downloading a file from a web directory

i have a form which allows the user to upload some files to a folder.

i've edit the .htaccess file in that directory to protect this folder from allowing the unwanted visitors to download the contents manually by typing the full url ex: http://www.bkabkabka.com/a/b/c/document.pdf

and this is the .htaccess data

Options All -Indexes
<FilesMatch "\.(htaccess|doc|pdf|docx)$">
 Order Allow,Deny
 Deny from all

i have another administration page which allows the responsible guy from our side to download the files by filtering them to anything he want and then click on a html link to normally download the files. ex:

id             name          filename
1             aaaaa     -->  filename1   <-- this is href link which contains for example http://www.bkabkabka.com开发者_JAVA技巧/a/b/c/2.doc

the problem is that the htaccess modification is applying globaly and i want to create like a username and password to this folder and then use PHP code to connect to this folder and be able to download the files normally.

how can i do that?

thank you.

the easiest way to password protect a directory with apache is htpasswd:

add to your .htaccess in the root dir of the protected directory tree:

AuthUserFile /home/user/www/protected/.htpasswd
AuthType Basic
AuthName "Protected"
Require valid-user

then run this from the comand line and enter the desired password:

htpasswd -c /home/user/www/protected/.htpasswd user

you can add another user like so:

htpasswd /home/user/www/protected/.htpasswd user2

to download files in this protected dir with php, use basic authentication. that is construct a url like so: http://user:password@server/protected/file.txt

re your comment, in cpanel there's a "Password Protect Directories" feature accessible from the main page. Here's some detail on that:

http://www.siteground.com/tutorials/cpanel/pass_protected_directories.htm

if you're planning to store the uploaded files in your protected directory, you would just want to make sure move_uploaded_file copies the file to the right path, e.g.:

move_uploaded_file($tmpPath, "/home/user/www/protected/$name");

You can actually specify a username/password combination directly in .htaccess, no PHP code required. This will give you basic HTTP level authentication which might be good enough for you. But beware, it's pretty weak from a security standpoint. But it will keep the lazy people out.