$chapid=0;
if (isset($_GET['id']))
{
  $chapid_unsafe=$_GET['id'];
  if ((strlen($chapid_unsafe)<4)and(is_numeric($chapid_unsafe)))
  {
    $chapid_int=intval($chapid_unsafe);
    if ($chapid_int>0)
      $chapid=$chapid_int;
  }
}
$db = 'sax';
$dbuser = 'sax';
$dbpass = 'B6veYUhpEpxb3CRF';
$dbhost = 'localhost';
$dblink=mysqli_connect($dbhost,$dbuser,$dbpass) or die("could not connect");
mysqli_select_db($dblink, "$db") or die("could not open database");
$query = "SELECT pdf,pub,free,chapter FROM chapters WHERE id=$chapid";
$cresult = mysqli_query($dblink, $query);
$nrows = mysqli_num_rows($cresult);

function rand_string($len, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')
{
    $string = '';
    $max = strlen($chars) - 1;
    for ($i = 0; $i < $len; $i++)
    {
        $pos = random_int(0, $max);
        $string .= $chars[$pos];
    }
    return $string;
}

if ($nrows==0)
{
  echo "An error has occurred. This chapter ($chapid) does not exist. Please contact webmaster@ctresources.info (error 01)\n";
  mysqli_free_result($cresult);
  mysqli_close($dblink);
  exit();
}
else
{
  $crow = mysqli_fetch_object($cresult);
  if ($crow->pdf!=1)
  {
  	echo "An error has occurred. This chapter ($chapid) is not available as PDF. Please contact webmaster@ctresources.info (error 02)\n";
  	mysqli_free_result($cresult);
  	mysqli_close($dblink);
  	exit();
  }
  if ($crow->free!=1)
  {
  	if (!isset($_SESSION['ctr_CSETS']))
  	{
  		echo "An error has occurred. This chapter ($chapid) is not free. Please contact webmaster@ctresources.info (error 03)\n";
  		mysqli_free_result($cresult);
  		mysqli_close($dblink);
  		exit();
  	}
  	else if (!$_SESSION['ctr_CSETS'])
  	{
  		echo "An error has occurred. This chapter ($chapid) is not covered by your subscription. Please contact webmaster@ctresources.info (error 04)\n";
  		mysqli_free_result($cresult);
  		mysqli_close($dblink);
  		exit();
  	}
  	$auth=rand_string(16);
  }
  else
  	$auth="csets.".$chapid;

  $pubid=$crow->pub;
  $query = "SELECT isbn FROM pubs WHERE id=$pubid";
  $result = mysqli_query($dblink, $query);
  $row = mysqli_fetch_object($result);

  // making the PDF available

  $downloadloc="/var/www/vhosts/ctresources.info/httpdocs/csets/download/".$auth.".pdf";
  while (($crow->free!=1)&&(file_exists($downloadloc)))
  {
  	$auth=rand_string(16);
  	$downloadloc="/var/www/vhosts/ctresources.info/httpdocs/csets/download/".$auth.".pdf";
  }
  $origloc="/var/www/vhosts/ctresources.info/csets_pdfs/".$row->isbn."/".$crow->chapter.".pdf";
  if (!file_exists($origloc))
  {
  	echo "An error has occurred. This chapter ($chapid) is not available as PDF. Please contact webmaster@ctresources.info (error 04)\n";
  	mysqli_free_result($result);
  	mysqli_free_result($cresult);
  	mysqli_close($dblink);
  	exit();
  }
  if(!file_exists($downloadloc))
  {
	if (!symlink($origloc,$downloadloc))
	{
		if ($crow->free!=1)
		{
			echo "An error has occurred. This chapter ($chapid) is not available as PDF. Please contact webmaster@ctresources.info (error 05)<p>\n";
			//echo "symlink($origloc,$downloadloc) failed\n";
			mysqli_free_result($result);
			mysqli_free_result($cresult);
			mysqli_close($dblink);
			exit();
		}
	}
  }
  mysqli_free_result($result);
  mysqli_free_result($cresult);
  mysqli_close($dblink);

  ##logging
  if (isset($_SESSION['ctr_CSETS']) && ($_SESSION['ctr_CSETS']))
  {
	  $idate = date("Y-m-d H:i:s");
  	  $db = 'ctresources';
	  $dbuser = 'ctresources.info';
	  $dbpass = 'B6veYUhpEpxb3CRF';
	  $dbhost = 'localhost';
	  $dblink=mysqli_connect($dbhost,$dbuser,$dbpass) or die("could not connect");
	  mysqli_select_db($dblink, "$db") or die("could not open database");
	  $query="INSERT accesslog SET subtype='".$_SESSION['ctr_subs_type']."',";
	  $query.="subid='".$_SESSION['ctr_id']."',";
	  $query.="ip='".$_SERVER['REMOTE_ADDR']."',";
	  $query.="series='CSETS',artid='$chapid',dt=\"$idate\",link='$auth'";
	  $result=mysqli_query($dblink, $query);
	  ##echo "<pre>$query</pre>";
  }
  else
   {
	  $idate = date("Y-m-d H:i:s");
  	  $db = 'ctresources';
	  $dbuser = 'ctresources.info';
	  $dbpass = 'B6veYUhpEpxb3CRF';
	  $dbhost = 'localhost';
	  $dblink=mysqli_connect($dbhost,$dbuser,$dbpass) or die("could not connect");
	  mysqli_select_db($dblink, "$db") or die("could not open database");
	  $query="INSERT accesslog SET subtype='free',";
	  $query.="ip='".$_SERVER['REMOTE_ADDR']."',";
	  $query.="series='CSETS',artid='$chapid',dt=\"$idate\",link='$auth'";
	  $result=mysqli_query($dblink, $query);
  }

  header("Location: http://www.ctresources.info/csets/download/$auth.pdf");
}

?>