Bajar ficheros del ServidoBajar ficheros del Servidor

Respuesta de Javier Leyba a una pregunta hecha en la lista de [PHP-ES].
Pregunta:
Tengo el problema de intentar bajar ficheros del servidor al cliente, lo he conseguido con ficheros zip, pero necesito que me funcione para cualquier clase de fichero, supongo que el problema estara con header? No existe nada para hacerlo genérico?
...
Respuesta:
Estuve con ese problema hasta hace unos dias y ya lo he resuelto.
Cuando el cliente hace un click en el link del archivo a bajar, esta llamando a una rutina predownload.php.
La rutina verifica que el archivo exista realmente. Si no existe, muestra un mensaje de error. Si existe muestra una pagina que avisa que el download comenzara automaticamente y muestra un link al archivo para que lo puedan bajar a mano (por si falla el download automatico). Dicha pagina tiene un evento onLoad que llama a download.php.
Download.php contiene lo siguiente:


<?
$f = $_REQUEST["f"];
header("Content-Type: application/x-msdownload ");
header("Content-Disposition: attachment;
filename=".basename($f)."; "); // For Other browsers
@readfile("docs/".$f);
?>




Esto funciona en TODOS los browsers y con cualquier tipo de archivo.
La documentacion que use para solucionar el tema fue:

Forcing files to download,
run, launch specific applications, etc.
You can't do that. The Web protocols were designed to identify, via MIME Content-Type headers, what sort of content a data stream has, but not specify exactly what to do with it. This was done for a good reason; the site author has no way of knowing exactly what sort of system the end
user has, or that user's preferences as to how to deal with different kinds of data. And some ways of dealing with data, like automatically running an .exe file, pose security risks such as viruses and "trojan horses". And if the user has a Macintosh or a Unix system, running DOS or Windows .EXEs is infeasible, anyway; but if you let the user download the file, he might be able to put it on a disk and run it on a PC down the hall.
In general, users may want to make their own choices as to how to deal with various kinds of files, displaying them in their browser, displaying them via an external helper application, or saving them to their hard disk, rather than letting your site force one particular behavior that might not even work on this particular user's system. So you should make sure your server sends an honest and accurate Content-Type header for each item it sends.
If you're sending data files of some sort which the user ought to be saving instead of viewing in his/her browser, the best MIME type to use is application/octet-stream; this will usually cause a "save" dialog box to appear. It's not "forced" (a user can configure the browser to do something else with this sort of data), but it's the usual action, and this is the closest you can get to "forcing the browser to save the file." But you can't force the directory or filename it's saved under, though browsers will generally get the name out of the last part of the URL (though they can vary in maddening ways, sometimes winding up with weird filenames unlike the one you intended).
You can always encourage the user to make use of browser features to save a file to disk, such as right-clicking in Netscape or MSIE, which work no matter what MIME type is used or how the browser is configured to handle that type.

Y te envio tambien el link al RFC
por si te interesa: