For anyone still trying to write an effective file downloader function/script, the work has been done for you in all the major servers including Apache & nginx.
Using the X-Sendfile header, you can do the following:
if ($user->isLoggedIn())
{
header("X-Sendfile: $path_to_somefile_private");
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"$somefile\"");
}
Apache will serve the file for you while NOT revealing your private file path! Pretty nice. This works on all browsers/download managers and saves a lot of resources.
Documentation:
Apache module: https://tn123.org/mod_xsendfile/
Nginx: http://wiki.nginx.org/XSendfile
Lighttpd: http://blog.lighttpd.net/articles/2006/07/02/x-sendfile/
Hopefully this will save you many hours of work.