Flash File Uploader v3.0 – Custom Upload Directories


A number of posters on Donline have left comments requesting that the Flash File Uploader allow for users to specify a specific directory for the uploaded files. In the past, the uploader hardcoded the directory for uploads to be “/files/”, with thumbnails automatically going into a newly-created child folder called “/.s/” (the auto-thumbnailing option was added in Version 2).

Some minor modifications to the Flash FLA, index.php and upload.php were made to enable users to specify their own directories for file uploads. Naturally, this opens up a security breach as wily coders can point to unspecified directories outside the current folder, if those directories are writeable. Hopefully, this won’t become an issue for you, but I’m requiring all users of the scripts to still read and accept my disclaimer before proceeding.

Here’s how the new uploader works. The index.php file searches the GET string, onload, for a custom directory specified, such as the following:


The PHP temporarily stores the new directory variable to the page and passes it to the Flash via Geoff Stearns’s SWFObject. The Flash FileReference object hasn’t changed a bit. The only modifications are the two Javascript syntaxes to:

a) Show what is being uploaded (with the file name replaced with /dir/filename), and
b) Pass the directory to upload.php upon completion

Upload.php now takes this new upload_dir variable and searches to see if the folder exists. If it does, it ensures it’s writeable. If it doesn’t, it creates the directory and sets the permissions to writeable. Finally, it copies the uploaded file from the temporary location to the new folder and renames it to the file name provided.

Lastly, the index.php page reloads to display ONLY the contents of the new custom folder. If you have files in another folder, you won’t be able to preview them anymore (However, a quick tweak to the index.php would resolve this, if necessary).

If a custom directory for uploaded files is not specified in the GET string, the index.php replaces the variable with a default directory (‘/files/’) before passing it to the Flash via SWFObject, so your files don’t wind up in an “undefined” folder. You can easily modify the default directory on Line 5 of index.php if you want it to default to anther directory rather than “/files/“. This also means that the directory isn’t visible in the GET string, which makes your site a little more secure.

If you prefer the old version of the Flash File Uploader, I’ve left it available for download on the permalink too, however, you’ll notice that the new version is pretty much the same as the old, if you opt not to enter a directory in the GET string. The only difference, as I’ve mentioned, is the possibility of security holes. Again, please read the disclaimer at the following link before downloading.

Comments and feedback always welcome. Thanks again, Mike, for the assistance.

31 Replies to “Flash File Uploader v3.0 – Custom Upload Directories

  1. don… sounds great…
    thanks for the work…

    im just not sure where the directory is getting selected/created from…

    how do i populate the GET string….
    should i look into coding a dynamic text input into the FLA?

    sorry.. im a novice… 🙂

  2. Sorry Reverend, I should’ve been more clear. The GET string is your URL. So, if the index.php page can be found, here:


    Then just add the directory you want the uploads to go to at the end, as a parameter:


    The above syntax will store the uploads to:


    (And create that folder if it doesn’t exist. This way you can have folders created based on dynamic variables — such as usernames, image tags, categories, etc.).

    If you choose to exclude that parameter in the GET string, the PHP will rely on the default value you enter in the index.php page (Line 5). The version you download from Donline has “files” set as the default, but you can change it to whatever you like.

    Hope that helps.

  3. Evening. Great script. Been treating me right, for the most part. Are you aware of any issues with Mac Firefox not completing its uploads? Oddly, the uploader works in my dev environment but not in my prod — it gets to 100% and freezes, with no reload hand-off to the processing script I have it forwarding to — so it’s probably got something to do with my rig. I’m wondering if maybe it’s something with SWFObject?

    Anyhow, thanks for the software, and any ideas you have would be appreciated.

  4. Hi MCT, Thanks for the kind words. Is anything being output by the PHP’s debug? Sometimes, for some reason or another, MACs end up putting odd extensions on common files. (ie. a Quicktime .mov comes in as a .moov). The debug text should help clue you in to where the upload is hanging. Let me know…

  5. Hi, Im adding the uploader to a Uni project and its cool. But when I go to upload on my Mac it comes with an error. ‘onl0Error’. Any ideas?
    My friend tried it on a PC and it worked.


