Secure file download with PHP

[Mudsaf]

Hello everybody, so im wondering how to make "Download" that is secured and users cannot go just with direct link like /downloads/file1.rar. I'd like that no SQL-storing would be there.

[jeffman]

Store the file in a directory that cannot be accessed by HTML. One way to create a directory like that is to have an .htaccess file in the directory that restricts access. Google that. Now you have to use PHP to download the file programmatically. There is an example of that here. You should Google the different header types so you know what each one does, and when you might have to use different values.

Edited January 1, 2013 by Deirdre's Dad

[birbal]

Also you can put the files in outside of web root which also means cant access publically.

[jlhaslip]

Also, change the file name after it is uploaded so the user can not guess at the name of the uploads folder and the filename contained inside.And either of the methods above should work for security, but having the uploads folder outside of the web-accessible path would be more secure. IMHO

Edited January 2, 2013 by jlhaslip

[Mudsaf]

Thankyou, .htaccess file fixed the problem and thanks for other hints too.