Sorry... I can't deal with all the SPAM so until I can find a better solution for the forums, I'm locking them down. For now please use awesome services like stackoverflow.com for community support. Thanks.
This forum is a community forum meant for users of the plugin to collaborate and help solve issues with implementation, etc. Unfortunately, as the creator of the plugin, I do not have much time to attend to every request here as this is only a side project and I must work a full-time job to provide for my family. This is how I keep the Flash version free and the HTML5 version low cost.
Using sessions & tricking Basic Authentication
  • Boban posted this info about sessions, php and flash in the old forum.

    I think I found explanation about sessions problem. This seems to be the Flash Cookie Bug described here:

    http://swfupload.org/forum/generaldiscussion/383

    There seems to be no solution yet. Flash is reading IE cookies besides it runs from Firefox or other non IE browser. I am not sure if Adobe released a fix for this.

    Some more information about Flash upload cookies issue can be found here:

    https://bugs.adobe.com/jira/browse/FP-1044

    Steps to reproduce:
    1. Start a packet capture tool to watch the traffic between browser and remote web server.
    2. Start up your Flex application
    3. Perform an action which results in Flash performing a request (POST) to a secured resource.
    4. Dialogue box pops up, you enter your username + password.
    5. Authentication is performed correctly (can also tell by watching packet capture).
    6. Do a Filereference.upload within your Flash/Flex application (to a resource secured within the same security realm).
    7. Request fails, authentication error.
    8. Look at the packet capture.... Flash discarded all cookies and authentication information when doing the file upload.

    Conclusion:
    Unlike a browser file upload, Flash does not support authenticated file upload.

    Isn't it time to fix this one. It's been there since Flash 8 when you introduced the feature and this is a major showstopper for usage on sites that require login. The URLStream class doesn't seem to have any of these issues it retains cookies, basic authentication information and works over SSL.


    SOLUTION

    In your PHP file which includes .fileUpload, put this:
    [code=php]session_start();
    $_SESSION['mydata'] = 'whatever'; [/code]
    Within your fileUpload parameters, add this one:
    [code=php]'scriptData': {'session_name': '<?= session_id</span>(); ?>'} [/code]
    Then in upload.php you can get your session data this way:
    [code=php]session_id($_GET['session_name']);
    session_start();
    if ($_SESSION['mydata'] != 'whatever') {
            header("HTTP/1.0 404 Not Found");
            exit;
    }
     [/code]

    BASIC AUTHENTICATION
    I don't think you could use this to trick Basic Authentication because this is done with GET method and basic authentication is sent by request headers and checked by your Web server.

    You can use two solutions.

    1. Continue using Basic Authentication but put upload.php script outside of protected directory and use sessions security like I described above. So, all my multi upload files reside inside protected directory, except upload.php which resides outside of it, but it is protected by sessions.

    2. Another way is to authenticate user in PHP and use sessions in all scripts.
  • The example will not work if session_auto_start=on on the server

    in thats the case try:

    'scriptData': {'PHPSESSID': '<?php echo session_id();?>'},


    PHPSESSID is the default session name for php. Check what is yours before using it
  • I'm working with Zend Framework under session based authentication (with session_auto_start on) and I was able to get this working by adding the javascript parameter webmentors suggested...

    'scriptData': {'PHPSESSID': '<?php echo session_id();?>'},


    ...and writing a controller plug-in to check for this variable and restart the session as needed so authentication could be done successfully.

    Plug-in

    <?php
    /**
    * @see Zend_Controller_Plugin_Abstract
    */
    require_once 'Zend/Controller/Plugin/Abstract.php';

    /**
    * Controller plugin that restarts the session for Uploadify.swf calls
    */
    class Application_Controller_Plugin_Uploadify extends Zend_Controller_Plugin_Abstract
    {
    /**
    * PreDispatch Hook.
    *
    * Checks to see if the current request has been made by the Uploadify.swf file
    * if so restart up the php session and continue on
    *
    * @param Zend_Controller_Request_Abstract $request
    * @return void
    */
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
    $phpSessId = $request->getParam('PHPSESSID');
    if (!empty($phpSessId) &amp;&amp; session_id() != $phpSessId) {
    session_destroy();
    session_id($phpSessId);
    session_start();
    }
    }
    }


    Also worth noting, Uploadify has no trouble dealing with Controllers/Actions for the 'script' parameter, e.g.

