I have a music page, where visitors can listen to short samples of my music for free, and also purchase CDs. I would also like to allow existing paid customers the ability to listen to full versions of the music on that page too. So to start, I’ve set up a protected directory on my hosted space, where the music files reside. Of course if the page tries to access it, a user and password is required.
Well I obviously don’t want to share the single directory password publicly, even with paid customers. And i don’t think I want to try managing multiple passwords in an HTACCESS file. What I’d rather do is let each customer be authorized with their own password and credentials via a PHP script. It seems easy enough to set up a call to a PHP script where I could check a database (or even a flat file) to see if the visitor should have access. If so, the PHP script could access the private directory, and no one would see the actual directory user/ password.
That’s what I’d LIKE to do, but can I? First of all, assuming the PHP script “knows” the directory user and password, how can a PHP script request access to the directory, and offer up the credentials. Second, even if the called script can gain access to the protected directory, will that mean the originating browser page can get to it too? If not, the music player on the visitor page won’t be able to play/access the files.
Maybe I’m overthinking this, again? π
Suggestions?