using rewrite rules and php script to protect certain files (based on logged-in session)

i have a codeigniter website str开发者_如何转开发uctured like so:

website.org/files/stuff/1/example.pdf

website.org/www/index.php

So all files (many are uploaded through CMS) are stored in a files directory above the web root. however, you can access them directly because there is a server alias in place.

Now, some of the files should only be accessible if the user is logged in. So that means if someone tries to access:

website.org/files/special/2/doc.pdf

It should first hit a php script to see if the user is logged in and if so, load the file.

Can anyone advise me on the simplest method of this please?

Add this rule to your .htaccess

RewriteEngine on
RewriteBase /
RewriteRule ^/files/([.*]+)$ /loadfile\.php?file=$1

That should create a variable $_GET['file'] on loadfile.php which would have the value special/2/doc.pdf. From there you check for your user session and load the file accordingly.