} else {
// make sure the custom ID of the file matches the journal ID
if ($customid != $journalid) {
$_SESSION["error"]["message"][] = "Error: File customid and journal ID do not match";
} else {
// make sure the journal entry belongs to a user
$userid = sql_get_singlevalue("SELECT customid as value FROM journal WHERE journalname='users' AND id='{$journalid}'");
if (!$userid) {
$_SESSION["error"]["message"][] = "Unable to match the provided journal entry to a user journal.";
}
}
}
/*
Produce output - either output request file content,
or take the user to a message page to view errors.
*/
if ($_SESSION["error"]["message"]) {
header("Location: ../index.php?page=message.php");
exit(0);
} else {
// output file data
$file_obj = new file_storage();
$file_obj->id = $fileid;
$file_obj->load_data();
$file_obj->filedata_render();
}
} else {
error_render_noperms();
header("Location: ../index.php?page=message.php");
exit(0);
}