<%@ LANGUAGE="VBSCRIPT" %> <% PageStrings = "18, 33, 55, 56, 60, 75, 76, 80, 81, 82, 91, 92, 233, 301, 304, 305, 643, 644, 645, 646, 647, 653, 825, 836, 1012, 1185" '----------------------------------------------- 'We do this because if we write out the security message, 'the file sent to the browser will be incorrect. But you 'really should be fixing those security problems anyway... '----------------------------------------------- blnSkipSecurityMessage = true %> <% '=============================================== ' CactuShop ASP Shopping Cart ' ©1999-2004 Cactusoft Ltd. www.cactusoft.com '=============================================== ' All rights reserved. ' Use of this code is covered by the terms and ' conditions in the license agreement. No ' unauthorized duplication or distribution is ' permitted. Cactusoft's copyright notices must ' remain in the ASP sections of the code. '=============================================== '----------------------------------------------- 'DOWNLOAD AN ORDER 'This streams the downloaded order to the browser 'window. '----------------------------------------------- '----------------------------------------------- 'GET V_ID '----------------------------------------------- V_ID = Request.QueryString("V_ID") If Not isnumeric(V_ID) or V_ID = "" Then V_ID = "0" '----------------------------------------------- 'PULL OUT PRODUCTS/PRODTYPES FROM DATABASE '----------------------------------------------- If IsNumeric(ON_ID) then 'Get the download information, ensuring they have security, the file is downloaded, 'and it is available strQuery = "SELECT P_Name" & numLanguageID & ", V_Name" & numLanguageID & ", V_DownLoadInfo, V_DownloadType FROM ((tblCactuShopVersions INNER JOIN tblCactuShopInvoiceRows ON tblCactuShopVersions.V_CodeNumber = tblCactuShopInvoiceRows.IR_VersionCode) INNER JOIN tblCactuShopOrderNumbers ON tblCactuShopInvoiceRows.IR_OrderNumber = tblCactuShopOrderNumbers.ON_ID) INNER JOIN tblCactuShopProducts ON tblCactuShopVersions.V_Product = tblCactuShopProducts.P_ID WHERE ON_CardholderID = " & DB_CD_ID & " AND ON_Sent = 'y' AND" If Not Application(LICENSENUMBER & "instantdownload") = "y" Then strQuery = strQuery & " ON_Shipped = 'y' AND" If Not Application(LICENSENUMBER & "downloadlimitdays") = 0 Then strQuery = strQuery & " ON_Date >= " & strDateDelimiter & ReverseFormatYear(DateAdd("d", -Application(LICENSENUMBER & "downloadlimitdays"), now)) & strDateDelimiter & " AND" strQuery = strQuery & " V_DownLoadType <> 'n' and V_DownloadType <> 'f' AND V_DownloadInfo <> '' AND V_ID = " & SQLSafe(V_ID) Call ExecuteSQL(strQuery, numCursorType, objRecordSet) If not (objRecordSet.BOF and objRecordSet.EOF) then '----------------------------------------------- 'GET THE FILE LOCATION '----------------------------------------------- 'Get the details, then close recordset V_DownloadInfo = objREcordSet("V_DownloadInfo") V_DownloadType = objRecordSet("V_DownloadType") strFileName = FileNameSafe(objRecordSet("P_Name" & numLanguageID) & "_" & objRecordSet("V_Name" & numLanguageID)) objRecordSet.Close 'Get the file name, depending on the type of 'file download it is If V_DownloadType = "l" then 'It's a link, so just use the info strPathToFile = Server.MapPath(V_DownLoadInfo) 'Get the extension to add on to the file name intLastDot = instrrev(strPathToFile, ".") If intLastDot > 0 then strFileName = strFileName & "." & mid(strPathToFile, intLastDot + 1) Else 'Otherwise it's an uploaded file - so the 'file name is uploaddir/ID_Random.Ext Dim aryDownloadInfo aryDownloadInfo = split(V_DownloadInfo, "|") strPathToFile = Server.MapPath(Application(LICENSENUMBER & "uploadsfolder") & "files_versions/") & "\" & V_ID & "_" & aryDownloadInfo(1) & "." & aryDownloadInfo(0) strFileName = strFileName & "." & aryDownloadInfo(0) End If '----------------------------------------------- '----------------------------------------------- 'CHECK FILE EXISTS '----------------------------------------------- Set objFSO = CreateObject("Scripting.FileSystemObject") If objFSO.FileExists(strPathToFile) then set objFSO = nothing '----------------------------------------------- 'START THE FILE 'Set up the header information '----------------------------------------------- Response.AddHeader "Content-Disposition", "attachment; filename=" & strFileName & "; name=" & strFileName Response.ContentType = "application/octet-stream" '----------------------------------------------- '----------------------------------------------- 'WRITE OUT THE FILE CONTENTS '----------------------------------------------- Set objStream = CreateObject("ADODB.Stream") objStream.Open objStream.Type = 1 'This sets the read type to binary objStream.LoadFromFile strPathToFile '----------------------------------------------- 'WRITE OUT THE FILE TO THE BROWSER '----------------------------------------------- 'Set the length of the file so the progress bar 'on the browser works correctly Response.AddHeader "Content-Length", objStream.Size response.BinaryWrite objStream.Read(-1) objStream.Close Set objStream = nothing Else 'File doesn't exist - redirect to error page set objFSO = nothing response.Redirect("error.asp?id=2") End If '----------------------------------------------- else 'They've tried to cheat somewhere objRecordSet.Close response.Redirect("customer_showorder.asp") End if end if '----------------------------------------------- 'CLOSE DATA CONNECTIONS '----------------------------------------------- objDataConn.Close set objDataConn = nothing %>