    'script' : '<?php echo $this->url(array('controller' => 'upload', 'action' => 'handle-file-upload')) ?>',


    Hope this helps anyone else working under similar circumstances.
  • Upon testing, .htaccess might solve the problem. It removes authentication for that certain file and prevents firefox from crashing.

    I create .htaccess file within the same folder with my_uploader_script.php Below is my .htaccess


    Satisfy Any


    http://topeinthehouse.blogspot.com/2009 ... e-bug.html
  • I needed (wanted realy) to add the code .uploadify({ in a .js file, not in a .php.... so, this is what I did:


    var start = document.cookie.indexOf(\"PHPSESSID=\");
    var end = document.cookie.indexOf(\";\", start); // First ; after start
    if (end == -1) end = document.cookie.length; // failed indexOf = -1
    var cookie = document.cookie.substring(start+10, end);

    $(\"#someid\").uploadify({
    .
    .
    'script' : 'upload.php',
    'scriptData' : { 'PHPSESSID': cookie },
    .
    .
    });


    and in your upload.php :

    session_id($_POST['PHPSESSID']);
    session_start();
    .
    .



    note: your session name may vary, I'm using the default "PHPSESSID"

    thanks for the solution.
  • Hi,

    I use the trick below. I'm able to retrieve my session_id but I don't get my cookie value :

    In my upload.php I have

    session_id($_POST['PHPSESSID']);
    session_start();

    echo \"cookie value : \" . $_COOKIE['mycookie'];


    But cookie value is just empty. Any help is most welcome.
    Thanks,

    simo
  • This will not work if your javascript is in an external file. PHP will not parse a .js file
  • So that's where my problem was!

    cheap xanax
    zolpidem
  • This sort of works for me, but not completely.

    uploadify.php:

    session_id($_POST['PHPSESSID']);
    session_start();


    upload.js:

    $("#someid").uploadify({
    'script' : 'uploadify.php',
    'scriptData' : { 'PHPSESSID': '<?php echo(session_id()); ?>'},
    });


    Except it only works for the first file I upload. It seems the next time the script uploads it doesnt send de value 'scriptData' again... Anyone?
  • The user and all related content has been deleted.
  • After 4hours trying to resolve the problem, I added one parameter in the initialization of the function uploadify.
    I wrote the javascript code in an echo and in the same file like the


    <?php
    session_start();
    $id = session_id();
    echo "<script language='JavaScript'>
    $(document).ready( function () {

    $('#file_upload').uploadify({
    'uploader' : 'uploadify/uploadify.swf',
    'script' : 'uploadify/uploadify.php',
    'cancelImg' : 'uploadify/cancel.png',
    'folder' : 'uploads',
    'multi' : true,
    'method' : 'post',
    'scriptData' : { 'PHPSESSID': '".$id."'},

    'auto' : true,
    'fileExt' : '*.jpg;*.gif;*.png;*.php',
    'fileDesc' : 'Image Files (.JPG, .GIF, .PNG, .PHP)',
    'queueID' : 'custom-queue',
    'queueSizeLimit' : 1,
    'simUploadLimit' : 1,
    'removeCompleted': false,
    'onSelectOnce' : function(event,data) {
    $('#status-message').text(data.filesSelected + ' files have been added to the queue.');
    },
    'onAllComplete' : function(event,data) {
    $('#status-message').text(data.filesUploaded + ' fichiers envoyés, ' + data.errors + ' erreurs.');
    }
    });

    });
    </script>";

    ?>

    <div class="upload">
    <div id="status-message">Select some files to upload:</div>
    <div id="custom-queue"></div>
    <input id="file_upload" type="file" name="Filedata" />
    </div>


    And then, in the uploadify.php


    <?php
    $id = $_POST['PHPSESSID'];
    session_id($id);
    session_start();
    ?>