That helps. I see how that works. But it doesn't cover something. The code is sent to the user in a link that has it in a query string. Then that code is validated when the user clicks the link. I follow all that. (and I assume that "readfile"
http://php.net/manual/en/function.readfile.php[
^] covers that part. But the download should not come from just any old folder on your server cuz then anyone could get to it manually. So I'm not clear on that part of the process. It seems like you'd have to have your file for download in a protected folder with a user name and password. Then when the user clicks their unique link, the validation code would also then open up the protected folder and the download would begin. I'm not sure I'm following what to do there.