How do I protect a file on a webserver but give access to it with a script?

Vigilante

I have a products database and I'm currently defining filepath in the table and, after the user passes the security checks, I use

header("Location: . $filepath);

to send them the file. This sort of hides the url provided they aren't devious, curious or resourceful. I imagine there must be a .htaccess way to protect the directory the file is in but I wouldn't know how to use it, can anyone help?

Also, better suggestions on hiding the files url would be very welcome.

superwormy

How about only send them the file if they pass the security check...?

Vigilante

By the time I send them the file they've passed numerous security checks but users can't be trusted not to try to gett he url of the file and share it. Given that the file is just sitting on a directory anyone who knew its real url could bypass my scripts and download it. Even a simple http scanner would accomplish this, which is why I want to protect the directory from everyone but my scripts.

superwormy

Right right I understand... why do you have to put the files in a publically accessible location?

Why not put them in /home/myfiles/ or some other random directory that on one but you can get at, and use PHP to send them the file IF your script determines they deserve it?

http://www.php.net/manual/en/function.readfile.php
http://www.php.net/manual/en/function.fpassthru.php
http://www.php.net/manual/en/function.fopen.php

Vigilante

That looks like it will do the trick. Thanks