Help securing files access with htaccess and php?

Question

I\'m working on a site that allows users to purchase digital content and have implemented a method that attempts to serve secure downloads.

I\'m using CodeIgniter to

Answer 1

Make it so the web server does not serve the files under any circumstances, otherwise all the checking is pretty moot. The best way to do that is to put them somewhere outside the webroot. I.e.:

/
  webroot/         <- root web directory, maybe named www or similar
    index.php      <- your app, served normally
    …other serve-able files…
  files/           <- not part of the serve-able webroot dir
    secret_file    <- web server has no access here

Then, if the only way to access them is through your script, it's as secure as you make your script.