hi there, can someone please tell me what is the problem here:
http://www.dharmonynow.com/filez/

when a link to file is clicked by user, .htaccess shots control over to authorize.php:
want to prevent other users from snooping in private folders.
before I added the pass through authorize.php everything was working great.
session stuff was removed for troubleshooting.

################ AUTHORIZE.PHP
<?php
// session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/require/connection.php';
// require_once $_SERVER['DOCUMENT_ROOT'] . '/require/auth-session.php';

//assign current member from session
$current_couple = 377;

// pull folder from url
$mystring = $_SERVER['REQUEST_URI'];
$findme = '/';
$pos = strrpos($mystring, $findme);
$path = substr("$mystring", 0, $pos);
$folder = substr("$path", 16);

// dissect path and file name just to troubleshoot
$pathtofile = $_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'];

$path_details=pathinfo($pathtofile);
$nameandext = $path_details['basename'];
$justext = $path_details['extension'];
$justname = $path_details['filename'];
$mtype = mime_content_type($pathtofile); // correct results except for .doc and .xls
/* echo "<p />";
echo "folder in path matches current couple";
echo "<br>";
echo $pathtofile; // complete path with file and extention
echo "<br>";
echo $path_details['dirname']; // complete path to dir
echo "<br>";
echo $path_details['basename']; // file name & extention
echo "<br>";
echo $path_details['extension']; // file extention
echo "<br>";
echo $path_details['filename']; // file name
echo "<br>";
echo "mime type is: " . $mtype;
echo "<br>";
*/

if($current_couple == $folder){

if(file_exists($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'])){

// Open the file for reading
$fp = fopen($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'], 'r');

// Set mime type to header
header('Content-type: '.mime_content_type($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI']));

// Send the contents of the file the browser
fpassthru($fp);
fclose($fp);

}

else {
// File not found
die('File not found'); }
} // end of IF AUTHORIZED
else {
die('Access denied');}
?>
######################################## END

mime content type results are more or less correct (doc and xls files id'ed as txt). but does spot jpg and gif correctly.
no whitespace in code.
files are not corrupt, they download just fine.
pdf and txt files display fine.
IS THIS A PROBLEM WITH HEADERS, OR CACHE STUFF, OR WHAT?

I'm really lost here and in dire need of a point in the right direction PLEASE.

with much thanks,

mdh