Thursday, November 16, 2006

Flash 8 and File Uploads

One of the big features added in Flash 8 was support for uploading files. Flash can be a great RIA (Rich Internet App) platform and still has a lot of advantages over HTML forms even with the rapid development of Ajax and DHTML toolkits. The lack of file upload has been awkward since that is a common need in the same scenerios where you would want the kind of interfaces that Flash can provide.

I started to build out a Flash form for a client specifically for uploading large files . The app's requirements seemed to be a perfect fit for Flash, the files are for pre-press environment and can be very large. Their clients would also need to upload an arbitrary number. An older html form they had was awkward since the browser provided little feedback on the upload's progress and only had a set number of file fields.

The first pass at creating a flash interface was very successful, it allowed users to select multiple files at a time, add multiple files to a list and then upload them all at once. I had a progress bar for each file and marked them finished on the list.

The problem turned out to be really connecting it to an application. The file uploads aren't part of a form the way html file uploads are and flash doesn't send along the session like it would on a form. Even weirder is that each file is sent by itself asynchronously. I needed to tie this into a Typo3 user login so I had to figure out a way around it.

A few other passes at solving this problem I found online revolved around passing the php session id to the flash file and it adding it to the post url. On the php side you can take that and manually reconnect the session. Unfortunately that wouldn't work in the context of integrating with a typo3 extension because by the time you get to your extension, typo3 has already created its session. I can't change any of that, plus I wouldn't want to since I want information from Typo3 anyway.

The solution wasn't difficult in the end though. Loading XML or even loadVars does work in the same session. So I added some code that does a loadVars call. Typo3 can see the right session so I pass back a userid and the flash sends that back with the file upload by attaching it to the url. If you get back 'userid=1' you can attach it to the upload url with just a '?userid=1' and reconnect it to that user in the backend. Of course this is very spoof-able and someone could just start uploading files with various userid's attached and cause all kinds of annoyances. So it is important to use other data as a trap to prevent that, in my case I took some other data unique to the user, concatenated it together with a secret key and md5'd it and sent that too. Flash sends that back with the userid and my script can do the concat/md4 again with the same data and see if the hash matches, if not it doesn't accept the file.

Friday, November 10, 2006

We recently launched Verizon Literacy Network, part of Verizon Foundation that represents Verizon's community outreach programs. We built it in Typo3 with several custom extensions and I think was a great fit for the Typo3 architecture. The content is managed between 3 organizations, Verizon and two partners, ProLiteracy Worldwide and the National Center for Family Literacy. It was very easy to set it up where they could all access their own content areas and Verizon could control the final publishing step.

Some custom extension work allowed us to recreate some of the tools they had on their old site allowing searches for course materials and searches for local Literacy organizations by state or zip code. The zip code search leverages a SOAP service to find all the zip codes and I was very pleased at how easy that was to integrate into our custom php code. We were also able to upgrade their forum quite a bit by using the latest Typo3 forum software. This added much better editing and moderation as well as several great new features like thread subscription. A full site search was another important addition.

Probably the biggest challenge was moving the site to IIS for production. We do nearly all of our Typo3 work on Red Hat boxes with Apache but this site had to be hosted on IIS. Other than some flakiness around mod_rewrite Typo3 is running well under IIS and Zend's recent partnership with Microsoft should help this improve even more in the future. I'd still rather use Apache for PHP but sometimes there are legacy asp apps or current .NET apps that have to be there or just reluctance by an internal IT team to support Linux.