I'm working on a site that allows users to purchase digital content and have implemented a method that attempts to serve secure downloads.
I'm using CodeIgniter to force downloads like this:
$file = file_get_contents($path);
force_download("my_file_name.zip", $file);
Of course, I make sure the user has access to the file using a database before serving the download, but I was wondering if there was a way to make these files more secure.
I'm using a some 8-10 letter keys to create the file paths so urls to the files aren't exactly easy to figure out... something like http://mysite.com/as67Hgr/asdo0980/uth89.zip
in lieu of http://mysite.com/downloads/my_file.zip
.
Also, I'm using .htaccess to deny directory browsing like so: Options All -Indexes
.
Other than that... I have no idea what steps to take. I've seen articles suggesting username and password methods using .htaccess, but I don't understand how to bypass the password prompt that would occur using that method.
I was hoping there might be a method where I could send a username and password combination using headers and cUrl
(or something similar), but I wouldn't know where to start.
Any help would be hugely appreciated. Thanks in advance!