dwills898 wrote:YES! that is exactly what I was thinking, scan the file to see if it came from my site, more info on that would be greatly appreciated!!
Don
So most(all?) file types have a file header which tells programs how to interpret what kind of content it is reading. Normally it is the first 50+ bytes of data. So you read in the uploaded file, and perform byte manipulation on it BASED on the file type (since each will have a different header).
For an example, lets use a .bmp file. I know this doesn't pertain to you, but you should get the idea and know how to do this once I finish explaining. So the user uploads a .bmp file (
Tutorial). In this tutorial you save the contents of the file in the $content variable:
Code: Select all
$content = fread($fp, filesize($tmpName));
Now that you have the contents, you want to edit a specific byte that you can check later to see if this file came from your website. So you need to look at the header format of a .bmp file, found using google,
Here. As you can see in the header, bytes 2-5 (size of BMP file in bytes (unreliable)) is listed as unreliable 1, and is most likely not used to read a file anyway. So we will change these bytes to whatever we want. Say you want to make your .bmp signature (the thing you can later check to see if it is from your site) byte 4 = "N" and byte 5 = "O". So changing the content is now simple:
Code: Select all
$content[4] = "N";
$content[5] = "O";
Then you proceed to save the content to your database or as a .bmp somewhere on your server. The encryption is done. Next time someone uploads a .bmp you check if $content[4] == "N" and $content[5] == "O", if so, don't allow them to upload it.
Also, some headers may not have a suitable byte for you to change, in this case, you can probably change the first 2-4 bytes of data, or last 2-4 bytes of data without it causing much damage to the file. In the case of a .bmp, the first 2 bytes of data are bytes 54 and 55, and the last two would be the strlen($content)-2 and strlen($content)-1.
So now to your situation. To make this work for a pdf, search for the format of a pdf header, figure out what bytes in the header you want to change, or where the actual page data starts (if there are no available bytes to change in the header), change a byte, or two, or four, to whatever you want to later check, save the file, and you should be good to go. Hope this helps. Shout if you need more clarification.