Uploader with Progress Bar, File Manager & Multi-User Support

Need to transfer files to/from your website?  FileChucker makes it easy.  Fun, even.  Whether for customer files, or just your own, FileChucker is the solution.
FileChucker Screenshot

FileChucker: Old Changelog

View Newer Changelog Items

v4.66 (20101116):

  • Download notification emails can now be sent to the person who originally uploaded the file, via the new %%uploader_email_address%% setting, as long as you've got the other required prefs set (namely an email address field on the upload form, which you've set to be stored in a database).
  • New set of file_links_in_ prefs (e.g. $PREF{file_links_in_emails_go_to}) in PREFs Section 11 to specify how the view/download links behave in various contexts.  You can choose from these options:

    viewer: FileChucker's slideshow-style viewer, with previous/next links, and web-sized versions of images, etc.

    landing_page: useful for public-download sites, with a configurable delay, etc.

    full_page: items that the browser can display are displayed standalone within the browser window/tab; this includes text and most images for example, as well as videos, as long as the browser has a video-playing plugin installed. Most such plugins will stream the video, so that it starts playing right away and downloads in the background. Other file types show an open/save dialog.

    script_download: all items get an open/save dialog.

    direct_download: like full_page, but using the direct path and filename to the item on the server, rather than going through the script. This will be internally overridden in some cases; see this FAQ item for details.
  • New set of _on_options_menu prefs to specify which of the above download methods appear on the "options" menu for each file on the download page.
  • New ?iframe=no URL variable to disable $PREF{use_iframe_for_upload} on a per-upload basis (mainly for debugging).
  • When setting cookies, we now specify the domain, and start it with a dot (after removing any "www"), in order to allow the cookies to be read from subdomains as well.  This should work around some potential issues on sites that allow both the www-version and the www-less-version of their domain but don't redirect one to the other.
  • The database viewer (for upload log page, etc) now has a View All link, to disable pagination and show every item in the list.
  • Bugfix: the database viewer (for upload log page, etc) was using the wrong arguments for the LIMIT clause (start and end, instead of start and count), resulting in strange results when viewing database tables with large numbers of records (basically, as you paginated through to the higher pages, they displayed more items-per-page than they were supposed to, and the counts were off).
  • Various other small bugfixes.
  • Prefs added:
  • Prefs removed:

v4.65 (20101018):

  • New $PREF{get_userdir_from_email} setting.
  • New $PREF{file_upload_field_label} setting, including support for different labels on different file fields in multi-file uploads.
  • New $PREF{hide_upload_form_folders_matching_this_regex} setting, to limit the list of subfolders the user can choose from.
  • New $PREF{hide_common_leading_path_on_upload_form_subdirs} setting, to shorten the entries in the subfolder drop-down when possible.
  • Renamed sizelimit_for_strangers to sizelimit_for_public.
  • New $PREF{show_bbcode_html_etc_on_uploadcomplete_page} setting to easily hide those items without having to edit the upload-complete page template.
  • New $PREF{mimetype_for_[ext]} settings, for serving downloads with the correct mime-type on servers where the MIME::Types Perl module is not available.
  • Removed some old prefs that have been deprecated by newer groups_allowed_to_* settings (show_link_to_uploads and upload_complete_page_links_to_files).
  • When looking for a userbase_prefs.cgi file to load, we now check the /login folder, for servers where it's installed that way.
  • For servers that set $ENV{REMOTE_ADDR} incorrectly (Yahoo so far), we now work around that.
  • Bugfix: the new viewer-mode page would display a broken image on servers where no image-resizing methods are available; now we display no image, just text.

v4.64 (20101006):

  • Renamed the call_filechucker.php file to call_fc.php to make it easier to type and to make instructions shorter; also edited its code to make it try two different methods of calling the filechucker.cgi script in case a given server only supports one or the other method; and updated the quick-instructions.txt file to briefly explain how to use this method of execution.

v4.63 (20101004):

  • In notification emails, any perfile form fields are now displayed in the file list section, rather than in the other (non-perfile) form fields section.
  • Any drop-down form fields created with the formfield_NN prefs can now use newlines, instead of "|||", as their value separator, which makes it much easier to create/maintain drop-downs with many possible values.
  • Bugfix: in notification emails, in our footer links, we were including the literal text 'auto' in place of the $PREF{here} value.
  • Bugfix: on the upload-complete page, when listing form field values, we were displaying "Field: : value" (double-colons) in some cases.
  • Bugfix: the new viewer-mode feature was ignoring $PREF{here} and always using the .cgi script filename in its URLs.

v4.62 (20100928):

  • New "viewer" mode for the Download page, so that clicking on a file will take you to a FileChucker page showing that item with previous/next links, and showing a nice web-sized version of the item if it's an image.
  • When using the download_links_go_through_FileChucker feature, we previously served all downloads with the application/octet-stream content type, causing most browsers to display just a "Save As" dialog.  We now use the MIME::Types Perl module and serve specific mime-types depending on the file extension, so that the browser can offer to display the download in an appropriate application in addition to just saving the file.
  • New $PREF{static_writable_directories_list} setting, for servers with huge numbers of subfolders that don't change, in which case we don't need to do the potentially-slow scanning of the uploads folder on every execution.
  • Adjusted some of the default CSS to make it easier to change the upload progress bar from centered to left-aligned.
  • There's now a [remove this file] link on the extra file fields on the upload form, in case a user for some reason doesn't feel comfortable simply leaving the extra field blank.
  • New $PREF{name_of_subfolder_for_thumbnails_etc} setting, with the eventual goal of moving all our miscellaneous subfolders (thumbnails, human-test images, temporary zip files used in multi-file downloads...) into it.
  • The upload-counter feature now goes through the formfield_NN prefs system, so that it's easier to access its value in notification emails, post-upload redirection pages, etc.
  • Added a new setting of 'auto' for $PREF{here}, which is also now the default.  So when you're using a shortcut /upload URL or you've embedded FileChucker into another page, it figures it out automatically.
  • Moved some prefs (human_test_image_directory stuff) from PREFs Section 02 down into PREFs Section Z: Misc Settings Not Usually Needed, and changed some of the code behind them to be smarter about automatically figuring out the right paths to use.
  • Improved the spacing between our pagination links.
  • In our database viewer, any columns specified as _viewer_hidden_columns are now skipped when a new record is being created.
  • Bugfix: the browser-side file extension filter wasn't working properly for file extensions that included regexes.
  • Bugfix: if using the custom_form_fields feature (rather than the built-in formfield_NN extra form fields feature), we were lumping perfile formfields in with non-perfile formfields.
  • Bugfix: when using enable_userdir_from_php_session__method1 or enable_username_from_php_session, depending on how your PHP/session-based login system handled logouts, we didn't always recognize them right away, instead pulling the login details from our own cache.
  • Bugfix: replaced raw ampersands with their proper HTML entities in a couple of spots, for increased HTML validation powers.

v4.61 (20100727):

  • Bugfix: when configuring features to be non-public, but not using a separate login system like UserBase, we had a missing ampersand that caused a redirection loop resulting in the internal login page failing to display.

v4.60 (20100529):

  • For uploaded images, we now automatically detect & display dimensions & resolution (on the file info page and in notification emails) if the server supports it.
  • Improved the documentation for the $PREF{enable_subdirs} setting in the prefs file, and we now automatically (re)enable this if the user has enabled userdirs, since they don't work without subdirs.
  • The $PREF{serial_is_userdir} setting now automatically enables the other prefs that it depends on, rather than listing them in the documentation and requiring you to manually enable them.
  • Disabled the blat email path by default, since hardly any servers have that installed, and it can make it harder to debug email issues on Windows servers.
  • Changed some of our CSS IDs (including title and intro) to more unique versions, to avoid having any sitewide stylesheets mess up our styling.
  • The $PREF{enable_custom_sql_commands} feature now supports UPDATE in addition to INSERT.
  • In date strings where we were using "%P" to get am/pm, we now use "%p" instead (which is the same but uppercase, i.e. AM/PM) because some Windows servers crash/hang when confronted with "%P".  No, really.
  • Various updates to our built-in database table viewer/editor (including presets for min/max values, min/max string lengths, and type checking; nicer visual styles in vertical display mode; ...).
  • We now specify our font size in points instead of ems, since the latter can result in tiny/huge text in situations where (for example) a sitewide stylesheet specifies that ALL tables should have a certain font size.
  • The tempfile used to track each upload's progress is now deleted at the end of the upload by the upload process, rather than by the process that displays the Upload Complete page.  This makes no difference in most installations, but can prevent these tempfiles from building up on servers where the Upload Complete page is not being used and where FileChucker's automatic periodic purging of these files does not occur for some reason.  In older versions this early deletion would have caused Javascript errors on the client-side at the end of an upload, but Javascript changes in newer versions should prevent that issue.
  • The different types of rows on the file list page (parent folder row, folder rows, file rows) now have unique CSS classes, in case you want to style them differently from each other.
  • The server information page now shows your server's MIME::Lite version, which can be useful in debugging email issues.
  • Renamed the $PREF{enable_manual_creation_of_new_subdirs_during_upload} setting to $PREF{show_the_create_new_subdir_field_on_upload_form} to make its purpose more clear.
  • The feature that allows you to use %DATE{%v} within other prefs, for inserting various kinds of date variables, now supports offsets, so for example you can use %DATE{%d}{now+5d} to mean "the date 5 days from now."
  • New $PREF{convert_upload_filenames_to_case} setting for converting all filenames to uppercase or lowercase upon upload.
  • The Upload Complete page now includes a hidden field containing the uploaded filename, for situations where you want to script other actions based on that.
  • New $PREF{upload_progress_bar_disabled} setting for servers with write-caching or other features that prevent the progress bar from working.
  • Form fields auto-included in notification emails are now displayed in the same order that they appear in the prefs file and on the upload form, rather than sorted alphabetically by shortname as before.
  • Improved autodetection of the server's DOCROOT on certain servers with strange configurations.
  • We now display a warning in the footer whenever $PREF{enable_debug} is turned on, since it can itself cause issues in some cases.
  • Bugfix: upon logout we redirected to a "You are logged out" page, but this was displayed based solely on the query-string, so a logged-in user navigating to this page manually (or getting auto-redirected to it for whatever reason) would see the "You are logged out" message even though he's actually logged in.  The logged-out page now auto-redirects to the main page if the user is actually logged in.
  • Bugfix: when using the _is_group_master feature for grouped checkboxes on the upload form, along with $PREF{store_upload_info_in_database}, we failed to auto-create a database column for the group, so it never got stored; so this grouped checkboxes feature only worked if you'd manually created the database column beforehand.
  • Bugfix: setting a $PREF{after_upload_redirect_to} URL now no longer disables the $PREF{use_iframe_for_upload} feature; this was reported as an update in the previous version, but wasn't quite all there.
  • Bugfix: the $PREF{create_resized_copies_of_uploaded_images} feature failed to honor the $PREF{overwrite_existing_files} setting if it was enabled, so any resized image copies with the same name as existing images would always get an _01, _02, etc, added to their names.
  • Bugfix: the $PREF{enable_custom_sql_commands} feature did not work if $PREF{store_upload_info_in_database} was disabled.
  • Bugfix: added internal _qsready versions of a few key prefs ($PREF{here} in particular) to allow proper embedding within a page that already uses the query-string for navigation.  For example if your page is index.php?page=upload we would previously try to use index.php?page=upload?action=listfiles as the link to the downloads page, rather than index.php?page=upload&action=listfiles as we do now.

v4.59 (20100330):

