Comments on: Flash File Uploader – File Name Rewrite (v3.1)

By: Don

Don — Wed, 27 Aug 2008 18:18:15 +0000

Hi Narsil, Thanks for the kind words. You can do a number of things to change the look of the two buttons. You can create movie clips for both the “Browse” and the “upload” button to have them look visually different. When you’re done, just copy the code that’s currently on the old form buttons to the new movieclip buttons, rename the new buttons so they’re the same as the old buttons (upload_btn, browse), and delete the old buttons.

Or a second option is just changing the highlight/halo of the new buttons so they have a different “glow” around them.

Google search how to create movieclip buttons for your version of flash for the first option. Google how to change halo colors for the second option. Let me know if you have any questions.

By: Narsil

Narsil — Wed, 27 Aug 2008 05:45:09 +0000

Hey Don!
Since I last needed help, I’ve since gotten the flash uploader fully setup and working great! I have one little thing I’d like to be able to do though. I want the Upload button to be a different color than the Browse button.. Looking in the flash, they’re both part of the same “compiled” clip. Really, I have no clue what that means. Would I be better off to just design my own button in flash and set it up in place of the upload button? Or is there an easier way for me to change the color?
Note: I figured out how to change the text easy enough! This is a very well assembled Flash piece!

By: Don

Don — Tue, 26 Aug 2008 20:53:08 +0000

You’re absolutely right, Tim. Change the “thumbs” function in the index.php file to look like this: function thumbs() { var mdir = ''; var thumbs = document.getElementById('thm'); if(thumbs.checked == true) { window.location = "index.php"+mdir+"&thm=1"; } else { window.location = "index.php"+mdir; } } Let me know if you have further issues. Thanks for pointing this to my attention. I’ll revise the .rar later today.

By: Tim D

Tim D — Tue, 26 Aug 2008 19:34:06 +0000

Don,
Thanks for the quick reply to my questions. I am afraid I still don’t fully understand how to get where I am going.

To expand a bit on my setup – my flash site loads the index with the actionscript: getURL(“http://www.website.com/uploads/index.php?dir=”+userName); where userName is a flash variable in my case set to “timD”. This works great, it takes me to the index.php page and allows me to upload files to a new directory “timD” that it creates. IE list the address of this page as http://www.website.com/uploads/testindex.php?dir=timD. However when I select the details checkbox, the page is redirected and displays the file info and thumbnails from the default “files” directory not the newly created custom directory. The address changes to http://www.website.com/uploads/index.php?thm=1. It seems to my novice eye that when the checkbox calls the javascript thumbs function it somehow loses my $dir variable and resets it to the default “files” value. I tried modifying the conditional on line 41 to include both the thm and dir variables but I can seem to get it to pass both to the redirected page.

I am using the latest rar file. I will check on a different computer at home tonight. How do I know if my browser allows for header.location redirects?

Thanks again for the great code and your help up to this point.

By: Don

Don — Tue, 26 Aug 2008 17:45:56 +0000

Hi Tim, Good question. Sorry I wasn’t too clear in the instructions. When you’re enabling users to create custom directories for uploaded files (as in using the username in your example), you’ll need to ensure that the &dir=[username] is included in your address string at all times. This is for when the upload occurs and after the upload is complete.

For instance, if my upload index.php is here:
http://www.foo.com/?dir=bar

(where “bar” is the username in your example)

You’ll need to redirect using the PHP to return that variable from the GET string. So your final address will be, ignoring the line breaks:
http://www.foo.com/index.php?name=uploaded file name]
&size=[uploaded file size]
&type=[uploaded file type]
&exts=[valid file types list]
&dir=bar (this is the username)

The default .rar file with custom directories option enables for PHP to perform this redirect. If you’re using the correct .rar (which is located here:
http://don.citarella.net/index.php/2008/04/28/flash-file-uploader-v30-custom-upload-directories/)

Then, you should be good. Check to ensure your browser allows for PHP header.location redirects or try from a different computer/browser. If this doesn’t work, shoot me a link and I’ll take a look.

Don

By: Tim D

Tim D — Tue, 26 Aug 2008 16:48:40 +0000

Don,
Thanks for the great uploader it’s been a huge help. I am running into one problem though thats is undoubtedly due to my inexperience. I have a Flash website that I use to call your index.php. The idea is that you set up a username on the site and this is passed to the index.php file and becomes the directory name where the users uploads are stored. All that is working great. The problem is when I check the “details” checkbox the page displays the images from default “files” directory and not from the custom “username” directory. I know Flash moderately well but am a complete novice in PHP and Java so I am sure I am missing something obvious. Any help you could offer would be appreciated. Thanks.

By: Don

Don — Tue, 19 Aug 2008 07:11:00 +0000

Hi Narsil,

Sorry I didn’t see this sooner, I would’ve been happy to send you the modified FLA. Glad you got it working though. Let me know if you need anything else.

By: Narsil

Narsil — Mon, 18 Aug 2008 22:11:11 +0000

Hey Don, I went ahead and downloaded the demo of Flash CS3 and made the necessary edit. Thanks!! I love this thing.

By: Narsil

Narsil — Mon, 18 Aug 2008 21:33:21 +0000

Don,
Regarding the “All Files” capable upload.. The way I am going to be implementing the Flash File Uploader, the user will not be able to execute anything they upload. The files are going into a non-http accessible directory, so that is of little concern to me. (In reality, I’m using this as a front to an FTP transfer) Also, everyone will log in prior to seeing the uploader. All around, I’m not too concerned about the security hole there, however, I *do* understand that that is a major security risk.

If I had flash and could change which files are able to be uploaded through that myself, I would certainly do the checking there. However, as I do not have flash, I have elected to do file type checking in PHP, after the file has been uploaded. Regardless of the security risk that will open up, I believe I will still be okay in this particular instance. However, Thank you for pointing out the risks involved. It’s always better to see them now instead of when someone takes advantage of the security hole.

Should I download a demo of Flash CS3 and try and make the edit myself?

By: Don

Don — Mon, 18 Aug 2008 18:09:30 +0000

Hi Narsil, Glad you got it fixed. A 403 error (forbidden) means you’re attempting to perform a task that is not allowed by the server. Perhaps your host changed something. To investigate, you can check the server error logs to see what was denied before, and what is allowed now. The webserver configuration should be set to allowing file uploads, specific filetypes, upload/post max limits, memory limits, etc. Traditionally, this is allowed by default installation and the only thing you need to do is make the upload directories writeable. That said, there are hosts that limit some of these basic permissions in the name of security. But, as long as it’s fixed, no reason to investigate further (just keep your fingers crossed).

Now, about the ability to upload any file type, we’d need to create one that has an *.* filetype in the flash (All Files) and modify the PHP type checker to allow anything to pass through. This may be as simple as commenting the whole PHP type checker out. That said, you should be aware that you’re opening a sizeable security hole by allowing this as files that are uploaded are immediately accessible by users — whether they’re viruses or not. Most admin sections could/should still limit the file types to those that are foreseeable as valid. You can always modify the uploader later if users ask for more file types, but I’d still recommend keeping it limited to start. Is this possible?