I have a PHP form to upload files to a directory and change the filenames to the numeric unique ID from the database. The problem is that anyone can change the URL to a different number to see files that don't belong to them. Is there a way to write an .htaccess to decrypt an encrypted URL to pull the file?
How do you determine what file belongs to what user? How do you identify that the URL is coming from any particular user? This sounds more like a PHP problem then Apache but it sounds like you need some level of authentication to access specific files. You need to authenticate each user. Assuming you are using MySQL, for example, you would use mod_auth_mysql and put the associated directives in the .htaccess for the directory containing the files for each respective user. If all the files are in the same directory for all users then you would serve out the files with php. This is probably more involved then you expected to get the proper level of security and would probably be more appropriate on a php forum.