  • Setting a $PREF{after_upload_redirect_to} URL now no longer disables the $PREF{use_iframe_for_upload} feature.
  • Bugfix: a previous update caused uploads to appear to get stuck at the "Upload Complete; processing..." screen, if both $PREF{enable_debug} and $PREF{use_iframe_for_upload} were enabled (and in certain other cases where the iframe is enabled and output occurs before the upload completes).
  • Bugfix: a previous update caused the "options" menu (for each file/folder on the downloads page) to display behind the file list in some browsers, making it effectively invisible and unclickable.

v4.58 (20091215):

  • New $PREF{admin_usernames_list} setting, for when you're integrating with a non-UserBase login system, and you want to specify which of your users are administrators.  This replaces the PHP_ENC_ISADMIN variable and the $PREF{admin_usernames_for_apache_auth} setting, and the two $PREF{member_username_cookie_name} & $PREF{admin_username_cookie_name} settings have been consolidated into a single $PREF{username_cookie_name} one. 
  • The $PREF{groups_allowed_to_list_files} setting has been renamed to $PREF{groups_allowed_to_view_download_page}, just to make its purpose more clear; similarly the _list_files_in_top_level permission is now instead called _view_top_level_of_download_page.
  • New "Show All Prefs" feature, available on the Administration page, shows the values of all your prefs.
  • Updated the blacklist/whitelist feature so that in addition to all-or-nothing whole-app blocking, you can specify that users matching the lists are automatically added to special encblacklisted/encwhitelisted groups, which you can use in any of the $PREF{groups_allowed_to_*} settings.
  • New $PREF{get_userdir_from_username} setting, to simplify the enabling of the userdir feature when integrated with a non-UserBase login system (we've always done this when integrated with UserBase).
  • Large overhaul of the email notification prefs to allow more than just 2 email templates (webmaster and user); you can now create separate templates for the various kinds of email notifications (user-entered email addresses, UserBase folder owner, logged-in user's email address, etc).
  • New $PREF{app_output_template} setting allows you to fully customize the overall structure of the markup we output.  This replaces some previous settings like $PREF{intro}, $PREF{outer_container} & $PREF{inner_container}, etc.
  • Updated the CSS for the drop-shadows in the shadowlight (default) and shadowdark styles; they no longer use fixed-width images, so the app's overall width can be set to any arbitrary value and the shadows will adjust to suit.
  • New $PREF{formfield_NN_only_for_these_groups} feature allows you to specify that a given field on the upload form should only be displayed if the user is a member of a certain group.
  • New $PREF{formfield_NN_dont_send_email} feature allows you to create a form field that collects email addresses but does not send notification emails to the entered addresses.
  • Renamed the "Options Menu" at the top of the downloads page to "View Menu" to disambiguate it from the "options" menu on each individual file/folder in the downloads list.
  • For prefs that default to, such as the sender address on notification emails, if you leave it set to the default we'll automatically change it to filechucker@<> at runtime.
  • Changed some of the CSS to remove specified widths on inner parts of the pages, so that a single outer width value is all that's specified, which makes it easier to adjust that width.
  • If the server's version of the CGI module is ancient, we'll display an error saying so right in the footer of every page, since it's likely to prevent the app from working correctly.
  • The Check Image Modules feature in the Administration section now does a few checks for a "convert" command in some of the likely locations.
  • Automatically fix the DOCUMENT_ROOT on GoDaddy servers, which set it incorrectly for subdomains.
  • Bugfix: some notification emails displayed percent symbols between sections for no good reason.
  • Bugfix: specifying a form field to be both required and an email field could result in a confusing error message if the user left the field blank.
  • Bugfix: the 3 $PREF{show_link_to_uploads_for_strangers} (and _members and _admins) settings got broken in a previous update; they had no effect so you had to manually modify the template for the Upload Complete page to adjust that output.
  • Bugfix: a previous update caused us to fail to autodetect when HTTPS was in effect.

v4.57 (20091017):

  • New $PREF{enable_username_from_apache_auth} feature provides support for Apache's htpasswd-based user accounts, in case you don't want to use a proper login system like UserBase.
  • On the file list, if you check a single file's checkbox then use the Actions Menu to download it, we now pretend that you actually clicked on that single file itself, rather than going through the multi-file download process with only the single file (which worked fine, it was just overkill, since zipping a single file is kind of pointless).
  • Bugfix: a previous update caused the login link to always point to the full filechucker.cgi URL, even if you set $PREF{here} to something else.

v4.56 (20090928):

  • New $PREF{default_filelist_sort} setting in case you want the file list to be sorted by something other than filename by default.
  • New $PREF{filefield_template} setting in case you want to adjust the HTML for the file fields on the upload form.
  • Miscellaneous updates to the database viewer/editor behind features such as the upload log and download log.
  • Improved performance of the file list's pagination feature on servers with large numbers of files in a single directory (~1000 or more).
  • Bugfix: a recent update could cause a MySQL error on servers with older versions of MySQL, on pages that use the database viewer/editor.
  • Bugfix: in rare situations involving features which require the script changing into a different directory (such as the multi-file download feature), some errors that could occur would fail to be properly reported, and instead a more obscure and confusing error would result.
  • Bugfix: a previous update broke our ImageMagick detection (or rather how we handled the result of it) so we didn't use ImageMagick even if it was available on the server.
  • Bugfix: with userdirs enabled, a particular malformed query-string could allow a user to view the list of other userdir folders (but not access those folders) on the server.
  • Bugfix: in Opera, when the user chooses a file for upload and we automatically add another file field, the new field was pre-filled with the same file that was selected in the first file field.
  • Bugfix: if using both $PREF{show_upload_status_in_popup_window} and $PREF{default_page} = 'filelist', the progress bar didn't display.

v4.55 (20090811):

  • There is now an Administration page which contains links to a few new features (a help page, a configuration instructions page, a server variables page, and an image-module-testing page) as well as a few features that were previously linked directly from the footer (upload log and download log).
  • New image-module-testing page which shows whether your server supports the ImageMagick Perl module and the GD Perl module, and explains what it means and what to do if your server doesn't support them.
  • We now automatically internally disable the try_to_use_* prefs for ImageMagick and GD when both are unavailable on the server, rather than displaying an error telling the user to manually disable those.
  • The file-list page now supports pagination, for situations where you have lots of files at a single level rather than within multiple subfolders.
  • Bugfix: the %%ub_var_name%% variable didn't work in notification emails; it's now been replaced by %%ub_var_username%% and %%ub_var_realname%%.

v4.54 (20090727):

  • The administrator password hash is now null by default, and visiting the login page will prompt you to create a password.
  • On the upload form, we now use a better method for highlighting any unfilled required fields, the main benefit of which is that they regain their original styling correctly when un-highlighted.
  • On the upload form, any checkbox fields that you add now default to being recorded as "yes" or "no" rather than 1 or 0.  This is adjustable via a formfield_NN_binary pref if you prefer to have 1/0 instead.
  • Custom fields on the upload form now support formfield_NN_transform_foo prefs, where for any field, a value of "foo" will be transformed into whatever other value you specify.
  • Tweaked the layout of the upload form and the overall app styling, mainly to make the various items on the upload form (including any custom form fields) line up more nicely.  Also, most kinds of custom form fields are now template-based, and you can even specify a different template on a per-field basis.
  • Various small improvements to the database-viewer/editor function that's behind features like the uploadlog and downloadlog.
  • When the uploaded files folder doesn't exist, the error message that we display will now show the current DOCROOT value and whether that exists, to aid in troubleshooting.
  • Our debug-mode output is now more friendly, with any HTML converted so that it will show up properly, and can be viewed directly on the bottom of the page rather than having to view the page's source-code.
  • When embedded within another page and using username/userdir from a PHP session, we now ignore the username/dir if the PHP session is null.  This is sort of a bugfix depending on your perspective.
  • Bugfix: the $PREF{allow_userdir_on_url_insecurely} feature got broken in a prevous update.
  • Bugfix: on systems with inconsistent case-sensitivity rules (Windows), having SQL table/field names that aren't entirely lowercase can result in errors if you need to check for the existence of a table/field and auto-create it if DNE.  So we now convert them all to lowercase first.
  • Bugfix: with the new non-redirecting upload feature enabled, certain messages and errors would fail to be displayed.
  • Bugfix: more older versions of IE failed to show the Upload Complete message for the new non-redirecting upload feature.

v4.53 (20090629):

  • Bugfix: older versions of IE failed to show the Upload Complete message for the new non-redirecting upload feature.

v4.52 (20090627):

  • New $PREF{prevent_direct_cgi_access} option for users who want to embed FileChucker within an existing page and don't want it to be possible to visit the CGI script directly.
  • New experimental support for the netpbm image-processing library as a backend for our human test feature, for those rare servers lacking the GD Perl module and the ImageMagick Perl module and ImageMagick itself.
  • Specifying a custom icon for a specific file type on the file list page now causes the generic icon to be hidden, and now by default the custom icon has no border applied.
  • Bugfix: when embedding FileChucker into an existing page, and using static CSS and JS files from FileChucker in that page's header, and using the human test feature in the non-invisible mode, the human test image would fail to display.
  • Bugfix: on a small percentage of servers, the ImageMagick installation seems to require that you explicitly specify the font name when creating an image containing text, such as in our human test feature.  On those servers, failing to specify the font name results in an image being created successfully but lacking any text.  So we now specify a font name.

v4.51 (20090601):

  • New blacklist/whitelist feature to block users based on IP address or hostname.
  • Modified the upload process so it now occurs in-page in a more AJAX-y way: it now displays the "Upload Complete" message in the same page without reloading or redirecting the page.  In most cases this makes no difference, but it makes it easier to embed FileChucker into existing layouts/pages which are dynamically generated or otherwise complex.  As a nice side-effect, this also allows the progress bar to work in-page in Safari, no longer requiring a popup window.
  • Can now scan uploads for viruses and reject them if they're infected, assuming your server has a command-line virus scanner available.
  • Changed some widths from pixel values to percentages, in order to simplify the process of editing the CSS to make FileChucker narrower to fit within narrow existing layouts.
  • New $PREF{progressbar_update_delay} setting, for servers that are slow or overloaded, where making the progress bar updates occur less frequently may help to improve performance.
  • Bugfix: on servers with GD, without ImageMagick, and with the human test feature enabled, we would sometimes display an error saying that GD was not available, when it really was.
  • Bugfix: due to a change in a previous update, setting some options to null (including $PREF{title}) would make the upload progress bar fail to display.

v4.50 (20090523):

  • Simplified the installation process by including a new folder called "" within the file; this folder contains the full directory structure and all files necessary for FileChucker to work, so you don't need to manually create any files or folders -- just upload the contents of the folder to your server.  So although the installation process was pretty straightforward before, now it's basically just drag-and-drop.

v4.49 (20090514):

  • Moved icons and other app images into the /upload/fc_icons_etc/ folder, instead of having them directly in the /upload/ folder by default as before.

v4.48 (20090504):

  • We now attempt to detect whether we're being executed via command line, and print a useful error in that case, to prevent getting the FAQ about why it doesn't work from the command line (answer: because it's a web app).
  • When integrated with UserBase and using its subgroup-manager feature, FileChucker now automatically gives such managers access to the files & folders of the users that they "own".
  • When displaying thumbnails, if the server doesn't support our figuring out their dimensions, then we'll omit the width and height attributes altogether, rather than setting them to null, to work around an IE bug in which it treats null as meaning "1 pixel".  Ugh.
  • When a user does a multi-file download, we now check to make sure our zip file exists before attempting to send it for download, and if it doesn't exist, then we display a more useful error message indicating the likely cause (that there is no "zip" command on the server) with links to zip apps that could be installed on the server.
  • We now support shared prefs files, for specifying prefs a single time to be used in multiple apps, or in multiple copies of an app.
  • The pages which display database contents now handle reverse-sort differently: instead of reversing the order of whichever N items were displayed on the current page, we now reverse the whole dataset itself.  So the N items displayed on say page #3 of the data will not be the same N items displayed on page #3 in reverse-mode.
  • We now attempt to automatically correct Network Solutions' screwy configuration on servers that are afflicted by it.
  • Bugfix: in rare cases, an apparent bug somewhere in the Perl MySQL stack causes dropped connections, which are not reconnected even if that flag has been set for the connection.  So we now always do a check-and-reconnect before doing any database communication.
  • Bugfix: the allow_userdir_on_url_insecurely setting interferes with the serial_is_userdir setting, so ignore it if the user inadvertently enables both.
  • Bugfix: on Windows servers, in situations where we need to create new folders which include multiple levels, if the server is using drive-letter paths instead of UNC paths, then we failed to create the new folder.

