How to go about protecting files from unauthorized downloads

Question

I am creating a membership site using PHP and a MySQL database, I have the means for users to log in using their username and password. All pretty standard stuff.

I

Answer 1

Here is an answer if you are having issues with .htaccess

Ok, so if you are serving this is public_html, go to it's parent directory create a directory name "videos". (if not in public_html, you may have to add some ../ to the path). The pathinfo takes care of the validation issue and will return only a file name if someone tries to sneak a path in there. If you name it download.php, this:

download.php?video=fun.mp4

will load a file called fun.mp4 from the video directory.