I'm working on a site that allows users to purchase digital content and have implemented a method that attempts to serve secure downloads.

I'm using CodeIgniter to force downloads like this:

$file = file_get_contents($path);

force_download("my_file_name.zip", $file);

Of course, I make sure the user has access to the file using a database before serving the download, but I was wondering if there was a way to make these files more secure.

I'm using a some 8-10 letter keys to create the file paths so urls to the files aren't exactly easy to figure out... something like http://mysite.com/as67Hgr/asdo0980/uth89.zip in lieu of http://mysite.com/downloads/my_file.zip.

Also, I'm using .htaccess to deny directory browsing like so: Options All -Indexes.

Other than that... I have no idea what steps to take. I've seen articles suggesting username and password methods using .htaccess, but I don't understand how to bypass the password prompt that would occur using that method.

I was hoping there might be a method where I could send a username and password combination using headers and cUrl (or something similar), but I wouldn't know where to start.

Any help would be hugely appreciated. Thanks in advance!