Securing directories?

[Epsilon]

Go easy on me if this is a stupid question, but is there a way in which PHP can be used to secure directories, similar to what .htaccess is able to do?

What I'd like to do is to have a hidden directory containing various PDF and MS Word files and I'll build a PHP script that allows authorized people to retrieve those files. I'm okay on that part.

But if somebody knew the directory name and one of the file names, they would be able to bypass my PHP script and access the file directly. I need to prevent this, but if at all possible I'd like to avoid using .htaccess and secure the directory using only PHP. Is this possible?

[redhead]

You could have placed the files in a directory outside the reachable parts for the web.
Then use the suggested download function to retrieve the file, in that way nobody will be able to fetch it, only knowing the filename, since the folder is outside the "webscope"

[Epsilon]

Thanks. That's actually a pretty good idea, but will require a little server mod. I'm running Red Hat 9 with the Plesk Server Management software, which basically roots all scripts into the public web directory. If you use a script to try to access files outside the web root you get an error like "open_base_dir restriction".

I know this can be over-ridden in httpd.conf, but I'd have to look into the implications of doing so. I appreciate the suggestion.

[sde]

well how worried about it are you really? why don't you make a directory in your web root and name it something like: tt9933sdfasdf333ddfa

then use that download function. it will hide where it is coming from. you could also put some verification for HTTP_REFERER stuff so people don't link directly to your download file.