direct file download protection

I开发者_如何学Python have a folder for downloads on my server, i want to prevent direct access to that folder so i am makin it pass-protected with htaccess and i will push download with a php script. But i have some questions regarding mkdir and file_exists

Do mkdir and file_exists works good for pass-protected folders ?

and

would i get any error while uploading file to that folder ?

AND

is this a good way of preventing direct access ?

thanks

As pass-protection only aplies to HTTP connections though your Apache server, every PHP function that can access files will work. And because uploading a file is also only copying a file with PHP from the temp dir to the upload dir, there should be not problem.

Using htaccess is a good method to avoid direct access. But it would be much better to have the uploaded files in a directory which can not be access through any HTTP reuest. So storing it above the httpdocs (or equal) folder will make it totally impossible to access a file through a direct request.

htaccess works fine for simple password protection. As soon as a user has authenticated everything works exactly like for normal folders. It should not affect any php-functions or server side permissions.