<?php
	/**
	 * Copyright 2000, 2001, 2002 Philipp von Klitzing
	 * Copyright 2003, 2004, 2005, 2006, 2007, 2008, 2009 Wim van Ravesteijn
	 *
	 * This file is part of AEGEE-Europe Statutory Event Applications.
	 *
	 * AEGEE-Europe Statutory Event Applications is free software: you can
	 * redistribute it and/or modify it under the terms of the GNU General
	 * Public License as published by the Free Software Foundation, either
	 * version 3 of the License, or (at your option) any later version.
	 *
	 * AEGEE-Europe Statutory Event Applications is distributed in the hope
	 * that it will be useful, but WITHOUT ANY WARRANTY; without even the
	 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
	 * PURPOSE.  See the GNU General Public License for more details.
	 *
	 * You should have received a copy of the GNU General Public License
	 * along with AEGEE-Europe Statutory Event Applications.  If not, see
	 * <http://www.gnu.org/licenses/>.
	 */
	include("./include/include.php");
	page_header(true);

	$query = "SELECT `info_id`, `filename`, `filetype`, `data`, LENGTH(`data`) AS `size` FROM `files` WHERE `id`=".get_int("id");
	if( @mysql_num_rows( $res=doquery($query) )==1 ) {
		$row = mysql_fetch_array($res);
		$query2 = "SELECT `access` FROM `info` WHERE `id`=".$row['info_id'];
		if( @mysql_num_rows( $res2=doquery($query2) )==1 ) {
			$row2 = mysql_fetch_array($res2);
			if( $row2['access']=="public" || ($row2['access']=="aegee" && isset($_SESSION['access_user']) && $_SESSION['access_user']) ) {
				// access ok
				header("Cache-control: max-age=31536000");
				header("Expires: Wed, 30 Dec 1981 04:00:00 GMT");  // Date in the past
				header("Last-Modified: " . gmdate("D, d M Y H:i ") . " GMT");  // always modified
				header('Pragma: no-cache');
				header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
				header("Content-length: ".$row['size']);
				if( isset($_GET['download']) ) header("Content-disposition: attachment; filename=\"".$row['filename']."\"");
				else header("Content-disposition: inline; filename=\"".$row['filename']."\"");
				header("Content-type: ".$row['filetype']);
				header("Content-Transfer-Encoding: binary");
				header('Pragma: public');
				echo $row['data'];
			}else {
				if( $row2['access']=="aegee" && !(isset($_SESSION['access_user']) && $_SESSION['access_user']) ) {
					// should log in to see this file
					header("location: ".$_SERVER['PHP_SELF']."?login");
					exit();
				}else {
					// No access
					header("Status: 403");
					echo "Access denied";
				}
			}
		}else {
			// Zombie file (no info item linked to it)
			header("Status: 404");
			echo "File not found";
		}
	}else {
		// File not found
		header("Status: 404");
		echo "File not found";
	}

	page_footer(true);
?>