v4.47 (20090409):

  • New multi-download feature allows users to select multiple files/folders on the downloads page and then select a "Download" option from the Actions Menu at the bottom; this will cause FileChucker to create a zip file of the selected items and then offer it to the user for download.
  • The download-landing-page feature now supports a countdown timer, which will hide the download link for a period of time; this is useful for situations where you want to display ads on the landing page.
  • We now use a timeout when creating thumbnail images, so that any image/video files which are corrupt or too big can be skipped, rather than causing the page to take minutes to load, or fail to load completely.
  • When deleting multiple files from the downloads page, we now keep a running log of any errors that occur and display them at the end, rather than stopping on error and not even attempting to delete the rest of the items that were selected.
  • For the automatic_new_subdir_name and reformat_filenames_for_all_uploads features, the format for inserting date variables has changed from simply %v to %DATE{%v}.  And this format is now part of the standard set of external variables that we support within all pref values.
  • Bugfix: the previous update introduced a bug which prevented form fields with the _save setting from correctly displaying the saved values; they were displayed as a "1" regardless of what the value really was.

v4.46 (20090325):

  • All prefs can now include variables from the URL, cookies, environment variables, other prefs, and from MySQL select queries.  See this FAQ item for details.  For example such variables can be used within a $PREF{formfield_NN_default} setting to set the default value of a form field from any of those data sources.
  • The file list on the "Download Files" page can now be set to hide file extensions. [$PREF{hide_file_extensions_in_filelist___from_first_dot}, $PREF{hide_file_extensions_in_filelist___from_last_dot}]
  • The upload serial number can now be cut down to a shorter length even after hashing, mainly for use with the $PREF{serial_is_userdir} feature for situations where a shorter URL is desired. [$PREF{cut_serial_to_this_length_even_after_hashing}]
  • Added note to prefs file about how to use an image as the submit button on the upload form.

v4.45 (20090308):

  • When a user tries to access a page that he doesn't have permission to access, instead of just printing the access-denied/login-required page, we'll use Javascript to automatically redirect there.
  • New $PREF{enable_perfile_passwords} setting to explicitly enable this feature, rather than implicitly enabling it based on the existence of a _password form field as before.
  • New $PREF{userdir_shared_secret} setting to allow the userdir to be passed on the URL in a secure way, for situations where you're integrating with an existing non-UserBase login system and the other methods (cookies, PHP env vars) are not available on your server or in your login system.
  • You can now set $PREF{title} and $PREF{intro} on a per-page basis (i.e. a different title for the upload form, the file list, etc).  Actually this has been possible for a while for $PREF{title}, but the per-page variations of the prefs are all explicitly enumerated in the prefs file now.
  • New $PREF{formfield_NN_displayname} option, to specify extra text with the form field's title on the upload form, that you don't want to be displayed elsewhere (in the notification emails for example).
  • Added a few more file types and strings to the default lists of disallowed and hidden types/filenames.
  • Renamed the $PREF{hide_topmost_level_in_breadcrumbs} setting to $PREF{hide_links_to_topmost_level_from_userdir_users} so its purpose and scope are more clear; also cleaned up the handling of leading/trailing slashes for the various permutations that affect the breadcrumbs display.
  • For the extra upload fields that are now automatically generated (by default at least) once the user selects the first file to upload, we now display the text "(optional; may be left blank)" so that the user doesn't think that he must upload multiple files.
  • You can now create multiple copies of the style preference ($PREF{css1}, $PREF{css2}, etc) and call them as ?css1, ?css2, etc, in case you want to embed FileChucker in multiple different pages with different styles.
  • Modified how our built-in password protection handles redirection: instead of having ?target=foo with individually-specified cases for where to redirect, we now just redirect to the referer, as UserBase does.
  • When displaying the error stating that our onload actions failed to run, and that you must remove any onload from your page's body tag, we now include a link to a page explaining how to use multiple onload events so you can preserve your existing one.
  • Bugfix: when processing download links internally (so we can check permissions for example), we presented the file for download even if the file no longer existed, or if it was empty -- the downloaded file would simply contain an error message.  We now check for empty/nonexistent files and display a sensible error message in the browser directly.
  • Bugfix: the upload-complete page now displays newlines as HTML newlines (instead of as spaces which is the default with HTML) for any form fields whose submitted values contain newlines.
  • Bugfix: on IIS servers where the docroot is a virtual UNC path, we now correctly auto-detect that, rather than requiring it to be specified manually.
  • Bugfix: the $PREF{try_to_use_identify_for_dimensions} setting didn't work because we weren't enabling $PREF{identify_available} with it (only affects those using the image features on servers without the ImageMagick and/or GD Perl modules).

v4.44 (20090202):

  • Bugfix: the previous update introduced a bug which caused FileChucker to fail to submit insertions/edits/deletions when editing the database tables for certain features (upload and download logs for example) when FileChucker was embedded within another page.

v4.43 (20090109):

  • Default data directory name changed from "fcdata" to "encdata"; also removed the dot from default image directory names ".fcht" and ".fcimages"; renamed our default make-new-directory query-string variable from "mkdir" to "makefolder" because some servers treat any mention of "mkdir" as a security threat.
  • In situations where we need to display some output but we're currently outside of any page we might be embedded in (which typically means when we're POSTed to), we now perform a redirect to ourselves within the embedded page before displaying the output.
  • For the various features that require the enabling of the $PREF{download_links_go_through_FileChucker} setting, we now enable it automatically when the feature in question is enabled.
  • New $PREF{add_new_file_upload_fields_automatically} setting automatically creates a second file upload field when the user selects a file in the first one.  This is as opposed to the previous behavior, where the user had to click an "Add another file?" link.
  • Renamed the $PREF{automatically_delete_old_files} setting to $PREF{automatically_delete_old_uploads} so its purpose is more clear, and to distinguish it from the $PREF{automatically_delete_old_logfiles} setting.
  • The upload log and the download log now support a vertical display mode, and now support the editing & deleting of records.
  • Clarified the error message displayed when the human test is enabled but the server doesn't support the necessary image processing features.
  • Made the client-side file extension filtering be case-insensitive.
  • Bugfix: users who recently updated from older versions and who also use UserBase would sometimes receive an error about a missing column during login; that's fixed now.
  • Bugfix: a small number of servers treat an "http" in the URL as an error (other than the one at the very beginning), so we now remove that in any situation where we're passing addresses on the end of the URL.

v4.42 (20081028):

  • For the serial_is_userdir feature, we now do a forced redirect to ourself passing the userdir on the URL, so that repeated visits to the script don't create lots of empty userdirs (since a new serial/userdir gets generated each time if it's not specified on the URL).
  • New $PREF{force_https} setting, which causes us to do a forced redirect to ourself using https:// if we were visited without it.
  • New hide_leading_slash_in_breadcrumbs (and _trailing_) settings, which affect the path displayed at the top of the "Download Files" page.  Also code refactoring so that if the features & text are all disabled within this top row of the file listing, then the row itself is not displayed.
  • Renamed some of the prefs used by the upload and download log pages, and changed the styling of those pages.
  • For extra form fields, you can now specify default values that include variables from the URL and PREF values (previously this was only possible for *hidden* extra form fields).
  • When loading pref values from UserBase's prefs file, we now include strings from the %TEXT hash.
  • Updates to shared code to support new UserBase features (logging of failed & successful logins, last-active-time logging, password expiration).

v4.41 (20081006):

  • Removed the $PREF{smtp_port} setting; this should be specified on the end of the $PREF{smtp_server} value, because some Perl installations don't honor the separate port spec.
  • Bugfix: don't require $PREF{store_upload_info_in_database} in order to use extra formfields, in case the user wants to simply email the values, or pass them on the URL to another page post-upload.

v4.40 (20080928):

  • Removed the $PREF{store_upload_info_in_files} feature, because virtually all servers have SQL available, so $PREF{store_upload_info_in_database} is a better option; and because removing this feature greatly simplifies some aspects of the code, and significantly reduces the size of the application.
  • Bugfix: when deleting a file with the store_upload_info_in_database feature enabled, if the file was not in a subfolder, then the file's upload info would fail to be deleted from the database.

v4.39 (20080927):

  • Bugfix: the show-all-permissions page was failing to display due to a change in the name of the permissions table preference.

v4.38 (20080925):

  • New $PREF{populate_each_new_userdir_from_this_folder} feature for situations where new userdirs need to be pre-filled with files/folders from a default set.
  • New $PREF{add_www_to_hostname} and $PREF{remove_www_from_hostname} settings, for situations where that can't be done at the server level.
  • Any custom fields defined in UserBase can now be used in various FileChucker settings using the %PREF{ub_var_foo} syntax.  For example a UserBase custom field named "city" would be %PREF{ub_var_city}.
  • On the Download Files page, for files that are displayed as thumbnails (images, videos), we now check the timestamp on the thumbnail and the original file to determine if we need to recreate the thumbnail, in case the original file has changed.
  • For the $PREF{resize_uploaded_images} feature, we now only resize images that are larger than your specified dimensions; we no longer upscale smaller images.
  • Added new method of calling UserBase, for servers without PHP and which don't allow executing external commands (mainly particular IIS versions).
  • Consolidated our writable_dir_perms* and writable_file_perms* settings.
  • Bugfix: the "round" style had an issue where the header on it file-list page was getting squished.
  • Bugfix: we now do multiple iterations of %PREF{foo} interpolations for the preferences, so that in situations where nested interpolations exist, we can resolve them correctly.

v4.37 (20080912):

  • Changed the default value of the $PREF{userdir_folder_name} setting from "home" to "users" to make its purpose more clear.
  • Added new $PREF{custom_form_fields_namelist} setting, so that when using custom HTML code for the upload form, you can more easily specify the names of your form fields.  The previous method (still supported because it allows more flexibility) is to create a set of $PREF{formfield_NN} settings for each custom form field.

v4.36 (20080908):

  • The "Upload Complete" page is now template-based and thus fully customizable.  It also now automatically displays the data for any extra formfields that you've defined.
  • On the file info page and in the notification emails, we now hide the "Form fields:" section altogether if you haven't defined any extra form fields, rather than displaying the section but leaving it empty.
  • We now delete thumbnails when their corresponding image/video files are deleted.
  • When creating our human-test images, we now check that the output image exists and has a nonzero file size before attempting to use it, because of strange issues on some servers where ImageMagick/GD are installed but not functioning properly.
  • New ?output=firsthalf and ?output=secondhalf modes to make it possible to embed FileChucker into an existing page containing an existing form and have FileChucker process that form.  This is useful for existing forms that are large or complex; otherwise, our already-existing methods of specifying extra form fields or custom HTML for a smaller number of form fields usually suffice.
  • Bugfix: when displaying directory lists (in the dropdown menu on the upload form for example) we were using a depth-based sort, but that produced a strange sort order in many cases where there are multiple nested directories with foldernames of varying lengths.  This is now a straight alphabetical sort.
  • Bugfix: when deleting a file, we attempted to delete its corresponding database entry without checking whether the entry existed, resulting in an error if you've got files in FileChucker's uploads folder that you put there via some other method.  We now check to make sure the upload record for the file exists before trying to delete it.
  • Bugfix: on the file list, disabling folder thumbnails now applies to both kinds of thumbnails -- video and image -- not just image.

