I found this code on this site and works great to hide urls when downloading say mp3(or whatever) good for selling files on the net. IE only logged in user get this script etc etc...

I'm not sure if a http logger could still get the url but, note, I have changed the name of the file being downloaded so the user can't see original name(again not sure if logger could pic it up)

But the main reason for this post is I tried making the actual mp3 non readable (chmod 700 file.mp3) so if i try to go direct to the mp3 [blah.com...] it can't be downloaded but going to it thru the script below still allows it to be downloaded!

if ($loggedin){
$file = 'mp3/originalname.mp3';
$content_len=filesize($file);
Header("Content-type: application/zip");
header('Content-type: audio/mp3');
header('Content-Disposition: attachment; filename="song1.mp3"');
if($content_len!=FALSE) {
Header("Content-length: $content_len");
@readfile($file);
}

Is this a resoluton for protecting files from unwanted downloads or can someone see a way around this.

Cheers
Trent