<%@ CodePage=65001 Language="VBScript"%>
<% Option Explicit %>
<!-- #include file="../includes/include.asp"-->
<!-- #include file="../includes/include-albums.asp"-->
<% sBBSLangPage = "albums"
   dictconfiguration.item("bDISABLEONLINETRACKING") = 1
   BBS.SetupBBS

   ' Check for permission
   if not(BBS.HasPermission(PERM_ViewBBS, -1)) then response.redirect sBBSForumRoot & "/images/restricted-photo.gif"
   if not(BBS.HasPermission(PERM_AlbumView, -1)) then response.redirect sBBSForumRoot & "/images/restricted-photo.gif"

   if dictConfiguration("bDISABLEOFFSITELINKING") = 1 then
     if not(BBS.IsValidReferer) then response.redirect sBBSForumRoot & "/images/restricted-picture.gif"
   end if

  dim iPhotoID, picturename, iExtension, namelen, FSOImage


  iPhotoID = request.querystring("photoid")
  set FSOImage = server.CreateObject("Scripting.FilesystemObject")

  response.expires = 360000
  if ucase(sBBSDatabaseType) = "MYSQL" Then
    rsMaster.CursorLocation   = adUseClient
  end if
  rsMaster.open "select picture, filename, fullfile, photoid, fileguid from photos where photoid=" & BBS.ValidateNumeric(iPhotoID), dbconnection, adOpenStatic, adLockReadonly

  if not(rsMaster.EOF) then

    PictureName = rsMaster.fields("filename").value
    namelen = len(PictureName)
    Response.AddHeader "Content-Disposition", "attachment; filename=" & PictureName

    iExtension = namelen-instrrev(PictureName, ".")

    if lcase(right(PictureName, iExtension)) = "jpg" or lcase(right(PictureName, iExtension)) = "jpeg" then
        Response.ContentType = "image/jpeg"
    elseif lcase(right(PictureName, iExtension)) = "gif" then
        Response.ContentType = "image/gif"
    elseif lcase(right(PictureName, iExtension)) = "png" then
        Response.ContentType = "image/png"
    elseif lcase(right(PictureName, iExtension)) = "bmp" then
        Response.ContentType = "image/bmp"
    else
        Response.ContentType = "application/octet-stream"
    end if

    ' Stream file back out to the browser
    ' Either it is in the filesystem, or it is in the database
    if rsMaster.fields("fullfile") = 1 then
      if FSOImage.FileExists(server.mappath(sBBSForumRoot & "/photos/uploads/" & rsMaster.fields("photoid").value & "f." & BBS.GetExtension(rsMaster.fields("filename").value))) Then
        WriteFile(rsMaster.fields("photoid").value & "f." & BBS.GetExtension(rsMaster.fields("filename").value))
      else
        WriteFile(rsMaster.fields("fileguid").value)
      end if
    else
      Response.BinaryWrite rsMaster.fields("picture").value
    end if
  end if

  rsMaster.Close
  if ucase(sBBSDatabaseType) = "MYSQL" Then
    rsMaster.CursorLocation   = adUseServer
  end if


   sub WriteFile(byval sFileName)
     ' DESCRIPTION : Writes a file to the browser while reading it from the filesystem
     ' INPUTS      : An attachment filename

     Dim objStream, sFullFile
     Set objStream = Server.CreateObject("ADODB.Stream")

     ' Filter parent paths (just in case..)
     sFullFile = Server.MapPath(sBBSForumRoot & "/photos/uploads/") & "/" & sFileName
     'response.write sFullFile
     'response.flush
     'response.end

     objStream.Open
     objStream.Type = 1

     'on error resume next
       objStream.LoadFromFile(sFullFile)
       Response.BinaryWrite(objStream.Read)
       objStream.Close
     'on error goto 0

     Set objStream = Nothing
   end sub
%>