PHP Force downloading produces corrupt files

Question

First of all... I know this problem has been discussed many times before on this website and I've been reading the comments and solutions for the past hours, but nothing helped.

The code I'm posting here has been trimmed, but still includes the problem I'm facing.

I've created a small script to force a download using PHP. This is only a part of the code I'm trying to use on my website as I didn't want to spam you with too much irrelevant code, but it still includes the false output.

Everything in this code is tested with a .PNG file of 10.6KB

NOTE: The original question has been deleted since it had been solved. However, I came across another problem as I inplemented my code snippet into my website.

I created a function to download the file:

<?php
function download_file($file) 
{
    $known_mime_types=array(
        "htm" => "text/html",
        "exe" => "application/octet-stream",
        "zip" => "application/zip",
        "doc" => "application/msword",
        "jpg" => "image/jpg",
        "php" => "text/plain",
        "xls" => "application/vnd.ms-excel",
        "ppt" => "application/vnd.ms-powerpoint",
        "gif" => "image/gif",
        "pdf" => "application/pdf",
        "txt" => "text/plain",
        "html"=> "text/html",
        "png" => "image/png",
        "jpeg"=> "image/jpg"
    );  
    if(!is_readable($file)) die('<p class="error">File not found or inaccessible!</p>');

    $file_extension = strtolower(substr(strrchr($file,"."),1));
    if(array_key_exists($file_extension, $known_mime_types)){
        $mime_type=$known_mime_types[$file_extension];
    } else {
        $mime_type="application/force-download";
    };

    $fsize = filesize($file);

    header('Content-Type: ' .$mime_type);
    header('Content-Disposition: attachment; filename="'.basename($file).'"');
    header('Content-Transfer-Encoding: binary');
    header('Content-Length: '.$fsize);
    header('Accept-Ranges: bytes');
    header('Connection: Keep-Alive');
    header('Expires: 0');
    header('Pragma: public');
    header('Cache-Control:');
    readfile($file);
    exit();
}
?>

The download.php from which I call the function :

<!DOCTYPE html>
<?php
require_once 'connect.inc.php';
require_once 'core.inc.php';
require_once 'download_file.php';
?>
<html>
<head>
    <title>x3d Download</title>
    <link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
    <link rel="stylesheet" href="css/styles.css" type="text/css"/>  
    <script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
</head>
<body>
<?php
if (loggedin())
{
    include_once 'navbar_loggedin.php';
}
else 
{
    include_once 'navbar_loggedout.php';
}
?>
<div class="container" width="900px">
    <h2>Downloads</h2>
<?php
    $sql = "SELECT * FROM `files`";
    $result = mysql_query($sql);
    if (!$result)
    {
        echo '<p>No downloads available.</p>';
    }
    else 
    {
        echo '<table class="table table-hover"><tr>';
        echo '<tr><th>Filename</th>';
        echo '<th>Filetype</th>';
        echo '<th></th>';
        if (loggedin())
        {
            if (getuserlevel($_SESSION['user_id']) == 'Administrator')
            {
                echo '<th></th>';
            }
        }
        while($row = mysql_fetch_assoc($result)) 
        {
            echo '<tr><td><p>'.$row['file_name'].'</p></td>';
            echo '<td><p>'.$row['file_type'].'</p></td>';
            echo '<td><a href="download.php?download='.$row['file_id'].'"><span class="glyphicon glyphicon-download-alt" aria-hidden="true"></span></a></td>';
            if (loggedin())
            {
                if (getuserlevel($_SESSION['user_id']) == 'Administrator')
                {
                    echo '<td><a class="red" href="download.php?delete='.$row['file_id'].'"><span class="glyphicon glyphicon-remove" aria-hidden="true"></span></a></td>';
                }
            }
        } 
        echo '</tr></table>';
    }
?>
<?php
if (isset($_GET['download'])) 
{
    $sql = "SELECT `file_name` FROM `files` WHERE `file_id`='".$_GET['download']."'";
    if ($result = mysql_query($sql)) 
    {
        $row = mysql_fetch_assoc($result);
        $file = "uploads/" . $row['file_name'];
        download_file($file);
    }
}

if (isset($_GET['delete'])) 
{
    $sql = "SELECT `file_name` FROM `files` WHERE `file_id`='".$_GET['delete']."'";
    if ($result = mysql_query($sql)) 
    {
        $row = mysql_fetch_assoc($result);
    }

    if ($row['file_name'] == "")
    {
        echo '<p class="error">File does not exist.</p>';
    }
    else
    {
    $filepath = "uploads/".$row['file_name'];
    $sql = "DELETE FROM `files` WHERE `file_id`='".$_GET['delete']."'";
    if (file_exists($filepath)) 
    {
        try
        {
            if (unlink($filepath))
            {
                if ($result = mysql_query($sql))
                {
                    header('Location: download.php');
                }
            }
        }
        catch (Exception $e)
        {
            echo '<p class="error">Could not delete file.</p>';
        }
    }
    }
}
?>
</div>
</body>
</html>

The code to call the function has been tested and my sql queries do return the correct value.

The image contains a part of my html source code and the original image...

Can anyone help me out?

Answer 1

Your code is good. But what you are downloading is a fatal error, not the image:

<br />
<b>Fatal error</b>:  Call to undefined function fileread() in <b>/var/www/html/test.php</b> on line <b>18</b><br />

Change fileread($file); with readfile($file);, and it should work.

Next time you have a "corrupt file of 140 bytes", try to open it as a text file.