內容簡介
Darkstar File Manager 是一款安全的文件管理外掛,為每位 WordPress 使用者建立專屬的私人文件入口,適合會計師、律師、顧問等需要與客戶安全交換文件的專業人士使用。
【主要功能】
• 檔案儲存於網站根目錄之外,安全性極高
• 使用者隔離機制,每位客戶僅能存取自己的文件
• 雙向檔案共享,管理員與客戶皆可上傳文件
• 可設定允許的檔案類型與上傳大小限制
• 透過簡碼 [dsfm_client_login] 即可建立客戶入口頁面
• 支援多國語系與 Polylang 整合,響應式設計適用各種裝置
外掛標籤
開發者團隊
原文外掛簡介
Darkstar File Manager is a secure, easy-to-use plugin that creates a private document portal for each WordPress user. Perfect for accountants, lawyers, consultants, or any business that needs to securely exchange documents with clients.
Key Features
Secure File Storage – Store files outside your web root for maximum security
User Isolation – Each client can only access their own documents
Two-Way File Sharing – Administrators can upload files for clients, and clients can upload files back
Separate File Sections – Client view shows “Documents from Professional” and “Your Uploaded Documents” separately
Simple Shortcode – [dsfm_client_login] displays login form and document manager
File Type Validation – Configurable allowed file types (PDF, DOC, DOCX, XLS, XLSX, images, etc.)
File Size Limits – Set maximum upload size (1-100 MB, default 50 MB)
MIME Type Checking – Prevents malicious file uploads
Bulk Operations – Delete multiple files at once from admin panel
Translation Ready – Full internationalization support with Polylang integration
Responsive Design – Works on desktop, tablet, and mobile devices
How It Works
Create a Client Portal Page – Add the shortcode [dsfm_client_login] to any page
Configure Settings – Set upload path (outside web root recommended), file types, and size limits
Upload Files for Clients – Go to Users → hover over user → click “View Documents” to upload
Clients Access Files – Clients log in and visit the portal page to view and upload documents
Security Features
All files served through authenticated download handler (not direct file access)
Path traversal protection with directory separator enforcement
User authentication required
Nonce verification on all forms and downloads
CSRF protection on admin file downloads
File type, MIME, and WordPress built-in type validation
ZIP bomb protection (uncompressed content limit)
Upload rate limiting (20 uploads per user per hour)
Files stored outside web root by default
Protective .htaccess and index.php written to upload directory on activation
Each user can only access their own files
Note on File Storage
This plugin stores uploaded files outside the web root for security. Because of this requirement, files are moved using PHP’s move_uploaded_file() directly after passing validation through WordPress’s wp_check_filetype_and_ext(), our own MIME type check, extension allowlist, and size limits. Files cannot be stored through wp_handle_upload() without placing them inside the publicly accessible uploads directory, which would reduce security.
Perfect For
Tax professionals sharing documents with clients
Lawyers exchanging contracts and legal documents
Consultants sharing reports
Any business requiring secure client file exchange
Additional Information
Support
For support, please visit Darkstar Media or contact us through our website.
Privacy Policy
This plugin stores uploaded files on your server and metadata (filenames, timestamps, uploader) in JSON files. No data is sent to external servers.
Credits
Developed by Darkstar Media