Hi,

I am working on a project using PHP. We want to put pdf files under a directory and only allow registered users to access them. Since there may be thousands of users, it seems not practical to put them in .htaccess file. What's the best solution for this?

Thanks for your help in advance.

Upload them to a non-web-accessible directory. Make a PHP script that logs the user in and generates a list of these files. When a user clicks one, change the mime-type in PHP using a header() and include the file.

That /should/ work.

Set a session var when a user logs in and verify that var before you serve up the list of PDFs to the visitor. Even better, assign a number to each PDF and then when you design your database table for your user information, you can add the numbers they are allowed to access within the table. That way in the future you could even restrict users to which individual PDFs they had access to.

Thanks for your help.

For some reason, I may have to put the directory containing the pdf files under public_html directory. What's the best solution for this?

As Dan said, you can place the PDFs in a directory above the public folder and then simply use the PHP include command to pull them from that directory when you need them. This eliminates the need to redirect non members away from the directory. So your goals are twofold: 1. Create a login system that enables visitors to access the PDF files and 2. Store the PDFs above the public area to keep them from prying eyes.

Thanks for your help.

The web site will have search feature and I want the pdf files show in the search result list. I use a third party tool (Zoom Search Engine ) to index the pdf files. This is the reason I may have to put the pdf files under public_html. When the visitor click on the pdf file link, he then must log in in order to view/download the content of the pdf file.
Is it possbile that the php code can log in as an internal user after it verify the visitor's account. This way I only need to allow this internal user to access the directory that contains the pdf files.

I see what you mean, never used that tool so unsure how it works. I would still put them outside since it's the links that get indexed, not the actual file. Again, using a small include script you can pull them in and make them appear as if they are in the public dir.

Anyway, I'm not sure where you are going with the 'internal user'. I think you need to open a dialogue with a developer and hash out a work plan for the site and what it needs to do. With what you want to do whenever one person is logged in and the 'internal user' is set as logged in then everyone will be set as logged in. Hope you get what I'm saying...