How can I block direct URL access to all file in a folder, but still allow it to be downloaded by users?

Question

i have a folder with name uploads and have files i want to block direct download i readed an used this link PHP: How can I block direct URL access to a file, but still allow it to be downloaded by logged in users? in stackoverflow but it just not work and just download a Broken file

this is my code .htaccess file

 Order Deny,Allow
    Deny from all

php file

  <?php



if( !empty( $_REQUEST['name'] )&& !empty( $_REQUEST['user'] ) && !empty( $_REQUEST['pass'] ) )
{
 include 'include/DbHandler.php';
$db = new DbHandler();
   $user= $_REQUEST['user'];
  $pass= $_REQUEST['pass'];
  $file_name= $_REQUEST['name'];
 // file name like this : hps.jpg
      $nest = $db->checkuserpass($user,$pass,$file_name);
 if ($nest!=2) 
  {
  /// user have premision for download 

    function getExtension($file){
        preg_match('/\.[^\.]+$/i', $file, $ext);
        return $ext[0];
    }

    //File type 
    $file_type = getExtension($file_name);



    header('Content-Description: File Transfer');
    //header('Content-Type: application/octet-stream'); 
    header('Content-Type: '.$file_type);
    header('Content-Disposition: attachment; filename='.$file_name);
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: '.filesize("$file_name"));
    ob_clean();
    flush();
    readfile("$file_name");
    exit;


  }
}
 ?>

Answer 1

Instead of denying access by .htaccess file you could save your file at a folder outside public side of your server, that is, outside www directory.