8
You can use htaccess to limit access. I've used the following script to make sure the user only came from a known referrer....
# stop hotlinking and serve alternate content
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www.)?YOURURL/.mypage.php$ [NC]
RewriteRule .*.(zip|pdf)$ http://YOURURL/uploads/directory/forbidden.jpg [R,NC,L]
Options All -Indexes
IndexIgnore *
AddType application/octet-stream .pdf
NOTE: The code above isn't displayed quite right... the XOOPS forum text sanitizer is eating some of the code, but you can get the general idea from what's posted...
This let me serve a .zip and/or a .pdf file and only allow access if the user came from a page on my site. That page was only accessable once a user had logged in... Otherwise it displayed a graphic (forbidden.jpg) instead.