It looks like the `download.php` script sets a cookie with an authentication token, and then redirects you to the actual download after verifying the token it just set. If you want to script that, you’ll need to store the cookie the script gives you, then somehow retrieve the download by authenticating with the cookie.

You might want to look into using `curl` instead of `wget`, as the former as a lot more options for handling this type of thing.