How to protect PDFs on server [closed]

I have a site, where the user uploads PDF files, with very secret data. The PDFs mustn't be accessible from anywhere except in the site, which is protected as well as I could.

Can any of you tell me how to prevent direct access to the PDFs, so if someone enters the pdf link in his browser - he will get an error?

Edit:

Let me make it clear. The documents are shown inside the site, for authorized users after entering a username and a password. They can add, edit, delete and read the site content - including the PDF files. The PDFs are shown in the site inside an iframe element.

The PHP files and pages are are secured, and if someone who didn't logged in to the site tries to enter them - they see an error. I've done it with my PHP code. But I can't secure PDFs the same way.

Now, I want to protect the files, so they can be viewed only for the users, and if someone reaches somehow a direct link to a PDF - he won't be able to see it.

What kind of lines do I have to add to my .htaccess to protect the PDFs? Is it possible?

Thanks.


The website could be entirely login based therefore only accessible to the user when they have logged in. If another user was to try to access the page they should be prompted for a username and password before gaining access.