How can I allow a user to download a file which is stored outside of the webroot?

Question

I am developing a system which allows registered users (who could be anybody) to upload files. I\'ve block mime-types etc. to attempt to restrict the files to .doc, .docx a

Answer 1

You can put your files directory in root and apply mod rewrite rules to secure and show a virtual path to the users instead of real path.