What you're trying to do is not directly possible. Your CGI script can send the user a file or redirect them to another URL, but not both.
Also this script is insecure, if for no other reason than that it will allow the user to read any file on the server machine so long as the web server process has access to it. Instead of doing that, have your script form the path to the file as you are doing, then use redirect to send the user to the actual URL of the file so they can download it directly, something like
This has the additional benefit of giving the user proper headers for things like Content-type, Last-Modified etc.
Update: made less punchy.