Category: Flash
update (2010-05-07): changed the regex to match 25-32 chars. Thanks Krzysztof from the comments.
A quote from http://www.uploadify.com site.
Uploadify is a jQuery plugin that allows the easy integration of a multiple (or single) file uploads on your website. It requires Flash and any backend development language. An array of options allow for full customization for advanced users, but basic implementation is so easy that even coding novices can do it.
This article assumes that you've already read the Uploadify docs and tried to integrate it.
Everything is pretty simple however you need to overcome one obstacle with flash and cookies.
More on the flash and cookies topic go to http://swfupload.org/forum/generaldiscussion/383
My Solution:
This article can be downloaded from: using-uploadify-with-zend-framework
Here is how to use the uploadify
I use a variable called "__tkn" in the url to pass the session variable.
Some of you may try to use 'scriptData' which didn't work for me.
[code language="javascript"]
[/code]
This one goes in the template ..
[code language="html"]
....
....
[/code]
Insert this in the boostrap (usually index.php) file
It should be inserted before "Zend_Session::start();"
[code language="php"]
// ------------------------------------------ START -------------------------------------------
$sessName = "PHPSESSID";
$sessOptions = array('name' => $sessName);
// Flash has problems with cookies so we pass the PHPSESSID variable via get
// it'll be injected if it doesn't exist in _SERVER["HTTP_COOKIE"] e.g. '; PHPSESSID=hdi5u83hfnu7ltlvp5q3bb53k4'
if ((stripos($_SERVER['REQUEST_URI'], '__tkn') !== false)
// && preg_match('#^[a-zd]{25,32}$#si', $_GET[$sessName])
&& preg_match('#__tkn/([a-zd]{25,32})#si', $_SERVER['REQUEST_URI'], $matches)
&& (stripos($_SERVER["HTTP_COOKIE"], $matches[1]) === false)) {
$sid = $matches[1];
$prefix = '';
if (!empty($_SERVER["HTTP_COOKIE"])) {
$prefix = '; ';
}
$_SERVER["HTTP_COOKIE"] .= $prefix . $sessName . '=' . $sid;
$_COOKIE[$sessName] = $sid;
Zend_Session::setId($sid);
}
Zend_Session::setOptions($sessOptions);
// ------------------------------------------ END -------------------------------------------
[/code]
Your 'myaction' (/mymodule/mycontroller/myaction) should return 0 or 1.
The following code should be useful.
[code language="php"]
$viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
$viewRenderer->setNoRender();
// Skipping the templates
Zend_Layout::getMvcInstance()->disableLayout();
[/code]
Please share your thoughts.
Are there any security holes in this approach ?
Related Resources