I have a very simple PHP script that creates a new file on my server using a random number for the file name (e.g., 412561.txt). When I load the script directly from a browser, it works. But when I load the script from a very simple Flash (AS3) script, it does not work (i.e., doesn't create a file). The Flash script and PHP script are both in the same directory. Permissions on the directory and its content are 755. Temporarily setting those permissions to 777 does not solve the problem (i.e., PHP still doesn't create file when called via Flash).

Here is my phpinfo.

Here is the PHP file.
The contents of the PHP file are:

<?php
error_reporting(E_ALL); 
ini_set("display_errors", 1);

$RandomNumber = rand(1,1000000);

$filename = "$RandomNumber" . ".txt";
$filecontent = "This is the content of the file."; 

if(file_exists($filename))
	{$myTextFileHandler = fopen($filename,"r+"); }
else
	{$myTextFileHandler = fopen($filename,"w"); }

if($myTextFileHandler)
	{$writeInTxtFile = @fwrite($myTextFileHandler,"$filecontent");}      

fclose($myTextFileHandler);    
?>

Here is the html container for the Flash script. The Flash script features a single button which calls the PHP script when pressed. In case it helps, here is the raw Flash file itself. The code of the Flash script is as follows:

stop();

var varLoader:URLLoader = new URLLoader;
var varURL:URLRequest = new URLRequest("http://www.jasonfinley.com/research/testing/TestingSaveData.php");

btnSave.addEventListener(MouseEvent.CLICK,fxnSave);

function fxnSave(event:MouseEvent):void{
	btnSave.enabled=false;	
	varLoader.load(varURL);
}

Directory listing is enabled at the parent directory here, so you can see there when a new text file is created or not. (Um, if this is a security disaster, please let me know!)

Can anyone please help me understand why this isn't working and how I can fix it? Thank you
~jason

    Where are you testing the Flash from? It could be that Flash is preventing the remote URL request due to security restrictions. As you've tested the PHP and it shows to be working, the only place left to look for the problem is in your Flash file. Try adding some trace calls in your Actionscript to determine if it's halting at a certain point in your code.

      Since it's the same PHP script that is creating the file regardless of where the request comes from (it doesn't care if it came from the browser itself or from a Flash plugin), the problem is more likely to be on the client side (the Flash app is failing to make a proper request) than on the server. Have you verified by looking at the web server's logs to see if it is actually receiving the request or by adding some logging to the PHP script?

        Thanks for the ideas guys.
        I tried adding a trace call just before and after Flash tried to load the PHP file, and it does NOT appear to be getting stuck on the varLoader.load(varURL) call.

        Good call checking the server's raw access logs.
        When I test the Flash file from my own computer (rather than running the copy on my server), it successfully loads the PHP file which then creates a new text file. But when I try running the lash file off the server, the logs show a request for "/crossdomain.xml" which doesn't exist, and I don't even know what it's supposed to be. So now I've got a lead to follow at least!

          This sounds like your Flash and your PHP aren't sitting on the same domain, and you're running into the problem I outlined in my first reply. I would hazard a guess that you're calling a local .swf? If Flash notices it doesn't come from a web server (putting it on localhost will actually work most of the time) then it will complain and appear to do odd things like you're seeing.

            The behavior is actually well defined - far from "odd" - in this Adobe KB article. The issue, however, is exactly as Ashley describes above - the URL in your Flash script has to contain the exact same host from which the movie was loaded. For example, if you access the movie via "mysite.com", you can't load any external data from "www.mysite.com" since the two hostnames are different.

              Holy [toledo], you guys are awesome, and I've figured out the problem!

              As I wasn't sure originally if this problem was due to Flash or due to PHP, I posted this question in two places: right here at phpbuilder, and over in the Adobe forums. Between the advice I got here and there, I finally realized that the whole problem has been hinging on, incredibly, "www."

              If I use the following URL, the process works, and a new text file is successfully created:
              http://www.jasonfinley.com/research/testing/TestingSave2.html

              If instead I use the following URL (not including the "www."), the process does not work, and we get a security error:
              http://jasonfinley.com/research/testing/TestingSave2.html

              I'd begun to think the problem was, infuriatingly, intermittent, because I had been using different URLs on different occassions, paying no heed to the "www." because it's such a common part of experience that I took no note of it either way.

