protecting a file download with session

peass

Hello!
I have a huge database and so, but I will simplify the problem.

I have super users and normal users. Both can be distinguished by their sessions.

Super users CAN donwload a file.
Normal users CAN not.

If I put the file on a web directory, the normal user will be able to download the file. So the file is somewhere on the server that is not served in the web.

So how can I give the super user the file?
I could transfer the file to a temporary directory and so. But there are MANY files, and they are TOO big to be copied twice in the disk.

Is there some way to make the php autentication with the session then I send the file (but the file is not on a web directory).

Thanks a lot.

[deleted]

Create a script that verifies that the user is superuser.
Then use the passthru() option to send the file to the user.

Search the forum for info on what headers to send for each filetype.