v4.35 (20080902):

  • Bugfix: if you didn't read the instructions with the new $PREF{log_all_downloads} feature which state that you have to set the database settings in PREFs Section 12, and you left those settings null, we'd display an obscure error.  We now check for the db settings when $PREF{log_all_downloads} is enabled, and if they're missing we explicitly state that.

v4.34 (20080828):

  • New setting to ignore any errors that may occur while creating thumbnails for video files ($PREF{ignore_video_thumbnailing_errors}), rather than breaking the page and halting the output on that file, since corrupted video files are fairly common.
  • We can now display video thumbnails as folder thumbnails when a folder contains a video, as we do for image thumbs.

v4.33 (20080826):

  • Bugfix: some of our background images weren't being displayed because of a bug in the CSS in the prefs file.

v4.32 (20080820):

  • We can now log download information to a database ($PREF{log_all_downloads}), in addition to upload information as before.
  • We can now send notification emails on downloads, too ($PREF{send_download_notification_emails}).
  • We now have built-in pages to view the upload info database and the download info database.
  • Storing upload information into a database is now much simpler to set up.  (See $PREF{store_upload_info_in_database}.)  We now create the database table automatically, store a set of default fields automatically, and we automatically store the values of any formfields that you define.  We didn't do this stuff automatically before because of the fact that users might want to create column types specific to the data they're requesting; but in most cases it does make sense to simply default all columns to TEXT, and advanced users can simply modify their column types if they want to.
  • Our database date field is now formatted as YYYYMMDD-HHMM instead of the previous format which was longer, less standard, and included the day of week, etc.

v4.31 (20080819):

  • Hidden form fields can now be set to totally custom values including variables from the URL and from cookies.
  • If you're storing upload info in a database, but some of your column names don't match our internal names (for things like filename, path, etc), you can use the new $PREF{db_column_name_conversions} setting to avoid having to modify your database table or manually modify the filechucker.cgi code.
  • New $PREF{enable_custom_sql_commands} setting allows you to specify totally custom SQL statements to be executed upon upload.
  • Added some CSS so that the filelist page does a better job of retaining its built-in styling when embedded into a page with additional styling.
  • The custom_form_fields feature now supports URL and cookie variables, as well as populating dropdown fields using SQL queries.
  • The fileinfo page (displayed when you click the options menu on a file and then choose info) can now be generated by a custom query using the new $PREF{fileinfo_query} setting.  This is probably not necessary for most uses though.
  • Removed a bunch of settings from the prefs file that were required when integrating with UserBase; we now read the UserBase prefs file directly to get these settings.
  • Simplified the database settings: you no longer need to use separate files to specify your SQL information.
  • The "upload complete" page can now optionally display the code for an [IMG] tag to be copied & pasted.
  • On certain error conditions, we now include the original query-string that we received, to help maintain the state of any page we might be embedded in.
  • Refactored some of the code for AJAX-based functions to make it more straightforward and easier to replicate when adding additional AJAX-based functionality.
  • Added support for negative permissions: in addition to the standard groups_allowed_to_* settings, you can also create groups_not_allowed_to_* settings, for more fine-grained control over permissions.
  • Values from checkbox formfields are now automatically converted to a one or a zero by default.  This could be considered a bugfix if you were previously using FileChucker to store checkbox values into an SQL column of type BOOL or TINYINT.
  • Bugfix: when using the custom_form_fields feature, depending on how you set your formfield prefs, the labels on the fileinfo page might have been missing.
  • Bugfix: in some cases depending on server & browser caches as well as your particular FileChucker configuration, using your "Back" button to return to the upload form after completing an upload could result in the "Begin Upload" button being disabled.  We now automatically enable this button when the form loads in case it was disabled before.

v4.30 (20080806):

  • FileChucker now generates video thumbnails on servers where ffmpeg is available; the thumbnail command is customizable though so you can also use any other command capable of generating thumbnails from video files.
  • New setting $PREF{only_allow_one_subdir_dropdown_per_upload}, and the existing $PREF{only_allow_one_new_subdir_per_upload} setting is now enabled by default, so that by default, if the user selects a subdirectory or creates a new directory, all the files from that upload will use the same directory, rather than being serialized with _01, _02, etc, for the files in a multi-file upload.
  • New $PREF{integrate_with_userbase_method_b} setting, which provides an alternative integration method for situations where the default method fails because you're running a much older version of one or the other app.
  • We now detect whether our onload events occurred, so we can display an error if they did not (because we're embedded in a page that does <body onload=foo()> for instance), since some of them are critical for certain features to work.
  • We now delete any entries from the fileinfo database when the corresponding file itself is deleted.
  • We now specify a hardcoded default prefs file name, to be loaded only if we fail to load a prefs file based on the script's filename, so that we can attempt to continue on servers that fail to set their environment variables properly.
  • Emails sent by the script now include visitor information in the email headers (IP address, hostname, user agent).
  • Bugfix: if using the download_links_go_through_FileChucker setting and if disabling the filename-cleaning feature, then download links would be broken for filenames containing spaces.
  • (Prefs file updated.)

(More changelogs coming coon.)

v4.01 (20070630) (internal):

  • FileChucker can now read usernames from PHP sessions.
  • Custom form fields can now be made read-only.
  • There is now an option to generate email message IDs internally, for strange cases where the mail server for some reason fails to generate them.
  • Refactored some code for the passing of progress bar (and progress table) status information from the CGI script on the server to the Javascript on the client, in order to make it easier to hack the code to pass custom/extra information to the browser via AJAX.
  • Bugfix: when using the new feature where the progress bar is displayed in a pop-up window (i.e. in Safari), we failed to properly relay the AJAX "upload too big" message, so the whole upload would still take place and then the server would tell you it was too big.

v4.00 (20070625) (internal):

  • Bugfix: the serial_is_userdir feature only worked for the first upload for a given serial number; reusing a serial number (i.e. reusing an upload folder) didn't work.

v3.99 (20070624) (internal):

  • Bugfix: a recent update broke FileChucker's upload-is-too-big error logic, so uploads that exceed the site's sizelimit setting were just timing out instead of saying "sorry, upload too big."

v3.98 (20070618) (internal):

  • We now automatically periodically delete any leftover *.rawpost files in the fcdata directory (only applies to servers running outdated versions of Perl).
  • Made some changes to support servers whose DOCUMENT_ROOT is a UNC path (one beginning with \\ or //).

v3.97 (20070618) (internal):

  • Renamed the ?makePasswordHash argument to ?newpw (though the old one is still supported).
  • We now display an error if the human-test image directory does not exist and the human-test is enabled.
  • We now assume that if userdirs are enabled and the current user has one, then at least one writable directory exists for this user.  This is to save a call to get_all_writable_directories(), which can take a lot of time on servers with lots of folders in their upload area.
  • Bugfix: all template variables are now of the form %%var%% instead of %var% as before, because %foo% is ambiguous within a template that may also contain a URL with hex-encoded portions.

v3.96 (20070614) (internal):

  • New "Download" link on the options menu for each file in the file list, which "forces" the browser to display a "Save File" dialog for the file instead of trying to use a plugin to render it.
  • The update-timestamp-on-download feature is finally fixed/finished.

v3.95 (20070614) (internal):

  • New option to allow multiple levels when creating a new subfolder (i.e. multiple levels in that folder's name; we've always allowed multiple sublevels overall, but you had to create them one at a time).
  • New option to specify a max image filesize for which we'll attempt to create a thumbnail, so that on sites with huge images, we'll skip them instead of hanging and/or producing an empty thumbnail file.
  • On the file list, we no longer exit with an error if a folder isn't writable.  That generally is an error, but when just displaying the files, it really isn't.

v3.94 (20070613) (internal):

  • FileChucker can now optionally display the progress bar in a pop-up window instead of within the original page.
  • FileChucker's progress bar now works more reliably on Safari.  Previously it would sometimes work fine but intermittently the progress bar would fail to move; FileChucker now always displays the progress bar in a separate pop-up window for Safari users, which seems to make it function properly all the time.  I guess we'll find out come June 29th when there are scores of new iPhone-wielding Safari users...
  • Miscellaneous CSS adjustments, including a new per-page class attribute on the outermost container so different pages can be styled differently more easily.

v3.93 (20070611) (internal):

  • FileChucker can now read PHP session data to get an existing username for password-protection, userdirs, etc.
  • New preference for specifying custom Javascript code to be executed right when an upload completes.
  • New option to automatically reconnect to a database after an upload completes in case of lost connection (only necessary for a tiny percentage of web hosts who constantly lose database connections, like GoDaddy).
  • A single copy of FileChucker can now run in multiple modes with different settings by passing URL options to specify different prefs files to be used.
  • For upload sessions where no files are included, but other form-field data is, we can now pass the form-field data on the URL to another page upon completion.
  • Bugfix: a previous update broke the pass-formfield-values-on-redirect functionality.

v3.92 (20070526) (internal):

  • Made the various error pages more consistent, and template-based.
  • Disabled the $PREF{urls_allowed_to_post_to_us*} settings by default, because a small number of people reported false positives with it.
  • New option to control whether we serialize new subfolder names if a folder by the same name already exists (previously we always did and there was no option to disable that behavior).
  • New option to specify custom Javascript code that will be executed when the upload form is submitted (in addition to the existing custom JS code option, which does not get executed onsubmit).
  • New subfolders created during uploads (whether manually by the user, or via $PREF{automatic_new_subdir_name}) can now include multiple folder levels.
  • Bugfix: the auto-redirection to the login page that was implemented in the previous update caused problems when not integrated with UserBase, so we now test for that and don't auto-redirect unless integrated with UserBase.
  • Bugfix: a line in our JS code failed to work in Opera, resulting in it being impossible to upload.  This appears to be due to a bug in Opera's regex processing within Javascript, but we've now implemented a workaround that does the same thing in a different way, and works on all browsers.

v3.91 (20070517) (internal):

  • You can now add custom columns to the file list to display information about the uploaded files (the same information that was previously [and still is] available on the options > info link).
  • Now the "You must log in" screen automatically redirects the user to the login page.
  • You can now specify notification email recipient addresses on a per-folder basis.
  • We now hide/ignore Frontpage's stupid _vti_cnf folders by default.
  • Our newline-replacement string (used in the info files) is no longer optionally space-padded, in order to simplify processing and make it more deterministic.  This may affect sites that have existing info files which store fields that can contain newlines; the result would simply be extra spaces in the field's value.
  • Bugfix: a recent update made perfile formfields fail to have their values saved for files other than the first one in multi-file uploads.
  • Bugfix: when using the store-info-to-database option, the new counternum field was created as NOT NULL which caused a problem on some versions of MySQL.
  • Bugfix: the "Add another file?" link is now hidden when in reprocessing mode.
  • Bugfix: a recent update broke the serial_is_userdir feature in some cases, because the serial number is now generated client-side just before each upload begins; so we now use this new serial number in creating the userdir instead of the one hard-coded into the subdir field.
  • Bugfix: the reprocessing feature was not being processed by the Javascript code for the Actions Menu.

v3.90 (20070502) (internal):

  • New $PREF{enable_upload_counter_number} option to give each upload a unique number that can be used as a serial number, order number, confirmation number, etc.
  • Changed the file info page (FileList > options > info) so it is now entirely template-based.  This required changing the format of our info files in a way that breaks compatibility with any existing info files created by previous versions of FileChucker.  So if you have existing info files that you need to keep accessible, then you'll probably want to set $PREF{store_upload_info_in_files__oldformat} = 'yes'.

