How to Create an Ajax Style File Uploader

In this tutorial we will be creating a simple Ajax style file uploader using jQuery, Ajax and Php. Something you can easily implement on your site, complete with front and backend validation.

Introduction

The application we are going to build will use jQuery's versatility to allow multiple file uploads without refreshing the page or redirecting, complete with front and back end validation to prevent unwanted files being uploaded to your server. Each section will be broken down to describe what it does and why to help you understand it easier.

Step 1 : HTML Markup

Start out by creating your html document and setting up the form that will be used for the file uploader. Save this as index.html.

index.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Ajax Uploader</title>
<link rel="stylesheet" href="style.css" type="text/css" media="screen" title="Main" />
<script type=''text/javascript'' src="path/to/jquery.js">&lt/script>
<script type="text/javascript" src="path/to/ajax/ajaxupload.3.5.js"></script>
<script type="text/javascript">
$(document).ready(function() {
   // do stuff when DOM is ready
 });
</script>
</head>

<body>
  <div id="file_holder">
 <form action="upload.php" method="post" enctype="multipart/form-data">

<p><label for="userfile">Choose file(s) to upload:</label>
 <input id="userfile" class="input" type="file" name="userfile" /></p>
 <div id="loading"><img src="ajax-loader.gif" alt="Loading"/> Loading, please wait...</div>
 <div id="errormes"></div>

<noscript>
<input type="submit" value="submit" class="button2" />
</noscript>
</form>
</div>
</body>
</html>

We start our html document by adding the usual doctype, html, head and body tags. In the head we add the title, link to the stylesheet, a link to the Google jQuery CDN and our Ajax plug-in. Our second script tag is where we will load all of our code after the document is ready.

Inside the body, we layout our page with the #file_holder div which will be our wrapper, the form and the noscript submit button that will help retain usability if the user doesn't have javascript enabled in their browser, our file upload input and the two divs that will hold our loading image as well as the error messages.

If our user doesn't have javascript enabled, the form action will take care of passing the file to upload.php and the user will simply be re-directed to it and the success or error message displayed instead of remaining on the same page.

Dependent Files

For the loading image, I used "arrows" from http://www.ajaxload.info/.
Choose the image you prefer, save it as ajax-loader.gif and upload it to your server.

We're also going to need the Ajax upload plug-in. You can download it from http://valums.com/ajax-upload/. Save it as ajaxupload.js and upload it to your server in a folder called "ajax".

Step 2 : CSS Styling

This simple form only requires three lines of styling for functionality, to hide the loading div on page load and to color the success and error messages text. You can of course expand on it and make it look prettier than my plain old uploader example. Save this as style.css

style.css

/* CSS Document */
#loading {display:none;}
.error {color:#900000;}
.success {color:#009900;}

Step 3 : The Javascript

Now we can get down to creating the jQuery functions that make this uploader work. Breaking down the sections by action will help outline how the whole thing works a little easier as we go along.

Defining variables

var upload = new AjaxUpload('#userfile', {
		//upload script
		action: 'upload.php',

First we start out by defining the variables for our Ajax uploader by setting our #userfile input as the upload variable and then defining the action the input will take when a file is chosen.

Defining onSubmit

onSubmit : function(file, extension){
		//show loading animation
		$("#loading").show();
		//check file extension
		if (! (extension && /^(jpg|png|jpeg|gif)$/.test(extension))){
       // if extension is not allowed
			 $("#loading").hide();
			 $("Error: Not a valid file extension").appendTo("#file_holder
			 #errormes");
			// cancel upload
       return false;
			} else {
			  // get rid of error
			$('.error').hide();
			}
			//send the data
			upload.setData({'file': file});
		},

The above section tells our uploader what to do as soon as a file is chosen from our file input. First, our loading animation is shown while the file extension is checked. If the file extension doesn't match the predefined ones, the upload is stopped and the user is shown an error message. Once the user tries again with a correct file extension the error is removed and the file data is passed to our upload.php file by our setData command.

Defining onComplete

onComplete : function(file, response){
		//hide the loading animation
		$("#loading").hide();
		//add display:block to success message holder
		$(".success").css("display", "block");
//find the div in the iFrame and append to error message
		var oBody = $(".iframe").contents().find("div");
		//add the iFrame to errormes
		$(oBody).appendTo("#file_holder #errormes");
}

Once our file has been passed to the upload.php file which we will get to soon, the loading image is hidden and the error or success message is shown by grabbing the status from an iframe that the ajaxupload plug-in creates.

The complete script

Copy and paste this entire code in the head section of your document.

<script type="text/javascript">
$(document).ready(function() {
var upload = new AjaxUpload('#userfile', {
		//upload script
		//action: 'upload.php', //uploads disabled for security
		action: 'upload.htm',
		onSubmit : function(file, extension){
		//show loading animation
		$("#loading").show();
		//check file extension
		if (! (extension && /^(jpg|png|jpeg|gif)$/.test(extension))){
       // extension is not allowed
			 $("#loading").hide();
			 $("Error: Not a valid file extension").appendTo("#file_holder #errormes");
			// cancel upload
       return false;
			} else {
			  // get rid of error
			$('.error').hide();
			}
			//send the data
			upload.setData({'file': file});
		},
		onComplete : function(file, response){
		//hide the laoding animation
		$("#loading").hide();
		//add display:block to success message holder
		$(".success").css("display", "block");

		//find the div in the iFrame and append to error message
		var oBody = $(".iframe").contents().find("div");
		//add the iFrame to the errormes td
		$(oBody).appendTo("#file_holder #errormes");
}
	});
});
		</script>

Step 4 : The Php

The php file does the actual uploading to our server while the functions we will implement provide validation to make sure the uploaded file stays within our set guidelines. Breaking this file down by sections will aid in explaining it a little easier.

