Leave it, it wont work.Here is one more logic -
-redirect the user to another php page when he tries to download the pdf, adn check his username/password there.
-if username/password are right just get him back to the previous page or else directly exit or do whatever you wish.

There are 2 ways to securely do this. The first one is to make the download dir inaccessible without password (this is as said done in htaccess e.l. and not in you code). The other one is to put the file outside of you public_html-folder (http_root o.l. it might be called on a winserver) and use a script/program like php or C# to read the file and output it to the response-stream if the password is correct.

I found out about htaccess few hours ago. Now I know how can I password protect a single html page. which was one of the things I needed.

But how can I password protect single file or better yet <a href> tag ? I don't know much about php etc. so I wanted to ask in this forum for some help, maybe someone know some tutorials regarding this ..

Password-protecting a single a-href doesn't make sense. What does is to password-protect the file that the a-href points to. And if you already know how to password-protect a html-file my guess is that it shouldn't be much of a difference in password-protecting a pdf-file or a img-file etc.

Thanks, everything works great, I don't know why, but somehow I imagined this would be much harder :p.

Got 1 question though:

when I clicked on .pdf link (without .htaccess) it opened in a new tab/window. Now when I have .htaccess, browser opens new tab and asks for authorization , which is all great, but if i press cancel I get Authorization Required error page. Is it possible to somehow get redirected back to the page from which I opened that .pdf instead of error page ?

I'm not shure about that. That's about server-settings, and not programming (.htaccess is too actually server-settings, but I'm not that familiar with it).