v3.89 (20070425) (internal):

  • The user can now add more file-fields to the upload form by just clicking on a link that updates the page instantly, instead of having to hit an "Apply" button which reloads the page from the server as before.

v3.88 (20070424) (internal):

  • The Javascript that controls the progress bar and table now includes a check for a rare problem on some (probably broken) servers which prevents the server from knowing the total upload size.
  • Added some more sanity checking and bounds-checking for the progress percentage on the upload form.

v3.87 (20070413) (internal):

  • New option to allow form submissions that don't include files, in case you want to collect other data (text input) in a submission that may or may not include file uploads.
  • The upload progress bar now slides smoothly from one value to the next instead of jumping.
  • The pop-up menu on the per-file "options" link has been changed: it no longer includes a "Close Menu" link -- instead clicking somewhere else automatically closes it (as is ~standard for such menus); it now has a minimum width so it never displays absurdly tinyly; it now displays "(none)" when there are no applicable options for a given file/folder.
  • Bugfix: if disabling the $PREF{show_progress_table_during_uploads} option, so that just the progress bar is shown (but no textual data), the upload failed to start.

v3.86 (20070407) (internal):

  • Bugfix: one of the recent Javascript updates caused an incompatibility with certain versions of Firefox on Windows; fixed now.

v3.85 (20070406) (internal):

  • You can now specify different icons for files in the file-list based on their MIME types (determined by their file extensions).
  • Bugfix: the "Home" link in the footer was displayed as an invisible link if the $PREF{home_link_name} was set to null; now it's not displayed at all in that case.
  • There is now an "all permissions" page to show all the folder permissions that have been assigned to all users and groups (in addition to the original permissions page which shows the permissions for each folder on its own permissions page).

v3.84 (20070402) (internal):

  • Added new "human test" feature, where the user has to enter a code displayed on the page to prove that he is a human and not a spambot (or other nastybot).  This feature also includes an invisible mode where the user doesn't even actually have to type anything or even see the extra field at all, and it should still block spambots.

v3.83 (20070331) (internal):

  • FileChucker can now generate the upload serial number (synchronization token) on the client-side via Javascript at the start of each upload, which can be useful in some situations where the upload form must come from a static file.

v3.82 (20070329) (internal):

  • FileChucker's upload form can now get a new upload serial number from the server at the start of the upload, instead of when the form itself is first generated.  This can facilitate the separation of the front-end from the back-end (for example to host the form and the CGI script on two different servers).

v3.81 (20070328) (internal):

  • Added an option to automatically transfer the uploaded files to a second server via FTP at the end of an upload.

v3.80 (20070327) (internal):

  • Bugfix: when using custom_folder_permissions together with integrate_with_userbase, users in the public group were sometimes treated as users in the members group.

v3.79 (20070321) (internal):

  • Bugfix: the $PREF{serial_is_userdir} feature broke in a past update; fixed now.
  • Moved lots of text strings into user-adjustable $TEXT{foo} settings, to make i18n and l10n (internationalization and localization) easier for translations, etc.
  • Lots of small changes to make Perl's warnings mode less verbose.
  • The top row on the file-list (containing the "Viewing:" breadcrumbs line and the Options Menu) is now a row within the table, instead of a separate div.  This makes styling easier when you want to adjust the width of the file-list, and it obviates the need for some conditional CSS that was previously necessary to make the div align properly in IE.

v3.78 (20070309):

  • Added an option to specify the amount of sleep-time during upload blocks when not using the upload hook (i.e. only on servers with extremely old versions of Perl, or where you manually set the disable_upload_hook option).  On most modern servers there is no sleep time and uploads happen as fast as the network link will allow.
  • Removed some old unused code.

v3.77 (20070307) (internal):

  • Added documentation for the fact that you can now pass ?path=/foo/bar/baz/ on the URL to specify a particular uploads subdirectory (feature was added a few releases back).

v3.76 (20070307) (internal):

  • The size and date columns in the file-list can now be disabled.
  • Bugfix: in a few places, we forgot to change our old %TEXTBOX variables to the new %FORMFIELD variables.
  • Each item (row) in the file-list now has a single "options" link that produces a pop-up menu when clicked, which contains the various actions like delete, move, info, etc (as opposed to before where each of those actions had its own space-hogging column in the table).
  • Bugfix: sometimes on servers without sendmail and/or MIME::Lite, the error message we displayed didn't contain all the error details.

v3.75 (20070228) (internal):

  • The template-based notification emails can now include a list of the uploaded files.

v3.74 (20070226) (internal):

  • Bugfix: sometimes the "you tried to upload too much data" message would display 0 as the current limit.  Fixed now.

v3.73 (20070223) (internal):

  • The upload progress bar now has a nicer more 3D look.
  • Added documentation for the fact that notification emails are now fully customizable via templates (feature was added a few releases back).
  • Default exclude list now includes .phtml files.

v3.72 (20070222) (internal):

  • The file/folder/size counts in the footer now reflect the current folder only, and clicking on it toggles to a new set of numbers that reflect the current folder and all subfolders.

v3.71 (20070221) (internal):

  • Bugfix: custom folder permissions feature incorrectly assumed that UserBase was present in some places.

v3.70 (20070220) (internal):

  • If image-processing Perl modules (ImageMagick and GD) are not present, we display a message explaining how to install them, and stating that the user can optionally disable the image features instead of installing the modules.  But one of the PREF names to disable was slightly incorrect in this message.

v3.69 (20070208) (internal):

  • The $PREF{top_textbox_NN_singleline_*} options are now $PREF{formfield_NN_*} options.
  • FileChucker now supports image rotation in the file-list.
  • The file/folder checkboxes on the file-list now support "Delete" as a multi-item action.

v3.68 (20070202) (internal):

  • The you-must-login message is now customizable.
  • FileChucker can now automatically create a new subfolder for each upload based on the user's textbox input, cookies, URL variables, date/time, etc.
  • The _dbcolname PREF for textboxes has been renamed to _shortname, and it is now required for all textboxes/formfields (as opposed to before when it was required only if storing the data into a database).
  • Added CGI and ASP extensions to the default list of excluded extensions.
  • Added better documentation for the replace/reprocess modes.
  • New option to automatically put users into their userdir subfolder in the file-list, instead of always starting them at the top level and requiring them to click on their home folder in the list.
  • The upload serial number is now a hash by default.
  • Notification emails are now totally customizable, with separate templates for admin notifications and user notifications.

v3.67 (20070113) (internal):

  • Added option to disable the checkboxes on the file-list.
  • Bugfix: one of our SQL loops referenced undef instead of \$foo which some older MySQLs don't support.

v3.66 (20070112) (internal):

  • New "replace" and "reprocess" modes to allow users to select files in the file-list and choose to upload replacements, or reprocess the job that they came from without re-uploading the files.
  • New option to force all uploads into subdirectories of the uploaded_files_dir (i.e. don't present the root of the uploaded_files_dir in the directory selection drop-down list).
  • The file-list now has a checkbox at the end of each row, to allow the user to select and manipulate multiple files/folders at once (currently the only available actions are "replace" and "reprocess").

v3.65 (20070110) (internal):

  • Bugfix: previous update caused breakage when max_files_allowed was set to 1.

v3.64 (20070109) (internal):

  • Streamlined extension-based filtering and added new option to filter based on strings anywhere within filenames (not just extension), including support for regular expressions.

v3.63 (20070105) (internal):

  • Bugfix: custom front-end form support only worked for single-file uploads; now supports multi-file just like the built-in form.

v3.62 (20070104) (internal):

  • Slight changes to the custom form support.

v3.61 (20070104) (internal):

  • Now supports unlimited arbitrary groups of users when integrated with UserBase.
  • FileChucker now supports custom folder permissions, allowing the webmaster to specify read-only or read-write access for individual users/groups on a per-folder basis.  This is basically an ACL (Access Control List) system.  (The "must_be_member_to_*" PREFs are now "groups_allowed_to_*" PREFs.)
  • Changed the internal handling of the userdir feature; userdirs are now all within a top-level subdir ("home" by default) in your uploaded_files_dir, so that even with userdirs enabled, it is possible to allow your users to access other top-level folders if you wish.
  • It's now possible to have notifications emails sent to user-entered email addresses even if you don't have them sent to your administrative email address.
  • It's now possible to specify header and footer files that FileChucker will include in its output.  This is normally much better handled by calling FileChucker via PHP or SSI (the latter in a *.shtml file), but on some especially retarded servers (which is to say IIS 6+) that's not always possible.
  • We now support fully-custom form front-ends.  We still need to put our JS/CSS/etc into the page, but the form elements (inputs, selects, radio buttons, checkboxes, textareas, and file elements) can be totally custom.  (For cases where FileChucker's built-in formfield features don't provide enough flexibility.)
  • Changes to how database credentials are stored.
  • Many small changes, some not documented.

v3.47 (20061222) (internal):

  • Slight adjustments to the way we update the timestamp on files when they're downloaded.

v3.46 (20061212) (internal):

  • Slight adjustments to default settings for UserBase integration, since UserBase is now at /cgi-bin/userbase.cgi instead of /cgi-bin/userbase/userbase.cgi.

v3.45 (20061211) (internal):

  • Custom dropdown boxes (i.e. select/option elements) now support the ability to have each displayed item map to a different submitted value, for example you could have the drop-down display names, each of which submits a different email address (which the user does not see; he only sees the names).

v3.44 (20061205) (internal):

  • Bugfix: the Options Menu now only displays the thumbnail options when those features are enabled.
  • We now display a nicer error message if neither ImageMagick nor GD are installed on your server, and include instructions for how to install them, and to disable the thumbnail features if the modules cannot be installed.

v3.43 (20061204) (internal):

  • Thumbnails in the file-list can now be enabled but turned off by default (so users can enable them via the Options Menu if they want to).
  • Moved some initialization code from the top of the script into the load_prefs() function to improve code organization.
  • We no longer hide the file/folder icons when displaying thumbnails in the file-list, because displaying them helps to distinguish folder thumbnails from file thumbnails.
  • We no longer upscale images when creating thumbnails; any image that is already smaller than our thumbnail size will be used as-is for the thumbnail.
  • Improved delete feature: deleting a file now uses a pop-up confirmation dialog instead of a confirmation page, so the whole process is quicker, and it also returns you to the same page you came from (including any sort options) rather than just to the default file-list page.

v3.42 (20061107) (internal):

  • New option to store URL variables into a database.

v3.41 (20061107) (internal):

  • Moved CSS Conditional Comments to after the user's custom CSS, so the CCs don't break the stylesheet (thus preventing the custom CSS from taking effect) when embedding within an existing layout.
  • The counts on the file-list now include hidden items.

v3.40 (20061106):

  • New "grid" display mode, particularly useful if most of your files are images and you have thumbnails enabled.
  • New "Options Menu" provides a centrailzed location for adjusting the style, layout, and thumbnail-viewing options.
  • We now display a file-count in the "Size" column for folders.
  • New folder-thumbnail feature, so that folders containing images automatically have a thumbnail displayed, instead of just a folder icon.
  • Laid the groundwork for internationalization and localization (i18n and l10n).

v3.39 (20061103) (internal):

  • Hide the thumbnails directory in all the drop-down dir listings.

v3.38 (20061103) (internal):

  • Added ".jpe" to the list of file extensions for which we display thumbnails.

v3.37 (20061103) (internal):

