You're on the right track and it has little to do with PHP (or at least, that's the path I'd take.)

Authentication, Authorization, and Access Control [httpd.apache.org]

rocknbil,
Thanks for your reply. I have password protected directories before but I don't think it a good fit for what I am trying to do. I want to give an FTP user the ability to load lots of documents, pictures, mp4s, whatever they want and let others be able to open or download them. The reason I want to use FTP is it has no limitation on file size and is fairly easy to chroot. If I set another password then they would have to login twice? Or at least I think. I guess there could be a more elaborate script that does all this and sets a cookie for the session but that is a lot for me. I am no code expert. I'm limited to very basic understanding, but I have pieced toghether a script that displays the directory and has a dynamic "up" or "parent" directory that climbs out of the cwd. I can hide the link when the cwd === /xyz but if they can load a script of thier own they could climb out and view stuff they need not. This is for a personal server so it's not that critical but I really would like to understand how to. To me it seems there should be a simple fix for this. Am I wrong? If so I will have to abandon this method and search for another way to do this. Thanks,jeff