pdf upload

[batstanggt]

Hey Im trying to upload a pdf file into a blob in a database. This script worked to insert images and I made a few minor changes so that it could do the same for pdf files. Only when i run the script in a browser it says error unknown file format. I dont understand this because I do list pdf as a valid file format. The txt and the doc possible file uploads are just there to take up spots where jpeg and gif were in the picture script i have no intention of actually uploading those. The file i tested was yes a pdf so that cant be the issue. Heres the script.

<?php
$db_host = 'localhost'; // don't forget to change 
$db_user = 'root'; 
$db_pwd = 'dbpassword';
$database = 'mydbname';
$table = 'lit_gallery';
// use the same name as SQL table
$password = '123';
// simple upload restriction,
// to disallow uploading to everyone
if (!mysql_connect($db_host, $db_user, $db_pwd))    
die("Can't connect to database");
if (!mysql_select_db($database))    
die("Can't select database");
// This function makes usage of
// $_GET, $_POST, etc... variables
// completly safe in SQL queries
function sql_safe($s){    
if (get_magic_quotes_gpc())        $s = stripslashes($s);    
return mysql_real_escape_string($s);}
// If user pressed submit in one of the forms
if ($_SERVER['REQUEST_METHOD'] == 'POST'){    
// cleaning title field    
$title = trim(sql_safe($_POST['title']));
if ($title == '') 
// if title is not set        
$title = '(empty title)';
// use (empty title) string    
if ($_POST['password'] != $password)// cheking passwors        
$msg = 'Error: wrong upload password';
else    {        
if (isset($_FILES['book']))        {            @list(, , $ftype, ) = getimagesize($_FILES['book']['tmp_name']);            
// Get file type.
// We use @ to omit errors
if ($ftype == 3) 
// cheking image type
$ext="pdf";   
// to use it later in HTTP header
elseif ($ftype == 2)                $ext="txt";            
elseif ($imtype == 1)                $ext="doc";            
else                $msg = 'Error: unknown file format';            
if (!isset($msg)) 
// If there was no error
{                $data = file_get_contents($_FILES['book']['tmp_name']);
$data = mysql_real_escape_string($data);
// Preparing data to be used in MySQL query                
mysql_query("INSERT INTO {$table}                                SET ext='$ext', title='$title',                                    data='$data'");
$msg = 'Success: pdf uploaded';
}
}
elseif (isset($_GET['title']))      // isset(..title) needed
$msg = 'Error: file not loaded';
// to make sure we've using
// upload form, not form
// for deletion
if (isset($_POST['del'])) 
// If used selected some photo to delete        
{                         
// in 'uploaded images form'
$id = intval($_POST['del']);
mysql_query("DELETE FROM {$table} WHERE id=$id");
$msg = 'Book deleted';
}    
}
}
elseif (isset($_GET['show'])){    $id = intval($_GET['show']);
$result = mysql_query("SELECT ext, UNIX_TIMESTAMP(book_time), data                             FROM {$table}                            WHERE id=$id LIMIT 1");
if (mysql_num_rows($result) == 0)        die('no image');
    list($ext, $book_time, $data) = mysql_fetch_row($result);    $send_304 = false;    if (php_sapi_name() == 'apache') {
// if our web server is apache
// we get check HTTP        
// If-Modified-Since header
// and do not send image        
// if there is a cached version
$ar = apache_request_headers();
if (isset($ar['If-Modified-Since']) && 
// If-Modified-Since should exists            
($ar['If-Modified-Since'] != '') && 
// not empty            
(strtotime($ar['If-Modified-Since']) >= $book_time)) 
// and grater than            
$send_304 = true;                                     
// image_time    
}    
if ($send_304)    {        
// Sending 304 response to browser        
// "Browser, your cached version of image is OK        
// we're not sending anything new to you"        
header('Last-Modified: '.gmdate('D, d M Y H:i:s', $ts).' GMT', true, 304);        
exit(); 
// bye-bye    
}    
// outputing Last-Modified header    
header('Last-Modified: '.gmdate('D, d M Y H:i:s', $book_time).' GMT',            true, 200);    // Set expiration time +1 year    
// We do not have any photo re-uploading  
// so, browser may cache this photo for quite a long time    
header('Expires: '.gmdate('D, d M Y H:i:s',  $book_time + 86400*365).' GMT',            true, 200);    
// outputing HTTP headers    
header('Content-Length: '.strlen($data));    
header("Content-type: application/{$ext}");    
// outputing book    
echo $data;    
exit();
}
?>
<head>
<title>MySQL Blob Image Gallery Example</title>
<link rel="stylesheet" type="text/css" href="test.css"/>
</head>
<html>
<body>
<?php
if (isset($msg)) 
// this is special section for
// outputing message
{
?>
    <p style="font-weight: bold;"><?=$msg?><br><a href="<?=$PHP_SELF?>">reload page</a><!-- I've added reloading link, because     refreshing POST queries is not good idea --></p>
    <?php
    }
?>
    <h1>Blob image gallery</h1>
    <h2>Uploaded images:</h2>
    <form action="<?=$PHP_SELF?>" method="post">
    <!-- This form is used for image deletion -->
    <?php
    $result = mysql_query("SELECT id, book_time, title FROM {$table} ORDER BY id DESC");
if (mysql_num_rows($result) == 0) 
// table is empty    
echo '<ul><li>No images loaded</li></ul>';
else{    
echo '<ul>';    
while(list($id, $book_time, $title) = mysql_fetch_row($result))    {        
// outputing list        
echo "<li><input type='radio' name='del' value='{$id}'>";        
echo "<a href='{$PHP_SELF}?show={$id}'>{$title}</a> – ";        
echo "<small>{$book_time}</small></li>";    
}    
echo '</ul>';    
echo '<label for="password">Password:</label><br>';    
echo '<input type="password" name="password" id="password"><br><br>';    
echo '<input type="submit" value="Delete selected">';
}
?>
    <html>
    <body>
    </form><h2>Upload new image:</h2><form action="<?=$PHP_SELF?>" method="POST" enctype="multipart/form-data">
    <label for="title">Title:</label><br><input type="text" name="title" id="title" size="64"><br>
    <br>
    <label for="book">Book:</label><br><input type="file" name="book" id="book"><br>
    <br>
    <label for="password">Password:</label><br><input type="password" name="password" id="password"><br>
    <br><input type="submit" value="upload"></form>
    </body>
    </html>

 

[batstanggt]

Not bumping this thread but I just inserted ini_set("display_errors", "1");error_reporting(-1); and its telling me that I i have an undefined variable on line 148 which is "<?=$PHP_SELF?>". Just thought this may help you guys help me. I placed that code snippet at the very top of the script right after the <?php tag which Im pretty sure is the right place to put it. Any help would be great.

-SB

[darkfreaks]

it should be

$_SERVER['PHP_SELF']

[batstanggt]

Thank you for the tip but Im just curious as to why "<?=$PHP_SELF?>" works fine when I use that same script for images?

-SB

[darkfreaks]

register_globals might be turned off in your php.ini file that is why you use $_SERVER['PHP_SELF']

[batstanggt]

Tried inserting that and now im no longer getting that error about the undefined variable but its still telling me that the the file is an unknown file format.

-SB

[batstanggt]

OK so hour 5 of this bs and im still stuck. Google has nothing to offer me i need your help.

-SB