query($query); if($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $fileName = $row['filename']; $fileExtension = substr($fileHash, strrpos($fileHash, '.' )+1); if($fileExtension=="png"){ header('Content-Type: image/png'); } else { header('Content-Type: image/jpg'); } readfile("../securefiles/images/$fileHash"); } } else { $query = "SELECT * FROM images WHERE imagehash='$fileHash' AND imagevisible='1'"; $result = $mysqli->query($query); if($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $fileExtension = substr($fileHash, strrpos($fileHash, '.' )+1); if($fileExtension=="png"){ header('Content-Type: image/png'); } else { header('Content-Type: image/jpg'); } readfile("../securefiles/images/$fileHash"); } } else { die("Invalid file"); } } ?>