I am writing a page that will provide links to a user that is logged into my site. The links are to PDF files that need to be secure. They contain confidential info. My concern is that if I write something like this:
<?php
$filename = "mypdf.pdf";
echo "<a href='/pdf_files/".$filename.">PDF Link</a>";
?>
Then obviously, anyone can see the path to the sensitive file, and with a little ingenuity, they'll have access to all the files in the folder "pdf_files". I would put a "index.html" file in that directory, but it still doesn't protect those files from being accessed if someone guesses the file name.
My first thought was to put the "pdf_files" folder in a place on the server where I put my database log-in variables, a folder that is not exposed to the internet, but on the server, so that I can access it with an "include" statement. The problem with that is that when I create a link to the file, it doesn't work because the file is in a folder that is not exposed to the internet.
So my question is, how do I create a link to a PDF that is in a folder on the server that isn't web-accessible, or how do I secure a folder on the server so that no-one can access the files in it without logging in?
Any ideas would be greatly appreciated.
Thanks!
