PLEASE BE CAREFUL!!!!!
if you start usign variables in the following script other users can do very malicious things with it! Including download your PHP source code!!!! which (if you use a db) would contain your database passwords!!!!

you must also set the appropiate MIME type if you are not usign the type i specified. and replace the whole login thing with your own validation scheme, this should be all u need.

so its ok if i just use that code without editing it?

I will have to edit it to work with my php a little. like the user logged condition thingy.

But thanks VERY much, but surely. can't they still point their browser to the actual file?

no you will need to change the file name to whatever your actual file name is myvideo1.mpg then that would replace my-super-secret-private-video.mpg


they can but that assumes they know the real file name, as the file they will be sent will be automatically renamed to video.mpg. The other thing is yes that was a very astute observation they can still point their browser to the real file name (assuming they know the real file name, or you have your .htaccess file to allow indexing), so to avoid this possibility you should place your video file in the parent directory of your public_html folder, so if you did this you could call the file by saying: /private/my-super-secret-private-video.mpg instead of just usign my-super-secret-private-video.mpg (make the path absolute so it doesn't matter what folder the php file is in.

Advanced note: when usign relatives path your "/" directory is NOT always the same in php as it is in FTP / SSH (check with your webhost to find out what is your home directory or look in the phpinfo() command)