Background:
I built a multi tenant app to store and organize basic data. sort of like an inventory. one of the features is being able to "attach" file(s) to each entry. Office docs, pdf's, or images.
I have chosen to store the data in the database because it keeps 100% of the tenants data in a single place. This makes it alot easier when dealing with several hundred tenants, especially when it comes to load balancing between servers. I can easily bounce them to another server without worrying about file path to their attachments. yes, I can get around that but I chose not to
so here is my problem... I can upload and download ANY PDF file with no issues at all... but ANY other filetype (have tried, bmp, jpg, jpeg, gif, doc and xls) are corrupted on when you download them and you cant open them.
Here is my code:
Upload form:
Code: Select all
<form action="<?php echo edit_query();?>" method="post" enctype="multipart/form-data">
<table width="97%" align="center" border="0" cellpadding="1" cellspacing="1" class="box">
<tr><td align="right"
<tr><td align="left">
<input type="hidden" name="i" value="<?php echo $bbid;?>" />
<input type="hidden" name="MAX_FILE_SIZE" value="6000000">
<input name="userfile" type="file" id="userfile">
<input name="upload" type="submit" class="box" id="upload" value=" Upload ">
</td></tr>
</table>
</form>
Code: Select all
if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0){
if(validate_upload($_FILES['userfile'])){
$bid = sanitize($_POST['i']);
$fileName = addslashes($_FILES['userfile']['name']);
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
$sql = "INSERT INTO files (file_name, file_size, file_type, file_content, bb_id, tenant_id) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$content',$bid,".TENANT_ID.")";
$check = $db->Execute("SELECT bb_tenant_id FROM bb WHERE bb_id = ".$bid);
if($check->fields['bb_tenant_id'] == TENANT_ID){
if($db->Execute($sql)){
$success = "File $fileName uploaded<br>";
}else{
$error = "Could not process file";
}
}else{
$error = "Error uploading file, Please try again.";
}
}else{
$error .= "Could not upload file, Files may only be .jpg, .gif, .tif, .pdf, .doc, .xls or .csv.";
}
}
Download code:
Code: Select all
if(isset($_GET['d']) && $_GET['d'] != ''){
$fid = sanitize($_GET['d']);
$files = $db->Execute("SELECT * FROM files WHERE file_id = $fid AND tenant_id = ".TENANT_ID);
if($files->RecordCount() == 1){
$size = $files->fields['file_size'];
$type = $files->fields['file_type'];
$name = $files->fields['file_name'];
$content = $files->fields['file_content'];
ob_start();
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-Type: $type;");
header("Content-Disposition: attachment; filename=\"".$name."\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".$size);
echo $content;
}else{
$error = "File not found";
}
}
Some other ideas I found suggested that whitespace is being added to the file output. I have removed all the whitespace I could find in the file as well as all included files. Still get nothing but corrupted files on download.
MySQL table structure: