I want to provide file downloads to users of my web application. Different user-levels or accounts will be allowed to access different directories/files.
I know I can use .htaccess, but I don't want them to log in to my app and THEN have to type in a username & password again to unlock a directory. Is there a way to have PHP pass .htaccess username & password? I don't think there is. I know you can use a URL to pass username/pw to .htaccess, but I hear that's not secure either.
I also know I could use MySQL to store the binary data (files) and write queries to allow permissions to view/download certain ones. But a php guru I respect highly says never to store files in your MySQL db - but to just use it to point to directories...which again leads me back to the problem. If I'm just supplying directories via MySQL, then anyone can read those if they just "guess" or if another customer gives them the directory name.
So what's the best way to protect directories & files using PHP (and maybe MySQL too?).
Start Free Trial
