browser not liking headers after FPASSTHRU()

[m300zx]

got a website where users view or download docs and pics they uploaded earlier.

let me show you what is working before I present the problem.
user clicks a link to their doc or image and browser opens it in new window.
browser url bar shows something like: mysite.com/files/box/data/278/myimage.jpg
ALL IS WELL, this is working fine.

HOWEVER, I want to add a bit of security to keep users out of other people's folders.
ie, can't have them changing url to something like: mysite.com/files/box/data/456/mytaxes2011.pdf

SO, using .htaccess I intercept all requests to /data/ and check authorization. once they get the green light, I open the file and pass it to the browser:

// Open the file for reading
$fp = fopen($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'], 'r');
// Set mime type to header
header('Content-type: '.mime_content_type($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI']));
// Send the contents of the file the browser
fpassthru($fp);
fclose($fp);

HERE IS THE PROBLEM: headers getting screwed up. files do not open properly. not working in IE, FF, or CHROME. both before and after my security mod, identical REQUEST HEADERS are being sent:

Request Headers
Host www.mysite.com
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.8) Gecko/20100722 AskTbHIP/3.15.4.23821 Firefox/3.6.8 (.NET CLR 3.5.30729)
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
Referer https://www.mysite.com/files/box/index.php
Cookie PHPSESSID=90bae8f5ad8ca690beaf8e389b2cc3fb

BUT I'M GETTING DIFFERENT RESPONSE HEADERS BACK. here is the good response - before the mod:

Response Headers
Date Tue, 03 Jul 2012 02:14:02 GMT
Server Apache
Last-Modified Tue, 03 Jul 2012 02:01:07 GMT
Accept-Ranges bytes
Content-Length 169175
Keep-Alive timeout=5, max=75
Connection Keep-Alive
Content-Type image/jpeg

AND here is the bad response - after the mod:

Response Headers
Date Tue, 03 Jul 2012 02:15:36 GMT
Server Apache
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma no-cache
Keep-Alive timeout=5, max=75
Connection Keep-Alive
Transfer-Encoding chunked
Content-Type image/jpeg

SO PLEASE, what do you make of this? looks like the headers are corrupted or lost by the PASSTHRU??
ANY IDEAS AT ALL PLEASE & THANK YOU !!

[m300zx]

sounds of crickets (chirp... chirp)...

okay, how about some .htaccess voodoo: can anyone tell me how to hide (that is - remove) a DYNAMIC folder name from url?

e.g. - mysite.com/files/box/data/278/myimage.jpg
OR mysite.com/files/box/data/456/myimage.jpg

is diplayed as mysite.com/files/box/data/myimage.jpg

[logic_earth]

Do this, set the content-type as text/plain. I bet you are getting an error message but you are not seeing it because the browser is hiding it.

[m300zx]

thank you logic, but have images to display too. here's what happens when they're set as text:

no error message btw.

ÿØÿàJFIF



,
,ÿÛC    $.' ",#(7),01444'9=82<.342ÿÀ  ä ÷

ÿÄ







 ÿĵ

}
!1AQa"q2�‘¡#B±ÁRÑð$3br‚ %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚáâãäåæçèéêñòóôõö÷øùúÿÚ

?÷,
ùS�<ÓÔûÔ€Ó•³Ú�ïEQEQE„ÓIÒÀ÷¦=é¤õ™ëÅ!94güæŒýiÈrhri€úæžÆ˜Z\ý(Ü=©Êp§žÔÒy£<þ4gŸÆ“4f“>” ûâ�šqÔÒäýh'¥¹éHIâ“?ç4„þZ
æ“ó¥'Ž´™ç¥ÒFF)7j3š?*
éÅ¥Í <ôýhÉõ¤'Ôš7vÅ?Z3ô¥Ï©2zÒäÔ™£>ô„óïïFIÿëR‚9¤ÉõâŒñÚŒœÐ4¹À™8¥ž´gš3×*ã*.i ÏÇÒ�p=hɧgŸð güŠ\ûÑž(Í >ôuÍ'jPhÍÑ»�JLûþ´gŒàph&‚ÃÞ€Üu£'ëHÑ»·&—8ÓÞ�ß—Ö”gš3HÇSN{æ�6sÏéHOgŽô™>”Å.sïFpzQº�ßJ7 uæ�ßZ ͤVäô ·?ýzPÜöüi2?jP}èÉÿ&€Â�Þÿ¥9ÍÉ¡�ÍÔ“IœcúŠMÚZ ö£p¥ÝFáì?‹ Îó�ڥ݌Њ tæ—wNhÝ@n½è-Ï“w½é7Q¼÷ý(ÜhÞsH_€üõ¥ßîhÝÇj]Ô»ýèÜ ëFG*8°ã4…¹=hÝFï‚ء˜‘Ö�¸ÐÒgšóïíNÜÈ ?ZMýyý)Cdt͸¤Þ 7ý)Áýø¤ Ǩ£u.óíJ“wçFòIäP_=èÞEý©CóAni óFïz Ÿj~4»¨Íþ”ô9£< dŒRo>ÔÀ£vh݃@zPØïMßïK¿Š7ýi<Ìànæ‚Ì̧$ô9ëúPÜÒï>Ôõ›ýèÝÍ.þ)CÐ�°=iC`u£w½&î{Ð[ð¥ÜGzb�¶{Ò†Àê(ßïI¸÷¥ÝͲi sÖ�Üõ£}&ïΔ± ?ó¥ßÖ“w¥óH_üæ�ôÑ»"“#¯z]ô…è Ö“u)n)»úÒÁçùÑ»â—wå@j *L�ÓŠRø 7Ö€Ô»©7f—Çjpy¤

[logic_earth]

Alright, then my next guess would be to try "rb" in fopen instead of just "r".

[m300zx]

thanks again logic, but no help.

cleared cache and all that, but still a little red X where image should be...