How can I secure folder so user can not download media file form that folder

Question

I am developeing a online video selling website in PHP. To download the specific video user pay perticular amount, then i provide a link to download video. I used following code to provide a download link to user.

header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;

I have stored all the videos in a particular folder. How can I prevent user to prevent user so that they can not look through that video folder and can not download videos for free. or can not grab website and download all content.

Answer 1

You can make that folder as Forbidden in which you have media files using htacess.

RedirectMatch 403 ^.*/sub/folder/index\.php$

(OR)

<Directory full-path-to/USERS>
     Order Deny,Allow
     Deny from All
</Directory>

Answer 2

store in a database what files the user has purchased and run a check in your download script if that user is allowed to download that file, if not redirect them.

Answer 3

Keep the folder outside the server's DocumentRoot, so the files can only be accessed through your script.