i would use a single point of entry to solve this problem 1. keep the files outside your doc root 2. in the php file files.php check for an authorized user, if so allow the user to download the file the path http://site.com/files/we23h4hk234hjksdjrjkl23jfasdf will actually be http://site.com/files.php?file=we23h4hk234hjksdjrjkl23jfasdf if you hav access to httpd.conf (i am not sure if .htaccss works) u can set the non php extensions to be executed by the php interpreter and check for authorization (the way rapidshare works) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
