This is how I do it in PHP:
<?php
$fakeFileName= "fakeFileName.zip";
$realFileName = "realFileName.zip";
$file = "downloadFolder/".$realFileName;
$fp = fopen($file, 'rb');
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=$fakeFileName");
header("Content-Length: " . filesize($file));
fpassthru($fp);
?>
Additionally, if you don’t want anyone to have access to the file location, put a file named .htaccess into your download folder with only the contents:
deny from all
I changed the code a little. First when I say fake file name and real file name, the fake filename is the name that the downloader will download the file as, where the real filename is the name of the actual file in the download folder on your server.
Also, I check to make sure the user is logged in and is able to download the file. If he chooses to download the file, a PHP file is called in a new tab (with the download code from above), then at the end of the file I have the line:
exit;
So when he clicks on the download link, a blank page pops up in a new tab quickly, then quickly exits and the download begins.
EDIT: The download link looks something like this:
<a href="https://stackoverflow.com/questions/10997516/simpleDown.php?id=<?php echo $_GET["id']; ?>" target="_blank">Download!</a>
Where id is the id of the download in the database, and in the download script from above I find the entry with that id, then get its real file name and the fake file name. You can do this without the database though.