You should really be checking the mime type of the file itself (on the server, in the temporary directory is usually good) rather than relying on the MIME information send from the browser which is easy to fake.
Try playing around with
mime_content_type().
The MIME type of plain text files is quite simply
text/plain as you already know. Some browsers will (wrongly) send through the
application/octet-stream if they're too lazy to send the right type.