PHP - Protecting digital Downloads

Question

I\'m trying figure out how I can protect digital downloads in PHP. Just need some general directions so I can start my research. I don\'t seem to be able to find anything us

Answer 1

The best way is to delegate the download managment after your check to the mod for apache

x_sendfile

https://tn123.org/mod_xsendfile/

Usage:

isLoggedIn())
{
    header("X-Sendfile: $path_to_somefile");
    header("Content-Type: application/octet-stream");
    header("Content-Disposition: attachment; filename=\"$somefile\"");
    exit;
}
?>
Permission denied
Login first!

Basically when you send the header X-Sendfile the mod intercepts the file and manages the download for you (the file can be located whenever you want outside the virtualhost).

Otherwise you can just implement a simple file download.php that gets the id of the file and prints the contents with readfile after the login check