the upload folder. This is honoured by Apache and LiteSpeed. If you run nginx, add an equivalent rule that denies direct access to the portal’s upload folder (e.g. location ^~ /wp-content/uploads/file-portal/ { deny all; }), so that protected files are only reachable through the plugin.
Privacy
When a file is deleted, the following metadata is stored in a trash index file on the server: the original file path, the WordPress user ID and display name of the user who deleted it, and the timestamps for deletion and scheduled expiry. The audit log additionally records, per action, the acting user, a timestamp and the request IP address. This data is stored only on your server and is never transmitted off-site.
安装:
- In your dashboard go to Plugins → Add New, search for "Kistenstein Club Document Portal", and click Install Now (or upload the ZIP under Plugins → Add New → Upload Plugin).
- Activate the plugin — you are taken straight to the File Portal → Set Up wizard.
- Choose your areas and how each is protected, then save. The pages are created for you.
- Or add the Document Portal block /
[kcdp_explorer folder="documents"]shortcode to any page yourself.
屏幕截图:
常见问题:
Where are the files stored?
All files are stored in your WordPress uploads directory, inside the sub-folder you configure (default: wp-content/uploads/file-portal/). The trash folder (.trash/) is protected with an .htaccess file to prevent direct HTTP access.
What happens to deleted files?
Deleted files are moved to a hidden trash folder rather than immediately destroyed. An administrator can restore them or delete them permanently from the [kcdp_trash] view. Items older than the configured retention period (default 180 days) are automatically purged on the next trash-list request.
Can I have multiple explorers on the same page?
Yes. Each [kcdp_explorer folder="..."] instance is independent. Use a different folder value for each one.
Which file types are allowed for upload?
By default: PDF, DOC, DOCX, XLS, XLSX, PPT, PPTX, TXT, JPG, JPEG, PNG, ZIP. You can customise the list in Settings → File Portal.
How is this different from a normal media library?
The WordPress media library is built for editors working inside wp-admin. This plugin gives your members a front-end file explorer on a normal page — with their own folders, drag-and-drop upload, search and access control — without giving them access to the dashboard.
Can members access files without a WordPress account?
Yes. Use the shared password mode: the area is protected by a single page password that you hand out to your members — no individual accounts required. For named, per-person access use the role/group mode instead.
Is it safe? Can people download protected files directly?
No. Every file is streamed through WordPress after the access check, and the upload folder is blocked from direct HTTP access via .htaccess. Protected files cannot be reached by guessing their URL. (On nginx, add the deny rule shown above.)
Can I use it with the block editor?
Yes. Add the Document Portal block to any page and choose the folder in the block sidebar. The [kcdp_explorer] shortcode remains fully supported.
What is the maximum upload size?
Uploads use WordPress' standard handling, so the limit is whatever your server's upload_max_filesize / post_max_size allow. Ask your host to raise these if you need larger files.
Can I translate the plugin?
Yes. The text domain is kistenstein-club-document-portal and the interface follows each user’s WordPress language. German (de_DE and de_CH) is bundled; create additional .po/.mo files in the languages/ folder, or use Loco Translate.
更新日志:
- New: Document Portal block for the block editor — insert the explorer without a shortcode and pick the folder in the sidebar
- New:
uninstall.php— optionally remove all plugin data (options and audit table) when you delete the plugin; off by default so nothing is lost by accident - Docs: rewritten readme — corrected the access-mode description (role/group or shared password), fixed the menu paths, expanded the FAQ
- Housekeeping: minor polish and refreshed plugin assets
- New: choose a protection mode per area in the setup wizard — public, restricted to a WordPress role/group, or unlocked with a shared password
- New: the setup wizard now lets you set the shared password for an area directly, and explains each protection mode
- Security: the upload folder is now blocked from direct HTTP access; all files are streamed through WordPress so protected files can no longer be downloaded by guessing their URL (automatic migration on update)
- Security: role-protected areas now check the role for viewing, not only for editing
- Security: fixed possible stored XSS in the trash view (deleted-by name, file name, path are now escaped)
- i18n: the whole interface, including file-metadata labels, is now translatable and follows each user’s WordPress language
- Improved error messages throughout the front-end (no more generic “?”)
- Add
[kcdp_audit]audit-log shortcode documentation
- Add file metadata panel (Details): EXIF for images, Author/Title for PDFs and Word documents (OLE2 + OOXML)
- Add image preview thumbnail in the details panel
- Fix: JS deployment path corrected, resolves 404 on sfp-frontend.js
- Add bulk ZIP download for selected files
- Add download count badge per file
- Add audit log with action filter and pagination
- Add drag-and-drop move between folders
- Add configurable trash retention directly in the trash panel
- Add soft-delete trash with restore and permanent-delete
- Add inline PDF preview modal
- Add private-folder support (login required)
- Add page-password manager for editors
- Initial release
- File explorer with folder navigation, upload (button + drag-and-drop), PDF preview
- Folder create / rename / delete
- File rename / delete
- Settings page (Settings → File Portal)
- Role-based access control (configurable editor role)
- Fully translatable (text domain: kistenstein-club-document-portal)