How about using PHP as a pipe to funnel the MPG files through:
?
// Place your security logic here and exit if
// auth is not successful
// $filename is the path of the file
// to server
header (Content Type:video/mpeg);
readfile ($filename);
?
Store the files outside of your web root or in an .htaccess protected
directory. You don't have to control an .htaccess password list, just
let PHP handle the sending of the file.
Validate your user and whether they should be looking at the file they
requested, then use header() to send the
