Hiding the url will baffle the least tech savvy users, but not anyone who is willing to download your files and have a very minimal tech knowledge, if you need to hide your files behind a code (or pay wall) you can use a PHP script that authenticates the user and spits out the corresponding file, a small example is like this:

隐藏 url 会让最不精通技术的用户感到困惑，但不会让任何愿意下载您的文件并且技术知识非常少的人感到困惑，如果您需要将文件隐藏在代码（或付费墙）后面，您可以使用 PHP 脚本就是对用户进行认证并吐出对应的文件，一个小例子是这样的：

if($validUser)
{
    $path = $fileName;
    $size = filesize($path);
    $fp = fopen($path, "rb");
    $content = fread($fp, $size);
    fclose($fp);

    header("Content-length: ".$size);
    header("Content-type: application/octet-stream");
    header("Content-disposition: attachment; filename=".$fileName.";" );
    echo $content;
}
exit();

This assumes you have the files physically in the server, but you can modify it if you have them in a database or any other storage medium. Of course, you must first validate if the user have the right to download that file but this is up to you.

这假设您在服务器中实际拥有这些文件，但如果您在数据库或任何其他存储介质中拥有这些文件，则可以对其进行修改。当然，您必须首先验证用户是否有权下载该文件，但这取决于您。

You can use a php script to provide the document, while still allowing php to authenticate the user's session information/etc.

您可以使用 php 脚本来提供文档，同时仍然允许 php 对用户的会话信息/等进行身份验证。

The process goes like this:

这个过程是这样的：

1. User enters a unique code (after additional authentication required to validate the user).
2. A unique document link is generated, such as: http://domain/download.php?file=58afg71057ga82157(example)
3. download.phpvalidates the user request against stored session information -- if everything checks out, it sends the file header() and passes along the file contents.

1. 用户输入唯一代码（在验证用户所需的额外身份验证之后）。
2. 生成唯一的文档链接，如：（http://domain/download.php?file=58afg71057ga82157示例）
3. download.php根据存储的会话信息验证用户请求——如果一切正常，它发送文件 header() 并传递文件内容。

This basic file download tutorialprovides the very basics of providing a file in this way. You will need to improve upon this basic tutorial, but it should give you an idea of how the process works.

此基本文件下载教程提供了以这种方式提供文件的基础知识。您需要改进这个基本教程，但它应该让您了解该过程的工作原理。

Suggestions:

建议：

• Use a unique "key" per user (allowing the same user to re-download); or,
• A single-use key which only allows a single download, ever; or,
• Require user authentication, so that you know whether they should be "allowed" to use the key.
• Do not use a "filename.ext" to locate the file to download, either store the name in the session or use a unique identifier stored in a database.
• Don't just copy paste an example scripts, they are often extremely insecure.

• 每个用户使用唯一的“密钥”（允许同一用户重新下载）；或者，
• 一次性密钥，永远只允许一次下载；或者，
• 需要用户身份验证，以便您知道是否应该“允许”他们使用密钥。
• 不要使用“filename.ext”来定位要下载的文件，要么将名称存储在会话中，要么使用存储在数据库中的唯一标识符。
• 不要只是复制粘贴示例脚本，它们通常非常不安全。