I have some web pages that are password protected, and the user has to log in before they view them. Is there anyway I can make it so that a user has to be logged in before they can download certain files from the site? i.e., user A logs in, goes to the download link, copies the URL. He sends it to a friend who doesn't have access to the site, that person pastes the URL and can download the file fine. Is there anyway to stop this? Using PHP preferably.
yep pretty easy , lots of download scripts will have this code ... just look into them. Basically you have to check session , and if valid , read the file set php headers and echo the file back.
i second that. You can also check the refer to see if its even from your site. It's not completely reliable, but an easier solution that a whole user session deal.