i noticed a few posts in this forum by people wishing to restrict access to pdfs via a php user-authentication scheme. using .htaccess really isn't an option since that would require users to enter their log-in information a second time, and connecting .htaccess users to a mysql database is an big pain.
here's the method i'm using:
make a php page, say, named 'pdf-download.php':
<?
$file="/users/bob/pdfs/secretname.pdf";
if(user is logged in){
header("Content-Type: application/pdf");
readfile($file);
exit;
}
else{
echo("whatchyoutalkinaboutwillis?");
}
?>
the trick is, when you load the page, load it like this:
http://domain.com/pdf-download.php/pdfname.pdf
that slash after "pdf-download.php", and everything after it, will be ignored by apache, but you need the file to end in ".pdf" for PC IE to treat it just like a pdf. you can even use an eregi_replace on $PHP_SELF to extract 'pdfname' from the url, and use that as the a key in a filename array (if you have a number of protected pdfs.)
one of the benefits in this approach is that the pdf's aren't stored in a web-accessible directory, so users can't just bookmark the file and view it if they've lost their access. (obviously they could have just saved the pdf to their hard drive, but there's no way to prevent that, so far as i know.)
i haven't tested this is netscape 4.x, but this works perfectly in safari and IE PC & Mac.
