Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum
https://www.tinywebgallery.com/forum/

Few generic questions about how TFU works
https://www.tinywebgallery.com/forum/viewtopic.php?f=12&t=2531
Page 1 of 1

Author:  sparetime [ 21. Apr 2010, 20:22 ]
Post subject:  Few generic questions about how TFU works

Hi,

I have many questions about TFU because we are going to buy a distribution license. However here is few to start:

1) What is the code principle how upload indicator works? I have used "Uber Uploader" in the past, which is based on .cgi script. As I understand, on the server side, Perl and CGI are the only technologies which provide upload progress information back to the calling script. If you submit information to PHP, it doesn't have such progress indication info. However, TFU submits everything to PHP and displays progress indicator correctly even if I submit to a simple PHP script. So, this function is built-in Flash somehow? Which way TFU gets such information?

2) Is there some coders guide of what each TFU file means? There are quite a lot of files which I don't need at all. Password generator? Login? Zip class? EXIF Reader? [fsa] folder? I am not sure what this all is needed for, if I would need just a combination of multiple files selector/uploader and my own PHP script which will receive the submitted file. If we would redistribute TFU, we need to distribute only the thing which is suitable for our software. Nothing spare.

3) Files submission principle. I have parsed the submitted information and I suppose, TFU submits all files one by one, right? I see that I can receive and work out the submitted files using standard $_FILES['Filedata'] variable - correct? However, I have noticed, that if I use 'copy' function in PHP, and then 'unlink' the temporary file in PHP, TFU says that "files were not uploaded", despite they are quite good copied on the server's folder. I suppose TFU tries to get files information after upload some how?

4) Bug found - if I have 500 Kb file size limitation on the server, TFU displays 500 Mb.

5) You say, that the newest version supports sending of $_POST forms data amongst files. That's a great option - however it's impossible to check that in the free version. Do you have kind of demos available which would show, how this thing works? Or may be do you have kind of demo version which would expire let's say in a week? I would like just to see how everything works before buying it and making sure it is suitable for my purpose.


That would be all for the moment.
Thanks in advance for your replies!

Author:  TinyWebGallery [ 21. Apr 2010, 20:36 ]
Post subject: 

Hi,

1. This is build into flash - there are callback functions.
2. Check JFU - there you find the minimum set of files you need.
FSA is the file split applet.
you should use my upload files because all the security and the needed settings for upload verification are in there. You can use plugins to do you own thing or simply modify tfu_upload.php.
3. Yes - one by one because of the upload limits. TFU checks after the upload if the upload worked in an extra request.
4. Are you sure you have not set the config wrong. The value has to be set in KB! e.g
http://www.tinywebgallery.com/en/tfu/web_demo2.php is set to 300 = 300 kB.
5. Currently there is no demo for this. There is a howto that explains how this is done. Basically I parse the form in Javascript and pass the values to the flash - then this is sent along with the upload request. I don't have a registration that only works for a week. The best I can offer you is a license that only works on localhost.

- Michael

Author:  sparetime [ 27. Apr 2010, 18:42 ]
Post subject: 

Thanks for your replies.

2. I've downloaded JFU and see it has even more files than a regular TFU version :) so it probably won't fit my task...

3. Would it be possible to have a "mini" version of TFU which just handles the file uploading process with the minimum set of options? I mean, it would consist of tfu_210.swf which is included on the page, replacing the standard file upload box/dialogue, tfu_config.php and set of language packs. Under tfu_config.php, I would need only a few options - the language pack used and the URL of the script to submit a file to ($upload_file), the set of allowed/disallowed extensions, kind of redirection URL after upload (not important if it was successful or not - my script would report it on the next screen), and ability to transmit form fields data in this process. I don't need remote folder view, nothing else.

I hope you understand what I mean. I've checked many Flash uploaders of the same kind, and what I specially like in your version, is the interface. Very simple, very intuitive, very user friendly, and it suits my task very well.

Being a professional coder, I wouldn't need the other settings. I could, and I should handle them in my own script. As you probably know, until the file is fully transmitted on server, PHP can't take any actions regarding its type or extension, and all security is handled after the file has been uploaded. That's why I will use my own script for receiving the files, anyway.

All the code and pile of scripts you have, are probably created for end users, not truly developers. What the developers may need, is just a pure flash replacement of standard upload box, and upload progress indicator. The other things do not affect custom security at all.

So, I understand this may be a custom work, and my question is - is that possible to have a very simplified version, and if so, how much it would cost?

4. The setting is about this:

$maxfilesize = getMaximumUploadSize();

I didn't change it, it's a default setting I suppose.

5. Localhost would be really great to try everything out. How much it would cost to me?

Thanks for your replies and work.

Author:  TinyWebGallery [ 27. Apr 2010, 23:59 ]
Post subject: 

Hi,

2. only the tfu folder of JFU - the rest is the wrapper for Joomla!

3. see the tfu folder of JFU. So you only need 9 files + the language files you like.
If you like to use your own script you should integrate this in my script because this does all of this already (security, extension, validation of the client ...)! The flash does a lot of interaction with the server.
TFU is not like most of the flashes that only provides the flash. It's a whole solution to upload files. The scripts are not an example. e.g. tfu does verify after the upload if the file was uploaded... You can modify the tfu_upload script or use a plugin to do you custom tasks.

4. it detects the maximum upload. If you want to restrict this you can set a smaller value.

5. nothing. If you like to test it on you host simply get the standard license to test everything on your server too.

