Try using .htaccess to override the default php/apache settings for that directory. You would use the per-directory directives. There are notes on how to do this HERE

HTH

Jonathen

Thanks! I found out in httpd.conf I needed
AllowOverride FileInfo
in the section that defined my web directory.
Then, I created the file .htaccess in the directory where I didn't want php to execute and added into it

(this might look different for you)
RemoveType application/x-httpd-php .php

Now the users can upload and download php files in that directory and not have php execute it.

another method would be to place the file directories above the webroot. Because if it's not a directory your webserver knows, it won't let any php be executed.

I thought about that, but how would anybody be able to download the files if they were above the root?

Well, you could do a chdir into the data- directory, and then users would be able to get stuff from there.

if you have something like

/srv/www/scripts for your scripts
and
/srv/www-users/ for the data

you just do a chdir into the www-users and read out the contents of the directory. This allows users to get stuff from a directory that is unknown to the webserver. We have an ftp- replacement written in php at our company that works exactly like that.