<% @Language=VBScript %>
<!-- METADATA TYPE="typelib" UUID="00000205-0000-0010-8000-00AA006D2EA4" NAME="ADODB Type Library" -->
<%
' PHOTO_DOWNLOAD.ASP
'   Developed By: J.P. Wilson
'   Last Modified: 9/29/2006
'   Purpose:
'	  This code can be passed parameters (GET) from an anchor and will
'     retrieve a file for download.  This allows for all filetypes to
'     be prompted for download as well as the ability to download files
'     stored in secure directories.  Certain filetypes are restricted.
Dim objStream, strFilePath, strFileName, strFileExt, strFileSize, strFileType, strContentType
'-- Where the files are located
strFilePath = Server.MapPath("/images/photos/")
strFileName = Request.QueryString("fid")
If Not strFileName <> "" Then
	Response.Redirect "error.asp?msg=1"
Else
	'-- JPW 9/14/2007 Replacing potential problematic chars
	strFileName = Replace(Replace(strFileName, "'", "&#39;"), " ", "+")
	'-- Check forbidden file extensions, assign others
	strFileExt = Mid(strFileName, InStrRev(strFileName, ".") + 1)
	Select Case UCase(strFileExt)
		Case "ASP", "ASPX", "CONFIG", "FLA", "JS", "MDB", "PHP", "SWF", "HTM", "HTML", "CSS", "INC"
			'-- JPW 9/14/2007 Moved htm, html, css, and inc to restricted list
			Response.Write "You cannot access these file types."
			Response.End
		Case "JPG", "JPEG"
			strFileType = adTypeBinary
			strContentType = "image/jpeg"
		Case "GIF"
			strFileType = adTypeBinary
			strContentType = "image/gif"
		Case "ZIP"
			strFileType = adTypeText
			strContentType = "application/zip"
		Case "RTF"
			strFileType = adTypeText
			strContentType = "application/rtf"
		Case "DOC"
			strFileType = adTypeText
			strContentType = "application/msword"
		Case "PDF"
			strFileType = adTypeText
			strContentType = "application/pdf"
		'Case "HTM", "HTML"
		'	strFileType = adTypeText
		'	strContentType = "text/html"
		Case Else
			strFileType = adTypeBinary
			strContentType = "application/octet-stream"
	End Select
	Set objStream = Server.CreateObject("ADODB.Stream")
	objStream.Type = strFileType
	objStream.Open
	objStream.LoadFromFile(strFilePath & "/" & strFileName)
	Response.Clear
	Response.Buffer = True
	Response.AddHeader "Content-Disposition", "attachment; filename=" & strFileName
	'Response.AddHeader "Content-Length", Len(strFileSize)
	If strFileType = 2 Then
		Response.Charset = "UTF-8"
	End If
	Response.ContentType = strContentType
	If strFileType = 2 Then
		While Not objStream.EOS
			Response.BinaryWrite objStream.ReadText()
		Wend
	Else
		While Not objStream.EOS
			Response.BinaryWrite objStream.Read()
		Wend
	End If
	objStream.Close
	Set objStream = Nothing
	Response.Flush
	Response.End
End If
%>