You need to use a php file to feed the file through where the pdf files are stored in a NON PUBLIC folder.
For example, put your pdfs in a non public accessible directory, let's say: /home/pdfs/
And your PHP script in a public accessble directory, let's say: /home/public_html/
Inside the script in the public directory put:
if (isset($_GET('password')) {
die('wrong password');
}
if ($_GET['password'] != 'mypass') {
die('wrong password');
}
$file="/home/pdfs/test.pdf";
header("Pragma: public");
header('Content-disposition: attachment; filename='.$file);
header("Content-type: ".mime_content_type($file));
header('Content-Transfer-Encoding: binary');
ob_clean();
flush();
readfile($file);
Use GET values to determine the file to download, but to ensure better security only allow .pdf extensions, strip all other periods and slashes to prevent them from traversing the directories of your server and being given important security files containing passwords etc!!! To be even safer still only name your pdf files using characters a-z 0-9 and - or _
And then when you wish to download a file craft the correct URL to the script above, and ensure the pdf file exists in the non public directory.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…