Restrict file access to logged-in users only

First redirect all url calls to a php file to do the analysis of the same, in the case we will redirect everything that contains .tpl.

  

To do this create the ".htaccess" file with the following content:

RewriteEngine On
RewriteRule \.tpl$ checkpermission.php [L]

  

Create the PHP file "checkpermission.php" which will analyze whether the file will or will not be available:

<?php

//Recupero o caminho absoluto do arquivo
$arquivo = $_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'];

//Sua logica para verificar se o usuario esta logado...
if(isset($_SESSION['logado'])) { // faça o uso da sua verificação!

    //Verifico se o arquivo existe no servidor
    if(file_exists($arquivo))
    {

        //Caso exista disponibiliza o arquivo
        echo file_get_contents($arquivo);

    } else {

        //Caso não exista informo o usuario

        echo '<h1> Erro, o arquivo solicitado não existe!</h1>';

    }

} else {

    //Informo que ele não tem permissão
    echo '<h1>Arquivo disponível apenas para usuários autenticados!</h1>';

}

  

Place the ".php" and ".htaccess" files in the project root folder or in the same folder as the index of your site.

After that, just create the .tpl file with a content and run the tests

Note: In order to work, mod_rewrite and .htaccess must be enabled in your webserver and the same must be Apache, in case iis should do the same only with webconfig. If you use XAMPP / WAMPP they work based on apache so just look at how to enable mod_rewrite on them, this option is enabled by default but if it does not work consider doing this check.