  • The file list now displays thumbnails for files that are images.
  • The custom textboxes feature can now create radio button lists and checkboxes, in addition to text fields, multi-line text boxes (textareas) and drop-down lists (select elements) as before.
  • Drop-down lists are now positioned more nicely by default.
  • New option to specify the initial/default value for form elements.
  • New option to specify filters to hide folders/files from being displayed in the file list (in addition to the existing extension-based filters).
  • Bugfix: on IIS, sometimes our untaint function receives garbage like ".\\98736CGI.tmp" and the escaped backslash breaks the untaint process (thanks, Microsoft).  Fixed.
  • Bugfix: when using pass_textbox_values_on_redirect, the dash we used would prevent some PHP methods from properly retrieving the URL variable.  So that dash is now an underscore instead.
  • Bugfix: the serial_is_userdir option now works with serial numbers containing letters.

v3.36 (20061027) (internal):

  • Added quota features that can be enabled for the entire uploads directory and/or for individual member subdirectories (userdirs).
  • Reorganized some of the code that handles an IIS5 redirection bug.

v3.35 (20061023) (internal):

  • Changed the default installation location from /cgi-bin/filechucker/filechucker.cgi to /cgi-bin/filechucker.cgi.
  • Renamed the logs directory to "fcdata" to help prevent people from thinking that it's just temporary logs in there.

v3.34 (20061023) (internal):

  • Moved the path_to_filelist_images PREF into PREFs Section 02, since anyone who changes the uploaded_files_dir setting will probably want to change this too.
  • Added some brief instructions for how to create your own styles, in the inline documentation for the styles in PREFs Section 11.
  • Bugfix: on some IIS installations, we couldn't load the filechucker_prefs.txt file because it wasn't in our cwd.

v3.33 (20061018) (internal):

  • Extremely old versions of Perl (as in >5 years old) don't support some of the "newer" more efficient upload logic, so we now have a fallback for them.

v3.32 (20061018) (internal):

  • The clean_up_filenames preference now applies to files that you've set to be renamed based on the user's textbox input.
  • New only_allow_one_new_subdir_per_upload & display_dropdown_box_for_subdir_selection prefs provide greater flexibility in configuring the upload form.
  • Moved some of the markup for the footer and the "Viewing:" box into prefs.
  • New "round" style.
  • Rearranged some of the code and prefs related to high-contrast row-highlighting for the uploaded files table; now you can specify a different high-contrast highlight color for each style.
  • Now if a user tries to create a new subdirectory during an upload, and a directory by the same name already exists, we rename the new one with an "_01" ("_02", "_03", etc) on the end.

v3.31 (20061013) (internal):

  • Bugfix: when using enable_userdir_on_url and keep_userdir_on_url, some functions (like ?js and ?login) complained about userdir missing from the URL, when really they shouldn't care about that.  And some functions (like move/rename/delete) failed to keep the userdir on the URL.

v3.30 (20061011) (internal):

  • We now show the percent completed in the titlebar during uploads.

v3.29 (20061005) (internal):

  • Now pressing Enter when a textbox is focused will call the verification function instead of submitting the form.

v3.28 (20060928) (internal):

  • Improved the "dark" color scheme.
  • Streamlined some of the color-scheme functions so adding new schemes/themes is easier.  Also added the ability to have per-scheme values for $PREF{title}.

v3.27 (20060927) (internal):

  • New pref update_timestamp_on_download so that the file's date/timestamp can reflect the last time it was accessed (downloaded), instead of the last time it was modified (which is probably when it was uploaded).
  • New dark color scheme.
  • We no longer pass the uploaded file's URL path on the URL for the upload-complete page.
  • New prefs length_of_serial and use_letters_in_serial.

v3.26 (20060926):

  • Now if you've enabled an email textbox, you can choose to have the From: field on your notification emails be set to whatever address the visitor enters into the email textbox.
  • Refactored the email function to be more logical and to print better error messages in case the SMTP server and/or sendmail preferences aren't set.

v3.25 (20060916):

  • Previously, we weren't actually returning XML to the AJAX calls; we were using straight text.  Of course this isn't really a problem, and it's quicker (since we're not transferring lots of text we don't really need), but it was annoying seeing the "errors" in the Javascript console.  So now we return a valid XML document.
  • Bugfix: filenames containing pound-signs can now be downloaded without error.
  • Bugfix: the automatically_delete_old_files pref would sometimes attempt to delete non-empty directories, which of course didn't work and returned an error.

v3.24 (20060915) (internal):

  • You can now specify different upload size limits for strangers, members, and administrators.

v3.23 (20060914) (internal):

  • New pref automatically_delete_old_files.
  • Changed how the after_upload_redirect_to and reformat_filenames_for_all_uploads prefs are defined.
  • Bugfix: moving the entire prefs section to a separate prefs file without editing it should actually work now; previously, it would choke on non-string values.
  • Bugfix: if using your server's document root as your uploaded_files_dir (unlikely), there were duplicate slashes in some places, which prevented the download links from working.

v3.22 (20060913) (internal):

  • Added more workarounds for IE's ridiculous caching of AJAX stuff that's already clearly marked DO NOT CACHE.

v3.21 (20060912) (internal):

  • Bugfix: prefs loaded from a separate prefs file can now be set to null values.

v3.20 (20060906) (internal):

  • Manually create the REQUEST_URI env var if DNE (because IIS is garbage).
  • Try to set DOCROOT from PATH_* (because IIS is garbage).
  • Improved processing of upload data so uploads (once transferred to server) are processed much more quickly with less work by the server.

v3.19 (20060828) (internal):

  • Bugfix: when manually setting uploaded_files_urlpath (which is only when uploaded_files_dir_is_in_docroot is disabled), and when integrating with UserBase, the download links for members' files were broken (they didn't contain the username in the path). This affected an extremely small number of users since uploaded_files_dir_is_in_docroot is enabled, not disabled, in over 99% of installations.

v3.18 (20060826) (internal):

  • Now when an AJAX call comes back screwy, we still continue to try to update the progress bar (but at a slower rate), rather than stopping it altogether.  (The upload itself still continues regardless.)
  • Bugfix: when uploading multiple files and using the after_upload_redirect_to pref, interpolating variables from the URL to form the redirection URL did not work.
  • Bugfix: when using serial_is_userdir, the link on the upload-complete page to reuse the uploads folder went to the wrong place.

v3.17 (20060817) (internal):

  • Bugfix: when uploading multiple files, if the user left some of the file fields blank, we did not decrement the count for total-uploaded-files for that session.

v3.16 (20060816) (internal):

  • Bugfix: when integrated with UserBase, the names of our infofiles did not have the userdir on the front, so while each user could see the infofiles just fine, the admin could not.  Now we prepend the userdir to the infofile name so it is accessible by both members and admins.

v3.15 (20060808) (internal):

  • Added new PREF store_upload_info_in_database.
  • It seems that on some certain pages, window.onload fires before the page is really done loading.  So we now schedule set_row_mouseovers() to be executed a few extra times after a 1-second interval if #filelist doesn't exist yet.  This turned out to only apply when a certain (old) DOCTYPE was used, so we are not keeping it in for use in the general case.
  • Changed the "here" PREF into multiple separate PREFS (here_uploader, here_filelist, etc) to ease integration into some layouts.
  • Added new integrate_with_existing_login_system PREF.  We already did this for userdirs, but this allows further integration.
  • Added new login_url and logout_url PREFs to ease integration.
  • In various places, moved markup into PREFs to ease integration.
  • Added new progress_bar_width PREF to easily adjust this.
  • Added new show_progress_table_during_uploads PREF for those who want just the bar without the table.
  • Added new PREFs to control whether the default message & stats are shown on the upload-complete page, as well as a PREF to define a custom message to be displayed there.

v3.14 (20060804) (internal):

  • On the post-upload redirection URL, the uploads stats data now comes before the textbox values.  We also now abbreviate some of the field-names used on this URL due to Safari having an extremely lame max URL length.
  • When hiding the upload form to display the progress bar, we now include display:none in addition to abs-pos relocation because otherwise IE doesn't hide everything properly in some rendering modes.
  • Rewrote some of the login code to make it more consistent across the various login systems.
  • Rewrote some of the output to be more semantically correct (using <dl>s and <label>s instead of generic DIVs, etc).
  • Added PREFs to disable the container DIVs.
  • Added PREFs to disable the output of the full HTML tags (i.e. HTML, BODY, HEAD, etc, and their closing tags at the end) so that embedding FileChucker within another page is syntactically valid.  Also added functions to return only the CSS and JS, to be called from the page's HEAD when we're installed this way.
  • Bugfix: if the server didn't have an SMTP server available and thus had to use sendmail, then HTML messages were getting sent as text.

v3.13 (20060726) (internal):

  • When passing the names/values of custom textboxes on the URL after an upload is complete, instead of passing "&value=&" for null values, we just didn't pass that value at all.  Now we do pass it, with a null value.
  • Added a very basic shopping cart / ordering system, that allows users to select items (files) and place an order for them, which simply sends an email to you containing the list of items and the user's info.
  • Removed the word "Error" from the "Authentication Required" message, since in some (most?) cases that's not actually an error, just a message.
  • Added new default_page PREF for installations where the default page should be the filelist instead of the uploader.
  • Added new KB and MB PREFs so these labels can be set to something else (to Ko and Mo, for French users, for example).
  • Added the option to have custom drop-down fields (i.e. select/option elements) in addition to custom textboxes as before.
  • Simplified the handling of any textboxes marked mandatory.
  • We now mark the first file-selection element as mandatory so that we can catch it with Javascript if the user fails to select a file (rather than relying on the server-side to detect that, as before).
  • Added the ability to copy/move PREFs from the script into the separate prefs file directly, without removing the programming syntax.  This means you can basically take the entire PREFs section from the top of the script as-is and drop it into a separate filechucker_prefs.txt file without having to adjust anything.
  • The AJAX now reads the serial number from the action attribute on the form element, rather than having it hard-coded in from the Perl side.  This makes it possible to rip out all the Javascript and put it into a separate *.js file (though there are still lots of Perl variables in there, so you'd want to take it from the script's output -- i.e. a rendered page's source-code in your browser -- rather than from the Perl source code).

v3.12 (20060721) (internal):

  • Added new PREF pass_textbox_values_on_redirect.

v3.11 (20060719) (internal):

  • Added an uploadbuttonwrapper div around the upload button.
  • Added a "file" CSS class to the file-selection field, and a "text" CSS class to the new-subdirectory field.
  • Added a new PREF "cancelbutton" for users who want a "Click here to cancel this upload" -type link on the upload progress page.

v3.10 (20060718) (internal):

  • The "Upload Complete" page is now displayed within your site's SSI/PHP framework (assuming you've got that enabled with the "here" preference).

v3.09 (20060717) (internal):

  • Adjustments to handle uploads properly on ancient Perls.

v3.08 (20060717) (internal):

  • Changed the way we open files and directories to appease ancient Perls.

v3.07 (20060716) (internal):

  • Separate prefs file now supports perl-style here-documents, i.e. foo=<<'STOP'; ... (stuff on multiple lines) ... STOP
  • Now if an upload was disallowed (i.e. because of an illegal extension), we show "...but there were errors" on the upload-complete page (in addition to printing the "skipped..." message for each individual skipped file, as before).  And if after_upload_redirect_to is set, we ignore it to display the error.  (TODO: we should pass the error onto the redirect page instead.)
  • Now the notification emails (sent to the webmaster or to a user-entered email address) can optionally include the uploaded files as attachments.
  • Any custom textbox can now be made mandatory, i.e. the upload will refuse to start until the user fills it in.
  • User-entered email addresses (in email textboxes) are now checked for proper formatting (they must contain an at-symbol and a period, separated by text, and surrounded by text).
  • Cleaned-up the "big" style and re-enabled the style-switcher by default, and added a new "minimal" style.

v3.05 (internal):

  • New custom_footer prefs.

v3.03 (internal):

  • Added new pref pass_original_querystring_through.

v3.00 (aka v2.96) (20060703):

