Directory Security

Anon

Kind of a broad security question here, but I will try to be a specific as possible...I have a directory with PDF files in it..Logged in users (authenticated) are able to access the PDF that they purchased since the links dynamically show up in a table on their member page of items that they have purchased...

Everything is great, but I want to prevent access to the PDF directory for hotlinkers and people that bookmark or type the path in directly...

Does anyone have any ideas on how to do this...I really don't want the logged in members to have to enter additional passwords (maybe I can pass passwords as a variable from the link...

Any help would be appreciated...

Thanks,
Ryan

van__

Either store teh PDF files as compressed strngs in a database or move your PDF files outside of your DOCUMENT_ROOT.

to allow secure access to your PDF's make a script that checks to see if the user has a valid session and/or login and if so, read the file into the script and add this header before you echo:

header("Content-type: application/pdf");

Anon

If I move the documents outside of the root, can I still access them from a link?

I'm really not sure how to do this...I authenticate the user with php, but am not sure how to do this with a pdf document...

Really confused...if possible could you tell me a few more specifics and maybe some sample code...

Very Much Appreciative,
Ryan

Anon

Ok...so I have moved the PDF directory outside of the root and have created my user session and authentication script...but, how do I access the directory now?

Thanks,
Ryan