Ok, so the title's a little confusing, but here's what I want to do.

I've got this member area on a website, and I wasnt to allow administrators to be able to upload .pdf and .doc files so only logged on members can view them.

So I've got a page with a verification script that checks to see if their logged in. If they are, it displays a link to it. (Something like <a href='showNewsLetter.php?c=999'>Newsletter</a>)

Now when the user clicks the link, I want the show newsLetterPage to verify the user (again), and, if the user is valid, open the .doc file. But I want to store the .doc file outside of the Apache directory tree so only registered users can get to it.

Any ideas how to do this?

I hope I'm making sense here.

After the user has authenticated himself to your system, store a "logged in" flag variable in a session. Then, after the user clicks the link to showNewsLetterPage.php, make second check if this flag variable is still set in the session. If it isn't or there is no session at all, redirect the culprit. Otherwise serve the authenticated user the protected file.
You might consider storing the paths to the protected files in a database, but since they are outside the document root of the server, you could as well leave them in your script file.

Hey

Once you have authorized the user in a PHP script, you can use the PHP script to output itself as a Word Document or PDF Document.

Create PDF Documents with PHP: http://www.php.net/manual/en/ref.cpdf.php

You can use Content-Type in your headers. eg:

Header("Content-type: application/pdf");
Header("Content-type: text/html");

Jesh