id == $_SESSION['allowUser'] && strpos($morePath, $_SESSION['allowUrl']) ){ // get file extention from path $path_parts = pathinfo($morePath); $ext = $path_parts["extension"]; // append path to Moodle data dir $file = $pathToMoodleData . $morePath; // realpath $realFile = realpath($file); // parse document if(isset($mimes[$ext])) header("Content-Type: ".$mimes[$ext]); header("Content-Length: ".@filesize($file)); $fp = @fopen($realFile,"rb"); fpassthru($fp); fclose($fp); } else { echo "not allowed...
"; echo $morePath . "
"; echo $_SESSION['allowUrl'] . "
"; echo $_SESSION['USER']->id . "
"; echo $_SESSION['allowUser'] . "
"; } // security end ?>