Protect files in directory using authentication script in php/apache

I'm looking for a way to tell Apache that if there is a request for a file from a certain directory it should first run a php script to verify if the user is logged in. I know I could put the directory outside of the docroot and let a php script handle the authentication and file downloads, but because these are flash files that try to open other flash files it has to be a directory in the docroot, and the files should not have to be send by the php script. In the old setup we were using mod_auth_script(http://sourceforge.net/projects/mod-auth-script/), but as that is a rather obscure apache module I'd rather have a more common solu开发者_如何学JAVAtion if possible.

You can use .htaccess and mod_rewrite to redirect requests to php script. Try some googling and you will find lots of examples.

.htaccess contents example:

Options +FollowSymLinks
RewriteEngine on
RewriteRule ([0-9a-z-_]+)\.swf$ checkForAuth.php?&file=$1 [L]

This will call checkForAuth.php when someone will try to access *.swf file. In checkForAuth.php you need to check your session, read contents from $_GET['file'], set correct headers (content-type for flash) and output contents of requested SWF file.