  6. Hello again. I’m not seeing anything of much interest in the log.txt file, or in Apache’s error/access logs. I’m also seeing the onIOError dialog pop up. Going to do some research into that error, but it sounds like this is probably the culprit, given alan’s comment.


  7. Where are you seeing this flash error? when selecting a file, uploading or when upload is complete?

  8. Once the upload gets to 100, the dialog pops up, and the js that kicks the visitor to the next page (the confirmation / processing page) never fires.

    Online docs say it could have something to do with .htaccess files or permissions or some kind of password challenge / response that Mac FF is balking on. Doesn’t seem like that the problem for me, though, as the PC FF works just fine. Pretty sure Mac Safari has a similar problem but will double check that.

    Thanks for the help!

  9. MCT- Two thoughts for you:

    This might have something to do with access permissions on the server. can you post a link?

    File permissions. Under phpsuexec, php scripts can no longer have their persmissions set to 777, or live in folders with those permissions, either. Folders should be set to 755, and php scripts to 644. If some script you downloaded says it needs to be set to 777 (world-writable), ignore it, and set it to 644. Your scripts are no longer run as user “nobody”, but as YOU, so as long as the owner (you) can write to the file (the first 6) then all is well. Same story for log files, comment files, etc. Where they used to need to be 777, now they don’t. With phpsuexec, 644 is just fine, even 600 if they are private things.

    Try uploading to http://work.era404.com/flashupload/ and let me know if you have the same IO Error. Also, provide the file name, file size and your browser and version.

  10. Hey Don. Thanks again for keeping this chat going. I do appreciate it.

    I can upload just fine to your era404.com uploader, using OSX browsers. I’ve created a small test case on the production server in question:


    If everything works right (as it does in Firefox and Safari for PC), you’ll be taken to testcomplete.php, and will see a “made it” message. If an error occurs (as is still happening in FF and Saf on OSX) you will be frozen at 100%. The log.txt at that point says “upload success”, but the upload_complete js function does not seem to get called.

    I’ve changed file permissions on all directories to be 755, and all php scripts are 644. Thanks again.

  11. OK! I’ve fixed it. I took a look at this: http://www.abdulqabiz.com/blog/archives/flash_and_actionscript/workaround_file_1.php , and added an echo “HI” at the bottom of upload.php, and everything started working again.

    Exactly why this fix works (especially since I’m on Flash 9, which supposedly has the onComplete event fix in it) is still unclear. But I’m back in business.

    Thanks for all of your help, Don. You might consider adding a simple echo statement at the bottom of upload.php, as it might save someone else some trouble. What a weird bug.

  12. This seems to be a great script and worked perfect for me.
    But i wanted to customize few things in the actionscript. But i am not able to open the uploader.fla file. May be i am not using the right flash version, can you please let me know which flash this flash has been developed?

    Any help wil be greatly appriciated.. Thanks in Advance.

  13. I want to edit the .fla file so that i can change the file types. I want to add .doc and .docx to the list.

    Please help

  14. is it just me, or does this uploader get brought to its knees when you have a single quote in the file name, i.e.

    i’m a file.mp3

    It says upload complete but stays there. and no file details will be generated. I’m trying to have a look at it myself, but stuggling as i am new to actionscript and javascript for that matter

  15. Ok double check the upload_complete function in the flash file. It was tripping my javascript. The strings really need to be escaped through the whole process IMO.

  16. Sorry for the spam.
    But i feel that the most important part here is escaping the strings that come back to the javascript functions. I have tried to get this going from within flash with the escape() function, but doesn’t seem to bring it back escaped. I really need the filename coming back to me for my system to work also 🙁

  17. Hey MCT, Glad you got it working. I’ve never seen that before but I’ll definitely keep it in mind for the next revision. Thanks.

    Hi Atindra, It’s Flash 9.0 (CS3). If you don’t have that version, let me know and I’ll add the doc (DOC, DOCX) to the script for you and send it to you.

