I've got a group of files inside a secure directory (presently guaranteed by .htaccess, only 'the site' can access these files).

The files should simply be open to people from the site when they're drenched in. Used to do have links within the members' area which visited a safe and secure download script - however, while using readfile() function triggered issues with the files across Browser/OS ie. losing line being, corrupt Ebooks.

So, I figured an easy method may be to simply allow those who have clicked on the hyperlink (inside the site) to gain access to the files - hence they need to be drenched in like a member. Going ditectly towards the resource with it's URL would toward a 403 forbidden page.

My .htaccess abilities aren't the very best, however i thought the idea could be much like preventing hotlinking of images?

Any help - and knowing whether you could do - could be greatly appreciated.



What type of login/authentication are you currently using? If you are while using regular HTTP auth stuff, you can easily place individuals directives in to the .htaccess together with

Require valid-user

which may allow access simply to individuals who've succesfully drenched in. Whether it's session based, you will need to repair the intermediary PHP script, as Apache knows nothing of PHP periods. For the most part it may look for the presence/content of the cookie, however you would be having faith in the clien not to wreck havoc on the cookie's conents.