Fopen/fpassthru most files won't open! but pdf and txt do... see for yourself!

hi there, can someone please tell me what is the problem here:
http://www.dharmonynow.com/filez/

when a link to file is clicked by user, .htaccess shots control over to authorize.php:
want to prevent other users from snooping in private folders.
before I added the pass through authorize.php everything was working great.
session stuff was removed for troubleshooting.

################ AUTHORIZE.PHP
<?php
// session_start();
require_once $_SERVER[‘DOCUMENT_ROOT’] . ‘/require/connection.php’;
// require_once $_SERVER[‘DOCUMENT_ROOT’] . ‘/require/auth-session.php’;

//assign current member from session
$current_couple = 377;

// pull folder from url
$mystring = $_SERVER[‘REQUEST_URI’];
$findme = ‘/’;
$pos = strrpos($mystring, $findme);
$path = substr(“$mystring”, 0, $pos);
$folder = substr(“$path”, 16);

// dissect path and file name just to troubleshoot
$pathtofile = $_SERVER[‘DOCUMENT_ROOT’].$_SERVER[‘REQUEST_URI’];

$path_details=pathinfo($pathtofile);
$nameandext = $path_details['basename'];
$justext = $path_details['extension'];
$justname = $path_details['filename'];
$mtype = mime_content_type($pathtofile); // correct results except for .doc and .xls

/* echo “<p />”;
echo “folder in path matches current couple”;
echo “<br>”;
echo $pathtofile; // complete path with file and extention
echo “<br>”;
echo $path_details[‘dirname’]; // complete path to dir
echo “<br>”;
echo $path_details[‘basename’]; // file name & extention
echo “<br>”;
echo $path_details[‘extension’]; // file extention
echo “<br>”;
echo $path_details[‘filename’]; // file name
echo “<br>”;
echo "mime type is: " . $mtype;
echo “<br>”;
*/

if($current_couple == $folder){

if(file_exists($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'])){

// Open the file for reading
	$fp = fopen($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'], 'r');

	// Set mime type to header
	header('Content-type: '.mime_content_type($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI']));

	// Send the contents of the file the browser
	fpassthru($fp);
	fclose($fp);

	}
	
else {
	// File not found
	die('File not found'); }
							} // end of IF AUTHORIZED

else {
die(‘Access denied’);}
?>
######################################## END

mime content type results are more or less correct (doc and xls files id’ed as txt). but does spot jpg and gif correctly.
no whitespace in code.
files are not corrupt, they download just fine.
pdf and txt files display fine.
IS THIS A PROBLEM WITH HEADERS, OR CACHE STUFF, OR WHAT?

I’m really lost here and in dire need of a point in the right direction PLEASE.

with much thanks,

mdh

You could try using readfile instead? This effectively outputs the file to the browser, but without having to use fopen. You would still need to set the content type first however.

thanks Roberts!

no diff… getting exact same behavior with readfile(). thinking the problem is somewhere before… something earlier… but what!!

taking a BIG step back - is there a better way to secure these files??? the only reason I’m going through this hell is to keep people from snooping in other user’s folders.

for example:
a user clicks one of their own files, it opens in new window - they notice URL bar reads http://domain.com/files/377/doc_name.doc
so they get the bright idea and alter URL to http://domain.com/files/84/2011_taxes.pdf
that could happen without my detour to authorize.php

is there another way to protect a folder???