Hello, I am a moderate php user and for a new site I am working on have come across something that I haven't had to do before. Users on the site can upload personal documents, .doc, .xls, .mp3, etc. files to the site for storage. The files are copied to a directory and the locations are inserted into the mysql table, nothing tricky there. My question is this though... I want to password protect the directory and files so that only the person who uploaded the files can view them. When users login I use php to create a session, each page of the member area checks to make sure there is a session, thats how I handle the uploads for example. How can I password protect the directory from everyone else, but allow the user to see it if they are logged in. I don't want the seperate login screen to popup, like you are logging onto a control panel because my users will have already loged on to the site, I want to do this part all behind the scenes. I further would like to do a similar thing with the individual files themselves. My first thought was to change the permissions. I didn't want to do this at the directory level though since if I changed it back for one user, then until that user was done everyone would have access to the directory. SO I thought I'd user permissions on the files. SO when the file is uploaded I set the permissions to 0, no one has access. Then when the user is logged in and click to view their file, the php can change the permission to 777 or something in between and let them look at the file. This works, but then I am stuck with how do I make sure the files get the permissions changed back to 0 when the user is done. To do it in php there needs to be an action and I don't want to trust the user that they will click another link. I also don't like the idea of people being able to go to htt://www.mypage.com/filedir/ and being able to see the list of files even if they are protected by permissions. How can I get around my problem, or is there a better way to do this that is standard? The files are very sensitive so security is a big concern here. Also, and words of advice on how to protect the server from users uploading viruses? Thanks so much, I am very appreciative of any help.