Great, that means the set-up is good 
To summarize, there is the āyour_video_folderā above the site root.
The contents of this folder can not be accessed directly from a browser.
A file that can be accessed from the browser can get the files and serve them to the browser.
Leaving the āyour_video_folderā alone, you can now have the āthe_new_test_fileā process POST, COOKIE, SESSION, GET values to control what file if any to serve.
To āthe_new_test_fileā add some conditional tests and some āelseā code so it looks like this
<?php
if ( ($_SERVER['REQUEST_METHOD'] === "GET")
&& ( isset($_GET['show_the_video']) )
&& ($_GET['show_the_video'] == "ABC123") ) {
$ctype= 'video/mp4';
header('Content-Type: ' . $ctype);
$file_path_name = "../your_video_folder/relax3.mp4";
$handle = fopen($file_path_name, "rb");
$contents = fread($handle, filesize($file_path_name));
fclose($handle);
echo $contents;
} else {
echo "<h1>I'm Sorry</h1>";
}
?>
Then create a new file with links to it eg.
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Videos Above Root Test</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<style type="text/css">
ul {
list-style: none;
}
li {
display: inline-block;
margin: 0 1em;
}
</style>
<script type="application/javascript">
// script needed before the DOM is loaded here
</script>
</head>
<body>
<h1>Videos Above Root Test</h1>
<ul>
<li>
<a href="the_new_test_file.php?show_the_video=ABC123">Play Video</a>
</li>
<li>
<a href="the_new_test_file.php">No GET value</a>
</li>
<li>
<a href="the_new_test_file.php?show_the_video=BOGUS">Wrong GET value</a>
</li>
</ul>
<script type="application/javascript">
// script that needs the DOM to be loaded here
</script>
</body>
</html>
Then go to the new file in your browser and try the links (need to use the back button to get back to it after clicking a link at this point)