0

I am having trouble debugging a php script that I use for downloading .pdf files. The script works fine for one user but doesn't work for another giving blank page. What I am pretty sure is:

  1. the part responsible for downloading works fine for both users
  2. The query works fine and gets correct data from the serwer
  3. All of the files are in the same directory (and as I already wrote it works perfectly for the first user)

Please give me a hint on where the bug might be or how to find it.

Thanks so much in advance.

Here's my code:

.htacces :

<Directory /faktury/>
Order deny,allow
Deny from all
</Directory>

html :

<form action="downloadfv.php" method="post">
<input type="text" name="fv" id="fv" value="$rowvariable" hidden />
<button type="submit"">Download</button>
</form>

downloadfv.php :

<?php

session_start();

    if(!isset($_SESSION['zalogowany']))
    {
        header('Location: logowanie.php');
        exit();     
    }

require_once "connect.php";
mysqli_report(MYSQLI_REPORT_STRICT);

$polaczenie = new mysqli($host, $db_user, $db_password, $db_name);
mysqli_query($polaczenie, "SET CHARSET utf8");
mysqli_query($polaczenie, "SET NAMES `utf8` COLLATE `utf8_polish_ci`");

if (mysqli_connect_errno())
{
    echo "Could not connect to server" . mysqli_connect_error();
}   

$idogloszenia = htmlspecialchars($_POST['fv'], ENT_QUOTES,'UTF-8');
$sql = "SELECT * FROM faktury WHERE user='{$_SESSION['user']}' AND idogloszenia = '$idogloszenia' ORDER BY idogloszenia DESC LIMIT 1";
$result = $polaczenie->query($sql); 


if ($result->num_rows > 0) {

    while($row = $result->fetch_assoc()) {



        $file = "./faktury/".$row["nazwapdf"].".pdf";

        if (file_exists($file)) {


        header('Content-Description: File Transfer');
        header('Content-Type: application/pdf');
        header('Content-Disposition: attachment; filename="'.basename($file).'"');
        header('Expires: 0');
        header('Cache-Control: must-revalidate');
        header('Pragma: public');
        header('Content-Length: ' . filesize($file));
        ob_clean();
        flush();
        readfile($file);
        exit;
        }
    }   
    } else {
        echo " <div class='itemsname'>
                <span style='padding:10px; font-size:90%'><u>No invoice available.</u></span>
            </div>";
    }

    $polaczenie->close();
?>
Pnow
  • 23
  • 6
  • 1
    For the other user do they get a 500? I'd start with the error log, and/or connecting as the other user and reproduce the bug. – chris85 Apr 17 '18 at 17:00
  • No. I don’t get a 500. The download starts as it should. I can reproduce the bug everytime I use the second login. – Pnow Apr 17 '18 at 17:03
  • Is the bug an empty white page with nothing right? if so, check your error logs as @chris85 said – Spoody Apr 17 '18 at 17:03
  • Okay, so go through the script and find out which condition results in the blank page. – chris85 Apr 17 '18 at 17:04
  • Also.. **Your code is vulnerable to SQL injection and will be hacked** even if [you are escaping inputs!](https://stackoverflow.com/a/5741264/2595450) Use [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. Check: [How can I prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Spoody Apr 17 '18 at 17:04

1 Answers1

0

The script works fine. The bug was inside my test database. It ocurred that I've had duplicated rows with similar data in them and the query selected wrong rows.

So the script can be used although as @mehdi pointed out it is not secure.

Thank you @chris85 for your hints.

Pnow
  • 23
  • 6