Hi there

I am using a php script for a log-in session. Once logged in, it is possible to access a file in a directory named /abc called index.php (i.e. www.domain.com/abc/index.php).

That's great and works just fine.

My problem is that within the directory /abc, there are PowerPoint files which can be downloaded or viewed using the browser (e.g. file.ppt). If just the location of the PowerPoint is entered into the browser address bar, then the user has access to the file, bypassing the php log-in!

E.g. www.domain.com/abc/file.ppt

How can I protect the PowerPoint files, so that somebody cannot simply type in the URL of the PowerPoint file?

I have been looking at htaccess and its deny function but cannot seem to get it working for this. I have also looked at Hotlink prevention but this fails to work for a URL entered directlyt into the address bar.

Any help would be gratefully received and appreciated.