I have a set of files in a secure directory (currently secured by .htaccess, only 'the site' can access these files).
The files should only be available to members of the site; when they are logged in. I did have links in the members' area which went to a secure download script - however, using the readfile() function caused problems with the files across Browser/OS ie. losing line endings, corrupt PDFs.
So, I thought a better way might be to only allow people who have clicked the link (within the site) to access the files - hence they have to be logged in as a member. Going ditectly to the resource with it's URL would forward to a 403 forbidden page.
My .htaccess skills aren't the best, but I thought the concept would be similar to stopping hotlinking of images?
Any help - and knowing whether this is possible - would be greatly appreciated.
Best Regards,
Rich