  • Now when the server doesn't respond to an AJAX call, we don't pop up the Javascript alert box with "Error: got a non-OK status code..." unless FileChucker is in debug mode.
  • New file-list styling that's higher-contrast and more fancy, maybe even a little "web 2.0" as they say.

v2.95b9 (20060628) (internal):

  • Bugfix: when using the New Folder function in the file-list, if userdir-on-URL is enabled, then creating a new folder failed because the userdir wasn't passed on the URL.

v2.95b8 (20060625) (internal):

  • Added new PREFs to enable more granular control over whether the "Upload Complete" page displays the filenames as links:


v2.95b6 (20060621) (internal):

  • Added new PREF show_text_url_to_file_after_upload, for users who want to copy & paste the link to their file, but don't know that you can just right-click on the link and choose "Copy."

v2.95b5 (20060620) (internal):

  • Added elapsed time, total size, and average speed stats to the "upload complete" page.
  • After deleting a file, we now meta-refresh, to get the delete parameters off the query-string, to prevent spurious re-deletion attempts when other links are clicked.
  • Added new PREF nice_serialization, so that if a file by the same name already exists on the server, the new upload will automatically be renamed with an "_01" or " 01" at the end.

v2.95b4 (20060615) (internal):

  • Added new PREF download_links_go_through_PeerFactor to support the P2P-based automatic load-balancing service provided by PeerFactor.
  • Refactored file-list code to simplify and eliminate duplication.
  • Added new big blocky style for the file-list, and new PREFs that allow visitors to switch their view between the small (older) style and the new style at any time.

v2.95b3 (20060614) (internal):

  • Added a few isNum() tests in the AJAX to prevent things from breaking (in IE), and NaN from being displayed, when things aren't yet initialized or aren't coming in fast enough, due to network issues.
  • The sort-by-column feature now works even when enable_subdirs is not set.
  • IE doesn't support window.stop, so now when the size of an attempted upload exceeds our $PREF{sizelimit}, we redirect to ourselves to stop the browser, and then display the error message.

v2.95b2 (20060613) (internal):

  • We now hide the "Mv" and/or "Del" column headers when the user doesn't have permissions for those actions (i.e. when the columns are empty).

v2.95b1 (20060612) (internal):

  • Updated for compatibility with the new UserBase, which is now a single file instead of 4 separate files.
  • Bugfix: if download_links_go_through_FileChucker was set, the "Show Uploads" link would not be displayed, even though typing in the URL manually did work.
  • Removed some old unused functions (written back when trying to get around the server write-caching issue).

v2.94 (20060607) (internal):

  • Now the auto-rename-uploads feature can use values that the user types into textboxes when renaming the file.

v2.93 (internal):

  • The debugging output can now be displayed on any page, not just the front page (the upload form).
  • The "Folder is Empty" message and the $PREF{sizelimit} inline calculation from previous updates apparently failed to get applied to the master copy of this program; they're there now.

v2.92 (internal):

  • Specifying the sizelimit PREF in the separate prefs file now works just like it does when specified in the script itself: you can use inline multiplication like "1024*1024*5" to mean 5 MB, instead of having to calculate the product manually and use that for the PREF value.

v2.91 (internal):

  • Added a "Folder is empty" message when displaying an empty folder.
  • Bugfix: the new time_offset PREF was causing trouble in a few places where it's used in strings; the addition operation between it and the time() call needed to be parenthesized.

v2.90 (internal):

  • The file-list can now be sorted by different columns by clicking on the column names, just like directory listings in Apache (and in your system's local file-manager program, etc).
  • Added a new PREF{time_offset} to be added to / subtracted from the value of time() in each call to localtime(time()), so people whose servers are in different timezones can see date/time in a sensible way.
  • The filesizes were getting rounded/truncated to zero instead of 1 for very small files.  Now if the file has any non-zero content then it'll go to 1 instead of 0.
  • The clean_up_filenames PREF now defaults to yes.
  • Changed the name of the "Uploader" link in the footer to "Upload Files" to match "Show Uploads".
  • Added new PREFs home_link_name and home_link_url so that webmasters can set the "Home" link in the footer to something other than their server's document-root if they want to.
  • Changed the order of the text in the email notification to "User/File Data" then "File/System Statistics" and then "Footer". Most customers do not want to see the technical information first - they want the user-entered fields and the direct link to the file.
  • Bugfix: in sub delete_directory(), the RHS of the path-testing expressions needs to be protected with \Q...\E because of the fact that Windows uses the escape character as its directory-separator.  So all the instances of this:

    	if(foo =~ /^$PREF{uploaded_files_realpath}/)
    		if(foo =~ /^$PREF{DOCROOT}/)
    ...need to have the RHS wrapped in \Q...\E.
  • Now when an upload exceeds the size limit, we use javascript to stop the upload.

v2.89 (internal):

  • Safari is buggy in its handling of AJAX calls; specifically if we issue a progress-status call before Safari starts sending the upload data, the whole thing stops communicating. As a work-around, we now wait ~8 seconds before issuing any status calls (compared to 1.2 seconds in other browsers).  Not sure if this is a complete fix but so far it seems to prevent the problem in our tests.

v2.88 (internal):

  • New PREFs smtp_auth_username and smtp_auth_password to support SMTP authentication.
  • Custom textboxes are now styled & aligned more nicely by default
  • New PREF "download_links_go_through_FileChucker" so the download links aren't normal links directly to files, instead they go through the CGI script, so we can password-protect them, and send notification emails when files are downloaded (TODO).
  • Changed error message for ancient browsers that don't support XMLHTTP from "Error: could not create XMLHTTP object." to "Your upload is in progress and will probably complete successfully, but your browser cannot display the progress bar (most likely because it is too old). Please wait while your upload completes." 

v2.87 (internal):

  • Added a new PREF "outtro", like "intro", to display text just before the "Begin Upload" button.
  • Bugfix: when the overwrite_existing_files PREF was enabled, it caused confusion about whether the serial number was removed from filenames in some cases, resulting in infofiles not working properly.

v2.86 (internal):

  • Bugfix: if integrate_with_UserBase was set, we assumed that enable_userdirs was set too.

v2.85 (20060421):

  • Added new PREF to include the list of uploaded filenames & filesizes on the redirection URL.
  • Massive reorganization of the PREFs section at the top of the script.  All PREFs are now categorized and should be much easier to use/adjust/understand.
  • Bugfix: after_upload_redirect_to did not work while the debugging PREFs are enabled (still doesn't, since of course we can't print headers once we've printed the debug output; but now it explains that fact, and shows where it would have redirected).

v2.81 (20060419):

  • Bugfix: the table row background color on hover now only applies to rows in the filelist table, not all <tr>s on the page.  (This only affected sites that both used table-based layouts (or have other tables in their site header/footer) and embedded FileChucker within those layouts.)
  • Bugfix: for text boxes / comment fields, the _save and _email options were not handled correctly: if they were set at all (i.e. even set to 'no') then they were treated as if they were set to 'yes'.
  • Bugfix: don't try to set cookies if output has already started (since obviously it will fail).  This only happened when debug mode was enabled at the same time that text fields with _save were configured.

v2.80 (20060417):

  • Reworded the serial_is_userdir mode output to include a message & link explaining how to create a totally new upload folder instead of re-using the current one.
  • Buxfix: if multiple text boxes were configured as email fields, only the final one actually received the notification email.

v2.75 (20060415):

  • Added new PREF serial_is_username, which enables automatic private upload directories without having to use usernames or passwords.  This is primarily designed to facilitate single-use uploads, like when someone just wants to sent a single file to a friend, but the user can choose to re-use the same private directory for future uploads too.
  • Bugfix: the file display/hide filters (only_show_files_with_these_extensions and hide_files_with_these_extensions) were ignored if enable_subdirs was disabled.
  • The "New Folder" link was displayed in the file-list even if enable_subdirs was disabled.

v2.70 (20060414):

  • We now allow an unlimited number of input/comment text boxes to be configured, and they can go anywhere you want: at the top of the page, at the bottom, or once per file.
  • You can now configure any of your input/comment text boxes to be an email address field, so that after the upload, a notification email is sent to the user-specified address.  This field accepts multiple addresses too, separated by commas and/or spaces.
  • Added a new PREF to hide the URL path in various places, like the subdir-selection drop-down box, the move-item page, etc.  This makes the uploaded-files-dir look like the root of the site for the purposes of your visitors using FileChucker.  (Of course, files are not actually uploaded to the root of the site, unless that actually *is* your uploaded-files-dir.)
  • Added must_be_*_to_delete_items PREFs so that the webmaster can choose whether strangers and/or members should be able to delete files.  Previously only admins were allowed.
  • When an upload is denied because of an illegal extension, we now put the original filename with extension into the error message and into the email to the administrator.
  • When renaming a file, the new-filename box is now pre-filled with the old filename, to make it easier to make small name changes.
  • Improved the JS code for the table-row hover background color.  Because IE is a piece of garbage, we can't simply use CSS to do this.  Previously, we were using Javascript on every single <tr> tag to set the mouseovers & mouseouts; now we're using a loop in a JS init function to set them all.  So the page size is reduced considerably.
  • If $PREF{max_files_allowed} is set to 1, then we don't show the "choose number of files" drop-down box.
  • We no longer include the uploads-dir-name at front of info filenames.  This means you can now move your uploads dir somewhere else, and the existing info files will still work properly.  Note that this breaks your ability to view info files created by versions of FileChucker prior to 2.70.  (If that's a big problem for anyone please contact us; if you can send us your old info files and/or give us access to your server, we can probably update them for you.)
  • When displaying the info file for an upload, the filename now wraps instead of overflowing its container on the page.
  • Bugfix: when integrated with UserBase, the login link was still pointing to the built-in login instead of the UserBase login in some places.
  • Bugfix: if after_upload_redirect_to was set, notification emails failed to be sent.
  • Bugfix: when uploaded_files_dir is set to somewhere outside the website's DOCROOT, the dir-selection drop-down shouldn't show /cgi-bin/... in front of the path, and the success page shouldn't show the filename(s) as links.

v2.60 (20060316):

  • FileChucker can now be integrated with the UserBase login system.
  • Now when you delete a file, you get automatically sent back to viewing the file-list where the file was at, instead of being shown a "Deletion successful" message.  But if an error occurs, the error is shown instead.
  • Added a new PREF "show_login_link" to control whether this link is displayed with the other footer links.  If it's not displayed, then you can log in by either a) visiting a page that you don't have access to, and clicking the "you must log in first" link, or b) visiting the script with ?login on the end of the URL.
  • Added a "home" link to the footer links on most of the pages.
  • At the beginning of the process_upload() subroutine, we now check whether the serial-number variable is null before untainting it.  This is so that in the rare case of someone trying to post to the script from their own form, they'll get a more sensible error message than "couldn't untaint ''".
  • Added progMeterInner DIV to aid in styling.  This includes everything that the progMeterContainer DIV does, except for the title and the powered-by DIVs.
  • Replaced the uploaded_files_dir_type PREF with uploaded_files_dir_is_in_docroot, and did the same for logpath_type.  This is just to make it a little clearer and easier to understand.
  • Bugfix: the commentsbox-code was incorrectly nested within the subdir code, so you couldn't have comments without subdirs.
  • Bugfix: moving items didn't work (died with an error) if you were moving a file (as opposed to a folder).  This got broken in v2.50 with the new PREF "store_info_about_each_upload".

v2.55 (20060302):

