Deny Direct Download of File Using PHP

How to block direct download file

Into folder members create new folder files, move here all your songs, create new .htaccess file and add the following lines:

Order Deny,Allow
Deny from all

Into folder members create file get_file.php and add the following code:

if( !empty( $_GET['name'] ) )
{
  // check if user is logged    
  if( is_logged() )
  {
    $file_name = preg_replace( '#[^-\w]#', '', $_GET['name'] );
  $question_file = "{$_SERVER['DOCUMENT_ROOT']}/files/questions/{$file_name}.zip";
  if( file_exists( $question_file ) )
  {
    header( 'Cache-Control: public' );
    header( 'Content-Description: File Transfer' );
    header( "Content-Disposition: attachment; filename={$question_file}" );
    header( 'Content-Type: application/zip' );
    header( 'Content-Transfer-Encoding: binary' );
    readfile( $question_file );
    exit;
   }
  }
}
die( "ERROR: invalid song or you don't have permissions to download it." );

URL to get the file: localhost/get_file.php?name=file_name

DENY direct download of file using php

In the htaccess file in your document root, you can include these rules:

RewriteEngine On
# you can add whatever extensions you want routed to your php script
RewriteCond %{REQUEST_URI} \.(doc|zip|pdf)$ [NC]
RewriteRule ^(.*)$ /download-file.php?filename=$1 [L]

Then in your download-file.php, you can display whatever you need to display and the download link, which your php script can just immediately serve the file using php's readfile() (see link for examples)

Deny direct file download from webserver by URL

You will need to go down the route of making PHP serve the file for you. This will ensure that you can validate user credentials before serving the file.

See examples on php.net here. This will explain how to serve files from PHP using header(). This answer also outlines some of the key concepts.

Once you've done this, you can deny direct access to these files using htaccess rules. This will ensure users can only access the files via the php endpoints, and those endpoints can perform validation of the user's credentials.

How can I block direct URL access to all file in a folder, but still allow it to be downloaded by users?

Instead of denying access by .htaccess file you could save your file at a folder outside public side of your server, that is, outside www directory.

How to allow downloading files with PHP, but deny direct access to directory listings

The dead easiest way to do this, without even messing with .htaccess (though that is a good idea) is to simply put an index.html file in the folder and set its permissions to 700.

If you want to just turn off directory listings you can create an htaccess file with this:

<Directory /path/to/directory>
   Options -Indexes
</Directory>

If you want to deny access to sub-directories, you can use this:

<Files subdirectory/*>
    deny from all
</Files>

If you want to allow access to just the .wav files, you can do this:

<Files *.wav>
    allow from all
</Files>

deny direct access to a folder and file by htaccess

I would just move the includes folder out of the web-root, but if you want to block direct access to the whole includes folder, you can put a .htaccess file in that folder that contains just:

deny from all

That way you cannot open any file from that folder, but you can include them in php without any problems.

php - How to force download of a file?

You could try something like this:

<?php

// Locate.
$file_name = 'file.avi';
$file_url = 'http://www.myremoteserver.com/' . $file_name;

// Configure.
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary"); 
header("Content-disposition: attachment; filename=\"".$file_name."\"");

// Actual download.
readfile($file_url);

// Finally, just to be sure that remaining script does not output anything.
exit;

I just tested it and it works for me.

Please note that for readfile to be able to read a remote url, you need to have your fopen_wrappers enabled.