Allow a user to download a file after submitting their email address

Question

I want to allow users to download a file, but in order to do so they have to supply an email address. When they enter their address, a link/code is emailed to them, then they have to click that link, and the file downloads.

My question is- how can I restrict access to the file so that only people with a valid code can download it? I understand how to create a code, and then how to check the code that the user submits against a list of valid ones, but I don't quite know how to stop the file from being accessable via it's absolute address.

Answer 1

Two methods I can think of:

1. Use ".htaccess" (HTTP) authentication, keeping the file inside the password protected directory.
2. Hold the actual file outside of the DocumentRoot, using a PHP script to read in the file and output it to the client (but only if a valid code is supplied) (Don't forget to output a Content-Type header!).

Answer 2

Put it in a directory not accessible to public or use .htaccess to restrict access.

.htaccess file:

order deny,allow
deny  from all