- Michael

Author:  sparetime [ 28. Apr 2010, 10:58 ]
Post subject: 

2. Yes, I've checked it carefully. I understood about TFU folder initially. Here's the set of files I wouldn't need at all:

tfu\tfu_exifReader.php
tfu\tfu_file.php
tfu\tfu_helper.php
tfu\tfu_login.php
tfu\tfu_upload.php
tfu\tfu_zip.class.php

It's almost the same set of files as in the default version.

3. I only need 2 files as I described + language packs. Is it possible?

I don't want to integrate my script into anything. The main benefit of my own custom scripts is that I know in details where and what happens, and when, and what should I modify to improve or fix it. I care about my own security.

When integrating into your script, I should care not only about my custom security, but also follow all security updates of your version. It's not really suitable. Takes a lot of time.

I understand about your solution, but TRULY, I don't need upload verification. I don't need anything except the transferring the file itself, or multiple files in a loop, like your script does.

I guess, if the Flash has ability to know about upload progress, then when it's 100%, it means the file has been transferred, right? Yes, I understand that after this process, your script will try to verify the upload - because YOU programmed it that way. But that's not a mandatory action for the Flash itself, no?..

4. That is fine, thanks.

Author:  TinyWebGallery [ 28. Apr 2010, 13:33 ]
Post subject: 

2. You need all the files I wrote. The flash interacts with them. Without, the flash does not work.

3. No - see 2.
No - when the flash is at 100% it only says all bytes have been sent. Nothing else. The flash does not care what is on the php side.

I think it takes a lot of more time to cover all the small details that are already included in the scripts. If you add your stuff in a plugin updating to the latest version only takes a few minutes. But rewriting the existing code takes for sure much longer.

- Michael

Author:  sparetime [ 30. Apr 2010, 11:52 ]
Post subject: 

2. I can't believe in it. They appear purely your own scripts. Could you give a short explanation of what each file means from those I mentioned?

3. That's absolutely correct. Flash should know nothing about the server side. On the server side, everything should be handled on our own. I hope you understand that this is a question of custom security. What you provide with your own scripts, is just your, or your company's warranty and security. If you stop support (I know you won't - but everything could happen in this life!) - then who may fix a serious error? Actually nobody knows what's inside the scripts. But if we program our own script, we know how it works.

That's the thing every serious coder would like to achieve in a serious project. Have a minimum set of 3rd party application to handle and take care on most of things on his own.

I don't know about small details you talk about. The only detail I should know as PHP coder, is that file is received by PHP script and further, I should write I code to handle it. Actually I do have such code already. With all the small details I learned during 5 years of handling file uploads. I don't need 3rd party script for that, that's the question.

Author:  TinyWebGallery [ 30. Apr 2010, 14:09 ]
Post subject: 

2. Simply look into the files what they do - they are commented. e.g. the first call reads the configuration for the flash. Then the file directory is read and so on. TFU is not only a simple uploader as you have maybe found out already.

3. If I drop dead you still have the code you can modify by yourself. The scripts have evolved over the years and believe me it's not only the upload part which make the flash work on all browsers on all OS.
There are simple uploaders out there where you have to write your own php completely. But TFU is much more than that.

If you want to rewrite everything - it's up to you... If you check the tfu_upload.php - it's not the big one...

- Michael

Author:  sparetime [ 4. May 2010, 10:46 ]
Post subject: 

Well, I'm afraid that TFU looks for PHP scripts somewhere inside the Flash. No?

I've tried to do the following for example:

- removed tfu_exifReader.php
- removed tfu_helper.php
- removed tfu_helper.php references and inclusions from tfu_config, _file, _login and _upload. Now the whole thing doesn't simply work. The Flash says it is failed an authorization or something like this.

Like I asked initially, what these files are created for?

Author:  TinyWebGallery [ 4. May 2010, 13:01 ]
Post subject: 

I already answered this a couple of times.
You need this files because the flash does not only upload but does a lot of things more. If you like more details simply look into the files. They are pretty much self explaining.

- Michael

Author:  sparetime [ 5. May 2010, 12:40 ]
Post subject: 

Interesting.

I've checked my logs again and noticed all files are having 'application/octet-stream' as the file type. Even if they are image/jpeg or application/zip.

Hmm, so... I am finally trying to understand. All security can't be achieved using only Flash methods, right? That's why you are using a lot of PHP functions?

I am starting to suspect that for my methods, it wouldn't be enough to receive 'application/octet-stream' as the file type for all files. Something needs to be clarified on Flash input. The same way like it is performed in a regular browser, for example. So it sends file type headers properly.

And - so, your script handles all that? That way, so we can't upload Microsoft Document renamed to .jpg or .php as .jpg and so on.

Thanks and sorry, I am just not familiar with Flash.

Author:  TinyWebGallery [ 5. May 2010, 21:40 ]
Post subject: 

A lot of the php functions are for handling thinks like getting the directory, the file functions and so on.
A couple of things are use for additional security like that you cannot upload to the tfu_upload.php if you are not the flash or logged in.
Some stuff is for session handling because e.g. Firefox does not handle cookies in flash properly.
Just all the small things I have found out over time which prevents users to upload without problems.
Some file types are checked - like images.

As you see there a lot more than the simply upload. If you looking for a simple flash where you can handle all the php by yourself I think swfupload is a good choice.

- Michael

Author:  kimerajamm [ 19. Jun 2010, 13:29 ]
Post subject: 

topic helpful for me, thank

Page 1 of 1 All times are UTC + 1 hour [ DST ]
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/