I have a site that I would like to have certain files only accessible to members (which have to login) what is the most effective and prefererbaly, open source way of protecting files from being downloaded without being logged in? How do software and music download sites do it? I found dlguard.com but, I would prefer something opensource or free. Help!

1) Make it so nobody can download the files directly (.htaccess)

2) Make a script (PHP will do fine) that spits the file out to the user after making sure they are authenticated (see php functions: fopen, fpassthru, header, etc)

3) ???????

4) PROFIT!

Time to learn a little about HTTP, headers, content type. Dig a little, read a little, learn a little and then a discussion will be more useful.

Script that does that is not more than 15 lines of code and it's been posted at least 10 times here. Search for "php download script".

sorry maxymizer but i think you missed the point of this post. DRM is not just 15 lines of PHP.

You didn't ask about Digital Rights Management. You asked for a method to restrict file download access to specific users.

Completely different topic.

Essentially you need to a) test for a valid user who has b) rights to access the file and then start c) pumping the content down the pipe to them.

user -> issues GET via their browser
server -> verifies user
server -> returns HTTP response with appropriate Content-Type and headers for the file type being sent to the browser followed by the content itself.

15 lines of PHP is probably about right for a simple implementation.