<?
require_once("includes/include.php");
if ((!isset($_SESSION['uid'])) || ($_SESSION['uid']=='')) {
header("Location: login");
}
$uid=$_SESSION['uid'];
$utype=$_SESSION["utype"];
$id=$_GET['id'];
$db=new database();
$count=0;
if($utype=='Client'){
$db->query("SELECT * FROM `users_accts` WHERE `uid` = '$uid' ");
$row=$db->get_row();
$FileCompanyID=$row['CompanyID'];
$db->query("SELECT * FROM `files` WHERE FileID='$id' AND FileCompanyID='$FileCompanyID'");
$count=$db->count_rows();

}elseif($utype=='Consultant'){ 
$db->query("SELECT * FROM `consultant_companies` WHERE `cuid` = '$uid' GROUP BY `ccomid`");
$where=' AND FileCompanyID IN (';
while($row=$db->get_row()){
$where.= $row['ccomid'].",";    
}	
$where = substr($where, 0, -1).")";	
$db->query("SELECT * FROM `files` WHERE FileID='$id' $where");
$count=$db->count_rows();
}elseif($utype=='Admin'){
$db->query("SELECT * FROM `files` WHERE FileID='$id'");
$count=$db->count_rows();
}

if($count>0) {
$row=$db->get_row();
function DownloadFile($file) { // $file = include path
        if(file_exists($file)) {
            header('Content-Description: File Transfer');
            header('Content-Type: application/octet-stream');
            header('Content-Disposition: attachment; filename='.basename($file)); 

            header('Content-Transfer-Encoding: binary');

            header('Expires: 0');
            header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
            header('Pragma: public');
            header('Content-Length: ' . filesize($file));
            ob_clean();
            flush();
            readfile($file);
            exit;
        } else {
        	echo 'file not found.';
        }
}
DownloadFile("Intranet_Files/".$row['FileLoc']);		
}else{
print 'Error';
}
?>