Setting up variables

$max_filesize = 2097152; // Maximum filesize in BYTES.
$allowed_filetypes = array('.jpg','.jpeg','.gif','.png'); // These will be the types of file that will pass the validation.
$filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
$file_strip = str_replace(" ","_",$filename); //Strip out spaces in filename
$upload_path = '/path/to/uploads/'; //Set upload path

Although some of these are pretty self explanatory, I will explain what everything in the above section does.

The $max_filesize variable determines the maximum size allowed for upload, currently set to 2mb (which is what most hosting providers set their servers to by default), set in bytes.

The $filename variable gets the complete name of the file including extension from our #userfile input.

The $ext variable checks for the correct extension against the $allowed_filetypes array.

The $allowed_filetypes variable builds and array of allowed file types for reference when our check is run in the lower part of the code that we will get to shortly.

The $file_strip replaces any spaces in the file name with underscores, why? If the file name is used in a url such as a link to an image, etc. the spaces are often replaced with %20 making for a sloppy address and hard for search engines to index.

Finally, $upload_path defines the folder which the uploads will be moved into relative to home on your server. In other words, most servers are configured with a file structure like this: /home/yourusername/yoursite.com/path/to/uploads/. Make sure you use the complete path with beginning and ending "/" marks.

Find Server root

To easily find the path you should enter here, try uploading the php script below to your server, name it root.php and access it from your browser. Make sure after you find your server root to delete the file as to not expose it publicly.

<?php $server = $_SERVER['DOCUMENT_ROOT']; ?>
<?php echo $server; ?>

For the rest of the script, it simply processes functions based on our parameters that we set in the code above.

Processing the upload

// Check if the filetype is allowed, if not DIE and inform the user.
 if(!in_array($ext,$allowed_filetypes)) {
  die('<div class="error">The file you attempted to upload is not allowed.</div>');
}

Starting out, the array of file types is checked and if the extension isn't there the script stops execution (die) and outputs a message about the error.

// Now check the filesize, if it is too large then DIE and inform the user.
  if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize) {
     die('<div class="error">The file you attempted to upload is too large.</div>');
}

Check the file size against the variable set, if larger, the script stops execution (die) and outputs a message about the error.

 // Check if we can upload to the specified path, if not DIE and inform the user.
  if(!is_writable($upload_path)) {
     die('<div class="error">You cannot upload to the /uploads/ folder. The permissions must be changed.</div>');
}

This portion checks the folder on the server to make sure it is writable, or able to have our script move a file into it. If not, we use (die) again and output a message to our user.

// Move the file if everything checks out.
  if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $file_strip)) {
     echo '<div class="success">'. $file_strip .' uploaded successfully</div>'; // It worked.
 } else {
     echo '<div class="error">'. $file_strip .' was not uploaded.  Please try again.</div>>'; // It failed :(.
 }

If our file has passed all of our backend checks it is then moved into our uploads folder. If something else goes wrong, our user is notified to try again.

upload.php

Copy and paste this entire code into a new file and save it as upload.php

<?php

   $max_filesize = 2097152; // Maximum filesize in BYTES.
	 $allowed_filetypes = array('.jpg','.jpeg','.gif','.png'); // These will be the types of file that will pass the validation.
	 $filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
         $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
	 $file_strip = str_replace(" ","_",$filename); //Strip out spaces in filename
	 $upload_path = '/path/to/uploads/'; //Set upload path

	 // Check if the filetype is allowed, if not DIE and inform the user.
	if(!in_array($ext,$allowed_filetypes)) {
	 		die('<div class="error">The file you attempted to upload is not allowed.</div>');
	}
   // Now check the filesize, if it is too large then DIE and inform the user.
   if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize) {
      die('<div class="error">The file you attempted to upload is too large.</div>');
 	}
   // Check if we can upload to the specified path, if not DIE and inform the user.
   if(!is_writable($upload_path)) {
      die('<div class="error">You cannot upload to the /uploads/ folder. The permissions must be changed.</div>');
	}
	 // Move the file if eveything checks out.
	 if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $file_strip)) {
      echo '<div class="success">'. $file_strip .' uploaded successfully</div>>'; // It worked.
    } else {
      echo '<div class="error">'. $file_strip .' was not uploaded.  Please try again.</div>'; // It failed :(.
 }
?>

Setting File Permissons

Before we can test out our uploader, we need to make sure the folder in which our uploads will go is writable. I'll spare you the usual CHMOD to 777 stuff and quickly moving on. If you are familiar with using a telnet client this part isn't for you, it's for the people who were just like me when I was starting out, eager to learn and read the CHMOD part and immediately thought wtf?

Basically, open your ftp client and navigate to the folder where the downloads go from this uploader. Right click on the folder and select properties, and make sure all the check boxes are set to read, write and execute, (777) hit OK and close the window.

In Dreamweaver, navigate to the uploads folder while in remote view and right click on the file and select Set permissions and follow the instructions above.

Step 5 : Give it a try

The last and final step is to try it out and see if it works. If nothing happens or something breaks, go back and follow the steps I've laid out carefully and figure out what went wrong. feel free to download the source files and check out the demo to get a better feel for how it works.

Thanks for reading!