hotlink protection + headers

hello, i currently have this piece of code opening a file outside a root directory so that a user can only download after a number of checks.

    deleted

but if i use

header('Location: file.avi');

instead, will the client be able to get the original source of the file somehow?

thanks

No.

That would redirect the user.

If you're page was example.com/download.php, the user would be redirected to example.com/file.avi

If it is not in that directory, it will return a 404 error.

i had a feeling it just passed url to browser.

oh wel, thanks anyway!

By the way, note that HTTP/1.1 requires an absolute URI as argument to the Location header.