How to go about protecting files from unauthorized downloads

Question

I am creating a membership site using PHP and a MySQL database, I have the means for users to log in using their username and password. All pretty standard stuff.

I

Answer 1

Here is an answer if you are having issues with .htaccess

Ok, so if you are serving this is public_html, go to it's parent directory create a directory name "videos". (if not in public_html, you may have to add some ../ to the path). The pathinfo takes care of the validation issue and will return only a file name if someone tries to sneak a path in there. If you name it download.php, this:

download.php?video=fun.mp4

will load a file called fun.mp4 from the video directory.

<?php
// do your user authentication
$video_directory = "../videos/";
$file = pathinfo($_GET["video"], PATHINFO_BASENAME);
if( $user_is_logged_in )
{
    if( file_exists( $file ) readfile( $video_directory . $file );
}

?>

Answer 2

USe simple .htaccess/htpasswd authentication, digest or basic:

http://www.askapache.com/online-tools/htpasswd-generator/

Answer 3

You can protect your video folder with an .htaccess file and 'route' all the requests through a php script:

RewriteEngine on
RewriteRule (.*) index.php?file_id=$1 [L]

And do the authentication in the index.php

session_start();
// get filename from database or somewhere else
$filename = getFilename($_GET["file_id"]);

if ($_SESSION["is_logged_in"]) {
    readfile($filename);
}