  • Added a new PREF "display_comments_box_for_uploads", so that for each file, the user can enter some comments or information about it, which will be saved on the server and included in the notification emails (if enabled).
  • The auto-reformat-filename feature can now interpolate variable values from both the query-string on the URL and from cookies.
  • Added a new PREF "after_upload_redirect_to" which lets you specify a URL to send the user to, instead of displaying the normal "upload complete" page.  This can also include variables from the URL and from cookies.
  • Added a new PREF "custom_css_section" which lets you specify your own stylesheet or just individual style rules without having to edit the script's code directly.
  • The user-agent field in the infofiles now wraps instead of overflowing the container.
  • We now overwrite the infofile if it already exists, based on the logic that it won't already exist unless someone manually deleted the corresponding uploaded file outside of FileChucker (via shell, FTP, etc), in which case the infofile is no longer relevant anyway.
  • We now display a "Home" link on the bottom of the uploaded file list (as we always have on the bottom of the uploader itself).
  • At the bottom of the uploaded file list, we now hide the "Uploader" link if the user doesn't have upload rights, and we hide the "New Folder" link if they don't have that right.
  • Bugfix: the notification emails were being sent as plaintext with HTML tags instead of actual HTML content if the function was forced to fall back to sendmail (because you didn't specify an SMTP server, or because it couldn't be contacted).

v2.51 (20060228):

  • Bugfix: in Firefox, the links at the bottom of the uploader (Home, Show Uploads, Powered by Encodable) were not clickable, because a "hidden" (severely-left-positioned) DIV was invisibly overlapping them.  This affected only Firefox; Mozilla, Opera, Safari, and IE all worked fine.
  • Added some space between the progress-bar and the progress-table in IE.  (It was already there in other browsers, but IE was ignoring it.)

v2.50 (20060227):

  • FileChucker now works properly in Apple's Safari web browser (which is a Konqueror-based browser).
  • Added a new PREF "delete_logfiles_immediately".  Previously we never deleted logfiles at all.  Now we do, so that 1) they don't pile up and 2) if someone uploads a file and then hits the back button (instead of the "New Upload" link) to do another upload, they won't get the error about the logfile already existing.
  • Added a new PREF "clean_up_filenames" that removes any unfriendly characters from uploaded filenames.
  • Added a new PREF "store_info_about_each_upload"; this provides an "info" link in the file manager next to each uploaded file, which shows the uploader's IP/hostname/user-agent, date/time of upload, etc.
  • Added a new PREF "reformat_filenames_for_all_uploads", which allows the webmaster to supply a formula to use to rename every file that gets uploaded.  This feature allows you to insert variables into each filename like date/timestamps, the uploader's user-dir name, etc.
  • The "show_link_to_uploads" PREF has been split into 3 separate new PREFs "show_link_to_uploads_for_strangers", "show_link_to_uploads_for_members", and "show_link_to_uploads_for_admins".
  • Now if we're running on a secure server, our internal redirects and links will reflect that by starting with https instead of http.
  • Fixed a bug whereby at the end of large uploads, the progress meter would reach 100% even though the table still showed a few MB left to transfer.
  • Fixed a bug whereby files with no extensions wouldn't upload.  Also added a new PREF "allow_files_without_extensions" to control this behavior.
  • Fixed a typo in some of the instructions that referred to ?subdir=foo; it should have been ?userdir=foo.

v2.40 (20060215):

  • Now if you have one of the file-extension-based filters enabled, and a user tries to upload a file with no extension, or tries to rename a file to one with no extension, then FileChucker will refuse it and report an error.  (Previously we allowed the upload/rename, but then reported an error when trying to display the file in the filelist, which doesn't make sense.)

v2.35 (20060209):

  • Fixed typo in one of the DB prefs: it had said "delete_database_entires" instead of "entries".  (But the typo actually also existed in the code where that PREF was used, so it still functioned correctly.)
  • Added new PREFs only_show_files_with_these_extensions and hide_files_with_these_extensions.
  • Added more sanity checks for people/servers that don't set things like docroot and uploaded_files_dir.
  • Made some calls to the untaint function be conditional on the arguments being not null.

v2.30 (20060205):

  • If a filename including extension was >= $PREF{display_shortened_filename_if_longer_than} chars long, but shorter than that when the extension was removed, then it would get displayed as just "..." followed by its extension, instead of properly abbreviated.  Fixed now.
  • Directory listings in drop-downs (to choose upload folder, etc) are now sorted without regard to case.

v2.25 (20060203):

  • Fixed a missing </div> tag when subfolders are disabled.
  • Added a new PREF called display_shortened_filename_if_longer_than, so that files with extremely long names can be displayed in an abbreviated form.
  • Some of the v2.0/v2.20 file-manager updates accidentally didn't get applied to the output when subfolders were disabled; fixed that.

v2.20 (20060203):

  • FileChucker is now a (mostly)full-fledged online file manager: it supports moving and renaming of uploaded files and directories, along with creating new directories anytime (not just during new uploads) and deleting files/directories.  It also displays the last-modified datestamp for each file/folder, and it has a nifty mouseover effect to highlight the row for the item you're currently pointing at.
  • We no longer die on missing DBI or IO::Socket unless the user's PREFs indicate that they want to use those.
  • Changed default path_to_sendmail from /usr/bin/sendmail to /usr/sbin/sendmail.

v2.15 (20060201):

  • Security update: prevent visitors from entering things like "../" or "./" in the path= variable on the URL.  (We were already doing this for uploads, but should have been doing it for viewing (path=) too.)  This vulnerability had allowed visitors to view the filenames (but not file contents) of any world-writable directories on your server.  Because it did not allow visitors to actually view any files, nor overwrite any files, nor view even the names of most files on your system (just those in world-writable directories like /tmp), this vulnerability was fairly minor.

v2.1 (20060127):

  • Added new PREF datestamp_all_uploads.
  • Bugfix: if the user had set must_be_(admin|member)_to_X for either upload or list_files, but set neither for the other, then do_authentication() would return false for that unpassworded other, when it should have returned true.  Fixed now.

v2.0 (20060126):

  • multiple folders/subfolders for uploads
  • users can make their own subfolders
  • prefs to limit length of user-created subdir names and to limit the maximum number of subdirectory levels allowed
  • option to automatically put users' files into their own subfolder, based on their username from a cookie or the URL
  • administrator can delete subdirectories recursively through in the browser
  • new look with icons for files & folders on server
  • restrict uploads by file extension
  • don't update the progress bar or table unless we received a valid response from the server
  • pref to control whether to always display sizes in KB is now two separate prefs, one for sizes and one for transfer-rate


  • Added email notification.
  • We now stop the AJAX when the upload percent reaches 100 to avoid displaying bogus NaN values.


  • We now explicitly set AutoCommit when connecting to the database (only applies when using the database backend).


  • There is now an optional database backend, which stores the upload status in a database instead of in text logfiles.  Hopefully this works around a problem a few people are having, where the server does write-caching so the logfiles don't actually hit the disk until the upload is finished, making them useless for reporting progress during an upload.  (Update: this does NOT work around the write-caching on such servers; the only known solution so far is to disable the write-caching in the operating system itself.)  Note that this doesn't store the uploaded files themselves in the database; they are normal disk files.
  • There is a new PREF called overwrite_existing_files; when set, if a new upload has the same filename as an old upload, the old one gets overwritten.  Previously when there was a duplicate filename, we automatically serialized the filename of the new upload to avoid overwriting any files, but some people want the old files overwritten.


  • Added lots more debugging output, displayed below the progress table via AJAX and also displayed in HTML comments at the top of the page after the upload completes.  Also added more debug info to the HTML comments at the bottom of the page when viewing the uploader with ?debug.
  • Added new preferences to give users more options for specifying whether their logpath and uploaded_files_dir are absolute, relative, absolute within docroot, etc.
  • Added tests to make sure the logpath and uploaded_files_dir actually exist and are readable & writable by world.
  • Added workaround for IIS bug where you can't use Location: after using Cookie:.  See: BUG: Set-Cookie Is Ignored in CGI When Combined With Location.


  • Added a message that gets displayed when the upload progress hits 100%:

    "Upload complete; the server is now processing your file(s).  This could take a minute or two if your upload was very big.  Please wait."

    This is because on very large uploads (~100MB or more, but "large" depends on the server), after all the data is transferred, the server still needs to do some housekeeping on the file before telling the client that it's all good and all done.  During this time, we don't want the uploader to appear to just hang at 100%.
  • Changed the "update" button to an "Apply" button (on the num-files-chooser).
  • Removed the taint switch from the shebang line.  The code should all still run fine in taint-mode (does on our server), but because some people are reporting trouble, we'll remove it by default.


  • Now supports multiple files in a single upload, by popular demand.


  • First public release.  Created a post on shortly before midnight, which became extremely popular: in about 24 hours, it received 500 "diggs," and this page spent most of the next day as #2 on the the "popular" page. received 5800 unique visitors that day; at the height of the traffic, there were about 130 visitors online simultaneously at any given moment.  (Of course we were monitoring the traffic in real-time using VisitorLog and its visitor stats.)

Shopping Cart

Client Quotes

FileChucker is a great drop-in solution for file uploads, and worth every penny of its very reasonable cost.  Encodable's support is excellent to boot.
– Loren A.
I just wanted to say that yours is the first product that I've tested so far that hasn't failed on handling uploads.  This is going to work for a print company, so they are handling nothing but large files and all the other solutions I've tried so far have not been reliable.  So far yours has been 100% successful in my tests.
– Kevin H.
I just want to say you guys really stand alone in that you have a quality product and you provide genuine customer service.  It's sad but those qualities are seldom found separately, much less together.  Thanks again for your time and help.
– Alex S.
Do you know how rare it is to have a "canned" shopping cart that can easily do complex pricing options on a single item?  Basically, they don't exist!  I have looked.  Everywhere!  And the few that might even come close to CornerStore's functionality cost a fortune!
– Tashina P.
Nice script, it's saving the day on our project.
– Aaron W.
FileChucker is helping drive the backend of several high profile entertainment sites for people like Shania Twain and Dolly Parton.  We're also using it to drive backend file uploads for a multi-billion dollar banking institution.  It's a great product.  We've tried other "chucking" upload solutions with progress bars using flash and php, but nothing works as reliably as FileChucker.
– Michael W.
You've done a wonderful job with FileChucker and UserBase, and they have made a big difference to how our website runs.
– Nicholas H.
FileChucker is working great...  Clients love it.  Vendors love it.  We love it.
– Gerry W.
The amount of customization in the program is incredible.  I was able to integrate it into my existing page layout relatively simply.  I was also able to easily customize the look/feel to match the current site.
– Jason M.
I looked all over trying to find a simple cgi script.  I found that FileChucker was by far the best.  If you have issues with your hosting service's php.ini max upload size then this is the way to go.  Looking forward to future enhancements.
– Bob C.
Our members think your software is fantastic...  I would recommend your software and your company to anyone.  Thanks for all your help.  It has been a pleasure dealing with you.
– Tommy A.
The work, the thought and the organization you put into this app is incredible.
– Bruce C.
Why didn't I just do this from the get-go?  So much easier.  Thanks for your work.  FileChucker makes my work easier.
– Dominic M.
I want to thank you for your efforts on Userbase. It has become an integral part of our business and has allowed us to branch out and begin using automation on a lot of our processes. Userbase has become the gateway to advancement for our company's processes for our clients and employees.
I just installed the demo of your product and got it up and running in no time.  I searched high and low for a decent login script and thank God I found yours.
– Adrian F.
Thanks again for a great product and great support - beyond expectations.
– Greg S.
Thank you VERY much for all of your help.  You've really impressed me.  We have support agreements for other software that costs thousands of dollars / year (just for the support), and most of them aren't as helpful as you have been.
– Keith Y.
Just one word: Fantastic.  10-minute job to plug FileChucker into my app, and it now works a treat.  It's through the hard work by people like yourselves that make my job so much easier.  Congratulations on an outstanding product... Many many thanks.
– Sean F.