Ok, I am using codeigniter and I have a secure login section. Inside the login users are able to download files.
What I need to do is stop people been able to access the file directly. I figure there will be a way using .htaccess to check for a authenticated variable that I could set in the POST array or something similar.
Any pointers would be good, was a bit of a hard topic to google because I'm not really sure what the best way to do it is.
A good Google would be: php secure file download
Some helpful results I found for you:
To keep the files inside your webroot and password protect the directory they are inside of, and then use PHP to push the file(s) to the browser for download: http://www.nopersonal.info/aboutkateers/php_stuff/php_force_download.php
Or, if you have access to a directory above your web root: http://forums.tizag.com/showthread.php?t=893
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki