Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Protect Files

Posted by keith (keith), 22 March 2005

I want to host a load of PDF files on my site and allow people to access them only via my PHP Pages (when they are logged in). How can I protect these files from being directly linked by the user? I know mod_rewrite will do it by hiding the real folder but I am looking at .htaccess protection and PHP.

If however I password protect the folder using .htaccess, I get a dialogue box requesting 'username' and 'password' to get the PDF file.

I am using
header("location: pdf/product/".$prodrow['pdf']);

to get to the PDF file from my script.

Is there a way that PHP can access a .htaccess protected folder?

I am on a shared host, so cannot edit httpd.conf

Many thanks in advance.

Posted by admin (Graham Ellis), 22 March 2005
Keith,  you don't need to start "messing about" with .htaccess or anything like that - you can put the .pdf files in a totally different location to the document tree so that they don't have any URL of their own and feed them from the PHP script.

If you've got a copy of the Autumn 2004 issue of our "of course" newsletter, we use exactly this technique in the article on pages 18 and 19 that has a PHP script sending out a (random) image; if you've not got the article to hand you can download the newsletter via

Posted by keith (keith), 23 March 2005
Thanks Graham,
I will take a look at the article.

I'm not sure whether I can move them outside of the 'document tree' (web root I assume). As this is shared hosting
Do shared hosts normally offer space outside of the 'document tree' (web root)?
If so, maybe I should move away from our current one.

Posted by admin (Graham Ellis), 24 March 2005
On all the (paid) hosting services we use, it's possible for us to keep data without our area but not in the document tree, and I think this is common practise - documents in (say) an htdocs subdiretory, CGI in a cgi-bin directory, and other directories called things like logs and private and data that can be used for purposes such as I describe.   On free hosting services, you're likely to be more limited

This page is a thread posted to the opentalk forum at and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: • WEB: • SKYPE: wellho