              So, as Ashley and Brad have said, the problem seems to be that Flash won't allow access for other scripts unless they are on the exact same domain, and it doesn't consider, for example, www.adobe.com to be the same as just adobe.com . My Flash file calls the PHP file with an absolute link that starts with "http://www.". Now I know that it will work as long as I access the Flash file itself also using "www.". But I would like to fix this so that it will work either way. If anyone knows how to do THAT, please do let me know. (I know this is a PHP forum, but figure it can't hurt to ask, since you guys are also knowledgeable about Flash.) I'll be looking around for an answer (now that I know what the actual problem is), and will post back here if I do find it on my own.
              Thanks everybody!

                I personally have never used Flash (for the same reason I don't use hot sauce as eye drops 😉), but I would say you need to obtain the URL that was used to load the video, strip it down to just the protocol and hostname, and use that as the basis for creating the URL you use to access the PHP script.

                Then again, if the URLRequest object that the load() method uses will allow you to specify "relative URLs", then you might be able to instead pass in something like "/research/testing/TestingSaveData.php". (Again, I have no experience with Flash, so I can say whether or not this is possible.)

                  Got it. I just had to make a plain text file called "crossdomain.xml" with the following contents:

                  <?xml version="1.0"?>
                  <cross-domain-policy>
                  <allow-access-from domain="www.jasonfinley.com" />
                  <allow-access-from domain="jasonfinley.com" />
                  </cross-domain-policy>

                  I placed that at the root directory of my web server (public_html) and now I'm able to successfully run the whole process whether I use "www." in the URL or not. (I know this is already going to be elementary for many, but for me this was a big problem-solving endeavor.)

                    So, as Ashley and Brad have said, the problem seems to be that Flash won't allow access for other scripts unless they are on the exact same domain, and it doesn't consider, for example, www.adobe.com to be the same as just adobe.com .

                    Because it isn't 🙂, just as www.phpbuilder.com isn't the same as board.phpbuilder.com.... Once the domain has been identified ([noparse]phpbuilder.com[/noparse]) it's the hosting server's job to resolve the rest (www. or board. or nothing at all).

                    Edit: I said "host" when I meant "domain".

                      Weedpacket;11015107 wrote:

                      Once the host has been identified ([noparse]phpbuilder.com[/noparse])

                      But that host wasn't used in either of your examples...?

                        bradgrafelman;11015119 wrote:

                        But that host wasn't used in either of your examples...?

                        Typo corrected.

                          I guess I don't understand what you mean by "hosting server" then; it's up to DNS name resolution to determine the IP for "www.phpbuilder.com" or "phpbuilder.com"; you could quite easily have two different DNS records that point to two entirely different webservers.

                            I think the word "domain" and "subdomain" is fairly important here. The point of creating a domain is to assign responsibility for some part of the internet to some entity. While a subdomain falls under a domain -- like www.example.com falls under example.com -- there is some division of authority that is intended by creating a subdomain. www.example.com is for web servers and clients, mail.example.com is for mail servers and clients (and a web browser may also connect there), and ftp.example.com might be for something else. If you are the owner of example.com, you may be unconcerned about passwords working across all domains.

                            If, on the other hand, you get acquired your subdomain from some dynamic dns provider -- like maybe i got sneakyimp.servebeer.com from NO-IP so that I could always login to my home office via RDP -- then you do care big-time that your domain is entirely distinct from other subdomains. You wouldn't want their applications mucking with your cookies or you wouldn't want them building applications that steal your media files, etc.

                            That clients (and Flash is a client) take care to distinguish between different subdomains may be a nuisance, but they do so for security reasons. I'm a bit fuzzy about the details.

                              sneakyimp wrote:

                              The point of creating a domain is to assign responsibility for some part of the internet to some entity. While a subdomain falls under a domain -- like www.example.com falls under example.com -- there is some division of authority that is intended by creating a subdomain.

                              Yes; this is what I meant by domain - the bit that has to be registered by someone authorised to muck around with the root domain databases. But if you are the registrant of a domain, you don't need anyone else's permission or authority to create subdomains according to whatever policy you like. If you own mydomain.example you can sell subdomain.mydomain.example.

                              But like my original example showed (to which the rest of the discussion is irrelevant), even if it's not a matter of authority there's still no reason to assume that www.phpbuilder.com and board.phpbuilder.com refer to the same thing. Because sometimes they're not. Subdomains exist for a reason (decided by whoever is in charge of the domain) and you ignore them at your own risk.

                                Write a Reply...