<?php
header('Cache-Control: no-cache');
header('Pragma: no-cache');

class_exists('Configuration') || include('include/Configuration.class.php');
class_exists('SFLUser') || include('include/User.class.php');

$config = new Configuration();
$directory = $config->Urls['circle_dir'];
$location = $directory . '/' . $_REQUEST['q'];

$registrant = SFLUser::GetRegistrantFromCookies();
if(!$registrant)
{
	header('Location: ../login.php?r=' . urlencode($location));
	exit;
}

// Test several things about the location to prevent someone from abusing this.
// 1) It exists.
// 2) It is not a PHP file.
// 3) It is in the correct directory.
$valid = false;
if(file_exists($location))
{
	$pathinfo = pathinfo($location);
	$ext = strtolower($pathinfo['extension']);
	$parts = explode('/', $pathinfo['dirname']);
	$dir = strtolower($parts[count($parts)-1]);
	if($ext != 'php' && $dir = $directory)
		$valid = true;
}

if(!$valid)
{
	header('HTTP/1.0 404 Not Found');
	header('Status: 404 Not Found');
	echo("404 Not Found: $location");
	exit;
}

readfile($location);
exit;
?>