  18. Void, Files shouldn’t be saved/uploaded with spaces or other weird characters. The name being passed to the upload script is escaped in the get string. the size, extensions and directory are not. I’d recommend just putting a disclaimer on your upload page that tells them to format their file names correctly. Take a look at line 136 to see how escape works.

  19. Don,
    Sure the file gets uploaded fine to the server, just the single quotes are tripping the javascript functions, like the upload_complete function. So if i upload something with a single quote in the file name, the javascript upload_complete function will not execute. Putting a disclaimer on the site is not an option, because i can see many of my users uploading files with single quotes in the file name.

  20. I guess we build to the least common denominator, eh? You say the escape() command doesn’t work for you? it should replace your quotes and single quotes with the html equivalent (%num). Hit me up w/ a link and I’ll take a look.

  21. void – Take a look at the revised Flash File Uploader (v3.1) which includes File Renaming (to accommodate for apostrophes and double quotes breaking the JS). word?

  22. Hey,

    This is a great little tool, works like a charm for me, thanks for the effort.

    I was just wondering if this could (in theory) be modified to work with a python CGI uploader? I’d love to integrate it with the upload manager for my site, which I wrote in python, but I’m not sure whether it’s actually possible to do so – any advice would be much appreciated.



  23. Hey Daniel, Thanks for the kind words. Theoretically, sure. The Flash sends a number of calls to Javascript and one to PHP. If you adjust the Flash to talk to your Python scripts instead, it should work fine. I don’t know much about Python, though, but would be happy to help if you need specific changes to the Flash or JS to accomplish this. Send me an email.

  24. Nice script with a slick interface. I have been looking for something like this. I have a similar problem to Atindra in that I fail to see where or how to place a file customization code to allow input of .doc and .xls files. I have tried using adobe flash pro CS4 and get the graphics, but seem to have none of the code needed to be revised. Am I correct that uploader.fla has a text component that needs to be revised?

  25. Hi Mahesh, I modified the .fla and .swf, files to include “Microsoft Office Files (.xls, .xlsx, .doc, .docx, .csv, .tab)” and added this as an option to the index.php pipe-separated Flash variable with the identifier of “office”. Download the .rar again and give it a try and let me know if you have any further questions:
    Flash File Uploader – Custom Directories

  26. Hi Don

    I love the package – I have been looking for a simple, flexible ap and this fits the bill. I am using an asp script to actually save the file.

    What I really need is to access the Browse and Upload buttons, and other text, for French and Spanish versions. I don’t think I can access the compiled clip – any thoughts?

    Thanks again!!

  27. Hi Jamie, Thanks for the kind words. The uncompiled Flash build file (FLA) is included in the .RAR and you can open this in Flash and make the necessary edits to the text on the buttons. Please let me know if you have any further questions.

  28. Hi Don,
    Flash File Uploader
    Thanks for this great uploader – have been having loads of trouble writing one in PHP. Only thing is I can’t seem to upload from a Mac – I get onIOerror which I can’t seem to solve. The type is different on Mac (clue?) – it comes out with no dot and in caps. Any ideas? Russ

  29. Hi Russell, Someone previously had an issue where the mime type was coming through incorrectly (ie. MOV video files were coming as MOOV files). If you can check the error text that’s auto-generated by PHP in the upload.php script, it might give you some clue as to the issue. Also, IO typically means that there is a problem with the filename or filepath. Try with a simple file with no spaces or weird characters in the name/path (ie. helloworld.txt). Make sure the whole path doesn’t have spaces. Check the error text after running this test as well and let me know what you learn.

  30. Hi Don,
    Thanks for your quick reply!
    That was it!
    I had stripped spaces out of the filename, but not in the folder structure on the server. It now gets to the end on both Mac and PC, but then gives an error. I’m pretty sure I can fix this myself. Thanks so much for your help, and a very cooll uploader. If you ever need some free mastering, tap me up!

Leave a Reply

Your email address will not be published. Required fields are marked *