Using Uploadify with Zend Framework & Session Cookies

A quote from http://www.uploadify.com site.
Uploadify is a jQuery plugin that allows the easy integration of a multiple (or single) file uploads on your website.  It requires Flash and any backend development language.  An array of options allow for full customization for advanced users, but basic implementation is so easy that even coding novices can do it.

This article assumes that you've already read the Uploadify docs http://www.uploadify.com/documentation/ and tried to integrate it.

Everything is pretty simple however you need to overcome one obstacle with flash and cookies.
More on the flash and cookies topic go to [ http://swfupload.org/forum/generaldiscussion/383 ]

My Solution:
Here is how to use the uploadify
I use a variable called "__tkn" in the url to pass the session variable.
Some of you may try to use 'scriptData' which didn't work for me.

[code language="javascript"]
<script type="text/javascript">
    jQuery(document).ready(function() {
        if (jQuery("#upl_feed_file_progress")) {
            jQuery("#upl_feed_file_progress").uploadify({
            	'uploader': '/site/share/jquery/plugins/jquery.uploadify-v2.1.0/uploadify.swf',
//            	'cancelImg': '/site/share/jquery/plugins/jquery.uploadify-v2.1.0/images/cancel.png',
            	'script': '/mymodule/mycontroller/myaction/__tkn/<?php echo Zend_Session::getId(); ?>',
            	'multi': false,
            	'simUploadLimit': 1,
             	'fileExt': '*.csv;*.txt',
                'fileDesc': 'Feed Files (*.csv;*.txt)',
/            	'fileDataName' : 'upl_feed_file', // in $_FILES
//            	'scriptData': {'PHPSESSID' : '<?php echo Zend_Session::getId(); ?>'}, // This didn't work for me.
            	'height': 24,
            	'auto': true,
            	'onCancel' : function (event, queueID, fileObj, data) {
            	    alert('Error: You have cancelled the file upload.');
            	},
            	'onError' : function (event, queueID, fileObj, errorObj) {
            	    alert('Error during file upload. Maybe the file is too big ? Size: ' +  fileObj.size + ' Error:' +  errorObj.info());
            	},
            	'onComplete' : function (event, queueID, fileObj, response, data) {     
            	    if (response == '' || response == 0 || response == "0") {
            	        alert('Error during with the upload');
            	    } else {
                        perf_error('Success!');
            	    }
            	}
            });
        }
    });
</script>
[/code]

This one goes in the template
[code language="html"]
.... 
<div id="upl_feed_file_progress">You have a problem with your javascript</div>
....
[/code]

Insert this in the boostrap (usually index.php) file
It should be inserted before "Zend_Session::start();"

[code language="php"]
// ------------------------------------------ START -------------------------------------------

$sessName = "PHPSESSID";
$sessOptions = array('name' => $sessName);

// Flash has problems with cookies so we pass the PHPSESSID variable via get
// it'll be injected if it doesn't exist in _SERVER["HTTP_COOKIE"] e.g. '; PHPSESSID=hdi5u83hfnu7ltlvp5q3bb53k4'
if ((stripos($_SERVER['REQUEST_URI'], '__tkn') !== false)
//    && preg_match('#^[a-z\d]{25,30}$#si', $_GET[$sessName])
    && preg_match('#__tkn/([a-z\d]{25,30})#si', $_SERVER['REQUEST_URI'], $matches)
    && (stripos($_SERVER["HTTP_COOKIE"], $matches[1]) === false)) {
    $sid = $matches[1];

    $prefix = '';
    if (!empty($_SERVER["HTTP_COOKIE"])) {
        $prefix = '; ';
    }

    $_SERVER["HTTP_COOKIE"] .= $prefix . $sessName . '=' . $sid;
    $_COOKIE[$sessName] = $sid;

    Zend_Session::setId($sid);
}

Zend_Session::setOptions($sessOptions);
// ------------------------------------------ END -------------------------------------------
[/code]

Your 'myaction' (/mymodule/mycontroller/myaction) should return 0 or 1.

The following code should be useful.
[code language="php"]
$viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
$viewRenderer->setNoRender();

// Skipping the templates
Zend_Layout::getMvcInstance()->disableLayout();
[/code]

Please share your thoughts.
Are there any security holes in this approach ?


Related Resources
http://uploadify.com
http://uploadify.com/forum/viewtopic.php?f=5&t=43&p=3754#p3754
http://www.uploadify.com/forum/viewtopic.php?f=5&t=43&p=3754&hilit=zend+framework#p3754
https://bugs.adobe.com/jira/browse/FP-1044

Author
(c) Svetoslav Marinov
http://www.slavi.biz
http://www.devcha.com

Note:
If you want to republish it please mention my name and sites.