enconding a url

router

Hello!
I have a page where you can download a file.
For that, i use a code's friend of this forum 😉

and in download.php:
//Check if the user is registered
header("Cache-control: private");
header("Content-Type: application/force-download; name=\"$file_d\"");
header("Content-Disposition: attachment; filename=\"$file_d \"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: $content_length");

$fp = fopen($file,"r"); 
$fp = fopen($file_fullpath,"r"); 

while (!feof($fp)) 
{	print(fread($fp, 4000)); 
	flush(); 
} 
fclose($fp);

}

But if you type on your browser
www.mypage.com/file.pdf you can download my file, and i don't want it...i must verify that this user is register. For that , in others pages, i check that a variable call user is set on the session
(isset($_SESSION['user'])), but it doesnt work here. I check it where i've write 'check if the user is registered'.
Any idea?
Thank you!!
Router
🙂

router

I've forget to say that , maybe, if i code the url i get that nodoby knows the name of my file and then , nodoby could't access to it writting ...www.mypage.com/mifile