We have a web site with a "portal" that allows authorized clients to access proprietary documents stored as files on the web server.
We presently have a script (provided by an EE expert) that allows us to download the files in php.
All of this works good.
We want to PREVENT web visitors from accessing the files in their "home" directory on our server by just typing www.misite.com/foldername/filename
The server is Apache.
How can we use directory / file protections and/or .htaccess to prevent this but still let php scripts access the follder & the files therein?