<?php
$download_id = 5;
$q = mysql_query("SELECT * FROM downloads WHERE id = $download_id");
$r = mysql_fetch_array($q);
if ($r['expired'] == 1) {
echo "This download has expired";
}
else {
mysql_query("UPDATE downloads SET expired = 1 WHERE id = $download_id");
$file = $r['download_file'];
header("Cache-Control: public, must-revalidate");
header("Content-Type: application/octet-stream");
header("Content-Length: " .(string)(filesize($file)) );
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header("Content-Transfer-Encoding: binary\n");
readfile($file);
}
?>

When you say that the system decrypts the file does it then create a temp file for the download, or just allow the real file to be downloaded?

Is this decryption done in response to a password? Or is it just dont for the first person that tries to access the file?