views:

34

answers:

2

I want to allow users to download a file, but in order to do so they have to supply an email address. When they enter their address, a link/code is emailed to them, then they have to click that link, and the file downloads.

My question is- how can I restrict access to the file so that only people with a valid code can download it? I understand how to create a code, and then how to check the code that the user submits against a list of valid ones, but I don't quite know how to stop the file from being accessable via it's absolute address.

+2  A: 

Two methods I can think of:

  1. Use ".htaccess" (HTTP) authentication, keeping the file inside the password protected directory.
  2. Hold the actual file outside of the DocumentRoot, using a PHP script to read in the file and output it to the client (but only if a valid code is supplied) (Don't forget to output a Content-Type header!).
AllenJB
Using method #2, works great, thanks!
Dt7
A: 

Put it in a directory not accessible to public or use .htaccess to restrict access.

.htaccess file:

order deny,allow
deny  from all
nubbel