prepare("SELECT original_name, mime_type FROM file_attachments WHERE stored_name = ?"); $stmt->execute([basename($file)]); $att = $stmt->fetch(PDO::FETCH_ASSOC); $originalName = $att ? $att['original_name'] : basename($file); $mimeType = $att && $att['mime_type'] ? $att['mime_type'] : mime_content_type($path); $ext = strtolower(pathinfo($originalName, PATHINFO_EXTENSION)); $viewable = in_array($ext, ['txt', 'md', 'pdf', 'csv']); if ($mode === 'view' && $viewable) { header('Content-Disposition: inline; filename="' . $originalName . '"'); header('Content-Type: ' . $mimeType); header('Content-Length: ' . filesize($path)); header('X-File-Name: ' . $originalName); header('X-File-Viewable: 1'); readfile($path); exit; } header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $originalName . '"'); header('Content-Length: ' . filesize($path)); header('Cache-Control: no-cache'); readfile($path);