Further to my recent formless multi-threaded C# application blog post I’ve just implemented a simple MD5 hashing system to ensure that files are uploaded without the contents being changed. I’ve created a new method in my File Uploader class to calculate the MD5 hash of the files I’m uploading. You wouldn’t want to do this on the fly for larger files because of the time taken but the XML files I’m dealing with are less than 2kb in size so it’s not an issue. Here’s the MD5 method for my uploader class.
private string md5Hash
{
get
{
using (var md5 = MD5.Create())
{
using (var stream = File.OpenRead(WebExtensionsService.XMLFolder + "\\" + this.Filename))
{
byte[] md5_bytes=md5.ComputeHash(stream);
return BitConverter.ToString(md5_bytes).Replace("-","");
}
}
}
}
Note that you need to convert the byte stream to a string and you’re going to have to strip out all the “-” characters to make the MD5 string look normal.
Once I had the MD5 hash I simply appended it to the URL I’m uploading the file to. Like this:
byte[] byte_response = wClient.UploadFile(WebExtensionsService.UploadLocation+"?md5="+md5, "POST", WebExtensionsService.XMLFolder + "\\" + this.Filename);
The final step is to calculate the MD5 of the uploaded file in PHP and then compare this with the passed MD5 hash. I do this in the code below as well as a couple of other checks to make sure the file is of the correct type and isn’t too big.
if (isset($_GET['md5']))
{
$md5=$_GET['md5'];
}
else
{
echo "Error : No md5 hash";
die();
}
if (substr($_FILES["file"]["name"],strlen($_FILES["file"]["name"])-4)=="xml")
{
echo "Error : Invalid file type";
die();
}
if ($_FILES["file"]["size"]/1024>1000)
{
echo "Error : File too large";
die();
}
$tmp_name=$_FILES["file"]["tmp_name"];
$calculated_md5=md5_file($tmp_name);
if (strtoupper($md5)!=strtoupper($calculated_md5))
{
echo "Error : MD5 File Hash Mismatch";
die();
}