I have a website where users should be able to log in and listen to a song (a self-created mp3). I want to make it so the logged in user can listen/download/whatever, and t
The only thing you can do for this via .htaccess is require a referer that comes from your site, and it is NOT secure. it is beyond trivial to forge a referer and anyone could suck your site dry.
The ONLY way you'll be able to have only logged-in users download the file is by placing the file OUTSIDE of your webroot and having a PHP script mediate access. In short:
if (is_logged_in()) {
readfile($name_of_file);
} else {
die("Access denied");
}
Are you using a scripting language such as PHP to handle your website? if so then the best way is to create a script that handles "delivery" of the content. Save the content in a protected directory, ie above your http or www folder. Then when the user is logged in, the link to your content would look like this:
http://yoursite.com/listen.php?song_id=xxx
the script will locate the required song by the id and then present the data to the user
Into folder members create new folder files, move here all your songs, create new .htaccess file and add the following lines:
Order Deny,Allow
Deny from all
Into folder members create file get_song.php and add the following code:
if( !empty( $_GET['name'] ) )
{
// check if user is logged
if( is_logged() )
{
$song_name = preg_replace( '#[^-\w]#', '', $_GET['name'] );
$song_file = "{$_SERVER['DOCUMENT_ROOT']}/members/files/{$song_name}.mp3";
if( file_exists( $song_file ) )
{
header( 'Cache-Control: public' );
header( 'Content-Description: File Transfer' );
header( "Content-Disposition: attachment; filename={$song_file}" );
header( 'Content-Type: application/mp3' );
header( 'Content-Transfer-Encoding: binary' );
readfile( $song_file );
exit;
}
}
}
die( "ERROR: invalid song or you don't have permissions to download it." );
And now, you can use this URL to get the song file:
http://mysite.com/members/get_song.php?name=my-song-name