Protect PDF docs from being directly accessed in URL

Question

I want to protect a pdf file from being directly linked but instead have my logged in users be able to access it. I have a link which currently goes to a javascript functio

Answer 1

This is kinda sloppy but it could work assuming you can setup a MYSQL DB. It lets you pass the "password" in the URL as an MD5 string or as a clear text if you want to. Trying to setup some kind of security without using htaccess or an existing frame work is kinda clunky. This however won't even attach the file to the stream until it knows you've been "Authenticated" I think you could maybe make this a little better if you setup a login page that saved a cookie locally then you wouldn't need to pass the "passphrase" in the URL.

    $file = $_GET['file'];
    $pass = $_GET['pass'];
    $download_folder = '../Protected';
    $file = basename($file);
    $filepath = "$download_folder/$file";

    if (file_exists($filepath)) {
        if(CheckUser($pass)){
            header("Content-type: application/octet-stream");
            header("Content-Disposition: attachment; filename=$file");
            session_write_close();
            readfile($filepath);
        } else {
            echo 'Not Authenticated!';
        }
    } else {
        echo 'No File!';
    }

function CheckUser($value){
    $con = mysqli_connect("test.com","test","123456","my_db");
    // Check connection
    if (mysqli_connect_errno()){
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }
    $result = mysqli_query($con,"SELECT user FROM pass_table WHERE password =".md5($value).";");
    while($row = mysqli_fetch_array($result)){
        mysqli_close($con);
       //return $row['user'];
       if($row['user']){
           return true;
       }
    }
    mysqli_close($con);
    return false;

}