A while ago I wrote an article about the common pitfalls of handling file downloads in PHP. One thing I did not realize at that time is that in most cases developers don’t have the time to write such a script and they’ll use whatever they can find, even if it has flaws.
Because of this, I decided to write a download script and release it free for everyone with a BSD License. It’s not a class, just a script that accepts a “file” parameter via GET or POST and outputs the file. For security purposes any paths are stripped and replaced with a path in the script (the folder containing the downloadable file(s) should be protected against direct access).
The script sets the correct MIME type for ZIP files, all other files are sent as octet stream. You may customize that part depending on the type of docs you host.
The download script also accepts range download but not multiple ranges; for the vast majority of cases this is enough.
The script is in active use and has handled tens of thousands of downloads from a vast variety of browsers. I tested it only on Apache 2 / PHP 5. Some hosts have really weird setups and limitations but hopefully you won’t get any issues.
Here’s the full script (Updated on October 31, 2012):