Are you trying to generate a page where after logging in the user is presented with a page of links to the word docs?

In that case I'd seperate out and have one table with usernames/passwords and another with the file name and file description.

create database wordDocs;
use wordDocs;
create table users(
username varchar(255),
password varchar(255),
primary key(username)
);
create table docs(
id int not null auto_increment,
filename text,
description test,
primary key(id)
);
<?php
 $connection = mysql_connect('mysql_host', 'mysql_user', 'mysql_pass');
 mysql_select_db("wordDocs", $connection);
$query = "select filename, description from docs";
 $result = mysql_query($query);
 while($row = mysql_fetch_array($result)){
  echo "<a href=\"$row[0]\">$row[1]</a><br>";
 }
 mysql_free_result($result);
 mysql_close();
 
?>

Thank you very much for your reply. I'll try that. By the way, for the column description, do you mean put the file content in this column and there is a link to it from the filename. Does it matter if the file is very big like several MB?
Thanks again.

It might be more appropriate to use the server's security system, otherwise someone finding the real fine name and location could circumvent the proposed security script.

For an Apache 2 server, relatively easy instructions can be found at
[httpd.apache.org...]

Oh, I just meant a brief description of the file's contents in case it had a weird filename.

Incidentally you could use mediumtext as the MySQL type if you ever needed to store an entry of 2MB. The type text stores up to 65kb.

Thank you all dragonthoughts and mm1220. dragonthoughts' way is more secure and the link is very helpful, but I need the server administrator's help to do so if I really want to do it this way. As for mm1220, where should I store the content of the file if some of the file size is more than 8MB? If I store it somewhere on the website, it is less secure as dragonthoughts said. Any idea? I appreciate all your help.

you can store files above the root of the site there by making them not directly accessible via http

these files can then be included using php only when the proper password is enetered

Thank you jatar_k. I have tried to store the files above the root and use the following script to include it.
<?php
if($_POST['pass'] =='rightpass'){
include("../file.doc");
}
else{
echo "invalid password.";
}
?>

When I enter the correct password, the file does open, but it is unreadable. The possible reason might be that it is in word document format. Do you have any suggestion on how to make the file readable?
My another question is, if I have three files, I need use three include statements and these three files look like one file. Do you have any idea how to make them look like three different files?

Thanks again.

well the word format thing is a bit of an issue, I would maybe zip them and allow them to download them or change it to another format instead of viewing the word document straight up.

remember:
anything is possible but most things are not advisable ;)

as far as giving a list, are you going to store the filenames in the database?

if so just pull the names from the db and list them on the page they come to after login with a link. Give them an id or something in your db and use that id on the next page to serve up the appropriate document.

Thanks. It is a good idea to use zip files, but if I want to store the file name in a database, you said "Give them an id or something in your db and use that id on the next page to serve up the appropriate document." Can you explain this in more detail. I didn't get you. I am still wondering how the user can open the file when they see the file name.
Pardon me for my limited knowledge on this. I am sorry for replying late, I was busy working on other stuff.
Thanks again.

a very minimalist table could be something like

tablename = documents
doc_id - integer primary key
doc_name - name of the document

now when they hit the page after login you can do a 'select * from documents' this would give you alist of document names along with their unique id (not advisable forever as the list may get quite long at some point adding a LIMIT and pagination would be fine)

you can then loop through the results, for each one you could echo the document name for the link text and then maybe add the id as a GET parameter that goes to a script that controls the downloading. Each link might look something like

<a href="downloader.php?docid=33">My fancy word doc</a>

then when the link is clicked, the target script can use the docid to query the database, get the doc_name and then serve that document to the user.

the reason I say zip and let them download is because .doc format won't really work, maybe if no one uses anything but IE but there is nothing worse than a site that tells me I have to use IE.

Thanks. You mean I still store the content of the file above the root? I'll learn how to write the downloader.php. Thanks again.

>> You mean I still store the content of the file above the root?

yes, a php script can access files anywhere in the filesystem but this stops anyone from accessing them by calling them directly via a browser. The only way to access is to login and receive them through downloader.php

Is it very hard to write the downloader.php script? Could you please give some clue on this? Thanks.

if you're forcing them to download a zip file then it is only a matter of getting the filename out of the db and setting the appropriate headers for a zip file and then sending the file

How about if I don't zip the files and ask the user to download the files one by one?

I would still zip them individually, it will save bandwidth and make it easier to download them

either way the steps are the same

get filename
set proper headers dependant on file type
send the file

CAn you explain in more detail about step 2 and 3? Thanks.

take a look at
[webmasterworld.com...] msg9

it shows a downloader for a file as csv

you're not doing csv but the steps are similar

just look at the headers it sets and you could just set your filename/path/contents in $output_file

you will need to set headers for zip or doc or whatever you decide as opposed to csv

Thanks. I'll read that link.

When you are serving the document or zip file, make sure that the file is served as the correct MIME type, otherwise many standards compliant browsers will not understand what they are receiving.

Thank you jatar_k and dragonthoughts for your replies. I am still learning how to do it. There are so many things new to me, but I am very interested to learn it. I'll let you know if I make any progress on it.
Thanks again.