PHP Download Script with

Resume option
August 3, 2012/by Armand Niculescu

A while ago I wrote an article about the common pitfalls of handling file downloads in
PHP. One thing I did not realize at that time is that in most cases developers dont have
the time to write such a script and theyll use whatever they can find, even if it has
flaws.
Because of this, I decided to write a download script and release it free for everyone
with a BSD License. Its not a class, just a script that accepts a file parameter via GET
or POST and outputs the file. For security purposes any paths are stripped and replaced
with a path in the script (the folder containing the downloadable file(s) should be
protected against direct access).
The script sets the correct MIME type for ZIP files, all other files are sent as octet
stream. You may customize that part depending on the type of docs you host.
The download script also accepts range download but not multiple ranges; for the vast
majority of cases this is enough.
The script is in active use and has handled tens of thousands of downloads from a vast
variety of browsers. I tested it only on Apache 2 / PHP 5. Some hosts have really weird
setups and limitations but hopefully you wont get any issues.

Heres the full script (Updated on October 31, 2012):

<!--?php
/**
* Copyright 2012 Armand Niculescu - media-division.com
* Redistribution and use in source and binary forms, with or without modification, are permitted provide
* 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the
* 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and
* THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT "AS IS" AND ANY EXPRESS OR IMPLIED WARR
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIB
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LO
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE
SUCH DAMAGE.
*/
// get the file request, throw error if nothing supplied

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

// hide notices
@ini_set('error_reporting', E_ALL & ~ E_NOTICE);
//- turn off compression on the server

19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

@apache_setenv('no-gzip', 1);
@ini_set('zlib.output_compression', 'Off');
if(!isset($_REQUEST['file']) || empty($_REQUEST['file']))
{
header("HTTP/1.0 400 Bad Request");
exit;
}
// sanitize the file request, keep just the name and extension
// also, replaces the file location with a preset one ('./myfiles/' in this example)
$file_path = $_REQUEST['file'];
$path_parts = pathinfo($file_path);
$file_name = $path_parts['basename'];
$file_ext
= $path_parts['extension'];
$file_path = './myfiles/' . $file_name;
// allow a file to be streamed instead of sent as an attachment
$is_attachment = isset($_REQUEST['stream']) ? false : true;
// make sure the file exists
if (is_file($file_path))
{
$file_size = filesize($file_path);
$file = @fopen($file_path,"rb");
if ($file)
{
// set the headers, prevent caching
header("Pragma: public");
header("Expires: -1");
header("Cache-Control: public, must-revalidate, post-check=0, pre-check=0");
header("Content-Disposition: attachment; filename=\"$file_name\"");
// set appropriate headers for attachment or streamed file
if ($is_attachment)
header("Content-Disposition: attachment; filename=\"$file_name\"");
else
header('Content-Disposition: inline;');
// set the mime type based on extension, add yours if needed.
$ctype_default = "application/octet-stream";
$content_types = array(
"exe" =--> "application/octet-stream",
"zip" => "application/zip",
"mp3" => "audio/mpeg",
"mpg" => "video/mpeg",
"avi" => "video/x-msvideo",
);
$ctype = isset($content_types[$file_ext]) ? $content_types[$file_ext] : $ctype_default;
header("Content-Type: " . $ctype);
//check if http_range is sent by browser (or download manager)
if(isset($_SERVER['HTTP_RANGE']))
{
list($size_unit, $range_orig) = explode('=', $_SERVER['HTTP_RANGE'], 2);

76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

}
else
{
}

if ($size_unit == 'bytes')
{
//multiple ranges could be specified at the same time, but for simpl
//http://tools.ietf.org/id/draft-ietf-http-range-retrieval-00.txt
list($range, $extra_ranges) = explode(',', $range_orig, 2);
}
else
{
$range = '';
header('HTTP/1.1 416 Requested Range Not Satisfiable');
exit;
}

$range = '';

//figure out download piece from range (if set)

list($seek_start, $seek_end) = explode('-', $range, 2);

//set start and end based on range (if set), else set defaults
//also check for invalid ranges.
$seek_end
= (empty($seek_end)) ? ($file_size - 1) : min(abs(intval($seek_end)
$seek_start = (empty($seek_start) || $seek_end < abs(intval($seek_start))) ? 0 :
//Only send partial content header if downloading a piece of the file (IE workaround)
if ($seek_start > 0 || $seek_end < ($file_size - 1))
{
header('HTTP/1.1 206 Partial Content');
header('Content-Range: bytes '.$seek_start.'-'.$seek_end.'/'.$file_size);
header('Content-Length: '.($seek_end - $seek_start + 1));
}
else
header("Content-Length: $file_size");
header('Accept-Ranges: bytes');
set_time_limit(0);
fseek($file, $seek_start);
while(!feof($file))
{
print(@fread($file, 1024*8));
ob_flush();
flush();
if (connection_status()!=0)
{
@fclose($file);
exit;
}
}
// file save was a success
@fclose($file);

exit;
}
else
{

133 }
134 else
135 {
136
137
138
139 }
140 ?>

// file couldn't be opened

header("HTTP/1.0 500 Internal Server Error");
exit;

// file does not exist

header("HTTP/1.0 404 Not Found");
exit;

You can also download it: Download PHP File Download Script