public ActionResult Add(Document d, HttpPostedFileBase filePath) { DocumentsOperations dops = new DocumentsOperations(); try { if (filePath != null) { if (Path.GetExtension(filePath.FileName).ToLower().Equals(".docx")) { if (filePath.ContentType == "application/vnd.openxmlformats-officedocument.wordprocessingml.document") { byte[] whitelist = new byte[] { 80, 75, 3, 4, 20, 0, 6, 0 }; byte[] inputRead = new byte[8]; filePath.InputStream.Read(inputRead, 0, 8); bool flag = true; for (int i = 0; i < 8; i++) { if (whitelist[i] != inputRead[i]) { flag = false; break; } } if (flag == true) { if (filePath.ContentLength <= (1048576 * 5)) { string absolutePath = Server.MapPath("\\UploadedDocuments\\"); string relativePath = "\\UploadedDocuments\\"; string fileName = Guid.NewGuid().ToString() + Path.GetExtension(filePath.FileName); d.FilePath = relativePath + fileName; // saves path to the image in the database filePath.InputStream.Position = 0; Stream s = new Encryption().HybridEncryptFile(filePath.InputStream, User.Identity.Name, new UsersOperations().GetUser(User.Identity.Name).PublicKey); s.Position = 0; FileStream fs = new FileStream(absolutePath + fileName, FileMode.CreateNew, FileAccess.Write); s.CopyTo(fs); fs.Close(); s.Position = 0; d.Signature = new Encryption().DigitalSign(s, new UsersOperations().GetUser(User.Identity.Name).PrivateKey); dops.AddDocument(User.Identity.Name, d); ViewData["success_message"] = "Document uploaded successfully"; ModelState.Clear(); } else { new LogsOperations().AddLog( new Log() { Controller = RouteData.Values["controller"].ToString() + "/" + RouteData.Values["action"].ToString(), Exception = "Very large document", Time = DateTime.Now, Message = "Very large document" } ); ViewData["message"] = "The document must be smaller than 5MB"; } } else { new LogsOperations().AddLog( new Log() { Controller = RouteData.Values["controller"].ToString() + "/" + RouteData.Values["action"].ToString(), Exception = "The header values were not of a Word Document", Time = DateTime.Now, Message = "Not a word document" } ); ViewData["message"] = "This is not a valid .docx file"; } } else { new LogsOperations().AddLog( new Log() { Controller = RouteData.Values["controller"].ToString() + "/" + RouteData.Values["action"].ToString(), Exception = "Content Type was not of a Word Document", Time = DateTime.Now, Message = "Not a word document" } ); ViewData["message"] = "This is not a valid .docx file"; } } else { new LogsOperations().AddLog( new Log() { Controller = RouteData.Values["controller"].ToString() + "/" + RouteData.Values["action"].ToString(), Exception = "File did not end with .docx", Time = DateTime.Now, Message = "Not a .docx file" } ); ViewData["message"] = "This file is not a document"; } } else { new LogsOperations().AddLog( new Log() { Controller = RouteData.Values["controller"].ToString() + "/" + RouteData.Values["action"].ToString(), Exception = "No document was selected to be uploaded", Time = DateTime.Now, Message = "No document" } ); ViewData["message"] = "Please select a document"; } } catch (DocumentExistsException de) { new LogsOperations().AddLog( new Log() { Controller = RouteData.Values["controller"].ToString() + "/" + RouteData.Values["action"].ToString(), Exception = de.Message, Time = DateTime.Now, Message = de.Message } ); ViewData["error_message"] = de.Message; }catch (Exception ex) { new LogsOperations().AddLog( new Log() { Controller = RouteData.Values["controller"].ToString() + "/" + RouteData.Values["action"].ToString(), Exception = ex.Message, Time = DateTime.Now, Message = "Unable to add document" } ); ViewData["error_message"] = "Unable to add document"; } return(View()); }