[quote author=Daniel0 link=topic=109164.msg439845#msg439845 date=1159000272] You can't check it if people are accessing it directly. Instead you will have to place the files in a directory that is not accessible from a web browser. Then you would have to make a download script that works like this: index.php?act=download&id=1316 The script would then check if the logged in user has permission to download file id 1316 (file data is stored in the database). If they don't, show an error message, else load the file, sent the correct headers and echo the file. [/quote]Was thinking that this might be a solution. However, maybe something like this would be better? url.com/clientfiles/clientid/file.zip for client only files and url.com/clientfiles/all/file.zip for all clients? htaccess protection? Hmm not sure, your database storing for files sounds good! How would I go about making something like this?