I know how to password protect a webpage using a user login and password stored in a mysql database, but how do I protect a file (or entire directory) so that only an authorised user (stored in the database) can download (or view) it? If someone types in the direct URL to the file, they must be prompted for a username and password if they aren't already logged on.
