Is the content being compressed at the server level with mod_deflate or something similar?
This has been answered here: Sending correct file size with PHP download script
"If you compress files with Zlib, mod_deflate and so on the Content-Length header won't be accurate so you'll end up seeing "Unknown size" and "Unknown time remaining" when downloading files."
"You can easily disable it for a single script using the following line in an applicable .htaccess file:
SetEnvIfNoCase Request_URI ^/download.php no-gzip dont-vary where download.php is here assumed to be in the download script located in the server's root directory path (e.g. www.crimsonbase.com/download.php). (That's because the regular expression is ^/download.php.)"
Also, please note that your script is insecure. Someone could effectively send the following get parameter for _GET['file']
../../../../../Documents/MyStuff
and it will override your $path restriction entirely.
Suggest stripping out any .. references in the path.