Force Download Script (Headers)

[jaymc]

Right, I have made a script that will force the download of files rather than open them up/stream in their default application.

Here is the code

[code]<?
$User_Session = $_SESSION['username'];
if ($User_Session == "") {die("HAHA");}

$file = $_GET['file'];
if (strstr($file, "../")) {die("Unlucky Punk");}
$filesize = filesize($file);
$filename = explode("---", $file);

// required for IE, otherwise Content-disposition is ignored
if(ini_get('zlib.output_compression'))
  ini_set('zlib.output_compression', 'Off');


    header("Pragma: public");
    header("Expires: 0"); // set expiration time
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Content-Type: application/force-download");
    header("Content-Type: application/octet-stream");
    header("Content-Type: application/download");
    header("Content-Disposition: attachment; filename=$filename[1]");
    header("Content-Transfer-Encoding: binary");


readfile("./uploads/".$file);
?>[/code]

Here are my questions

1: Is it secure? You will notice I checked the $_GEt for the occurance of [b]../[/b] to ensure people dont try and download files outside of the DIR (../../index.php) I think that secures that up, maybe someone knows another flaw in it which would allow people to download what ever file the want

2: This is a problem, for some reason, and this appears to be random, when download a file it can stop downloading after like the first 180kb and acts as if its completed the download. This is not just on certain files, it can happen to any file and seriously looks pretty random. I have no idea why. Their is no error messages, it just stops downloading.

Any help on those 2 points will be appreciated