This video will show how you can use the Dropzone library to upload a file using drag & drop in the CodeIgniter project.


#iwtv#interview with the vampire#assad zaman#the vampire armand


seen from Italy
seen from United States
seen from Qatar
seen from Austria
seen from United States

seen from Singapore

seen from China
seen from Sweden
seen from Austria

seen from Netherlands
seen from United Kingdom

seen from United States

seen from Malaysia

seen from Singapore
seen from United States

seen from Germany

seen from Sweden
seen from Russia
seen from United States
seen from United States
This video will show how you can use the Dropzone library to upload a file using drag & drop in the CodeIgniter project.
Angular X File Upload Component
Angular X File Upload Component
Angular ngx File Upload is a module for the @Angular framework. Supports drag-n-drop upload, upload progress, validation filters and a file upload queue. It supports native HTML5 uploads. Works with any server side platform which supports standard HTML form uploads.
When files are selected or dropped into the component/directive, one or more filters are applied. Files which pass all filters are…
View On WordPress
In this tutorial, I show how you can display existing files on the server on the Dropzone container with jQuery and PHP.
Flexible jQuery Based AJAX File Uploader - FileUp
FileUp is a simple, flexible, customizable jQuery file upload plugin which makes it easy to upload your local files to servers via AJAX requests, with several advanced features.
Demo
Download
TV Drop: The Ultimate File Transfer Solution for Android TV
Transferring files to your Android TV shouldn’t feel like rocket science. Yet, for years, Android TV users have struggled with clunky solutions, complicated setups, and frustrating limitations. Enter TV Drop — a purpose-built file transfer application that transforms the way you manage files on your Android TV.
Whether you’re moving documents for a presentation, transferring videos for movie night, or organizing photos for a slideshow, TV Drop makes the entire process effortless and intuitive.
Why Android TV Needs Better File Transfer
Android TV devices are powerful entertainment hubs, but they’ve always had one weakness: getting files onto them. Traditional methods involve USB drives, cloud services with download waits, or complicated network configurations that only tech-savvy users can navigate.
TV Drop eliminates these pain points by offering multiple transfer methods that work for every situation and skill level.
Three Ways to Transfer: Pick What Works for You
Web Import with Token Authentication
The standout feature of TV Drop is web import using token-based authentication. This revolutionary approach means your sending device doesn’t need to be on the same network as your TV. Perfect for when you’re at work and want to send a file to your home TV, or when you’re helping family members transfer files remotely.
Simply scan the QR code provided in the app, enter the token, and start uploading. No complicated network configurations required.
WiFi Import for Maximum Speed
When both devices share the same network, WiFi import delivers blazing-fast transfer speeds. This method is ideal for large video files, extensive photo collections, or when you need to move multiple files quickly.
The speed advantage over traditional Bluetooth transfers is substantial, making WiFi the preferred choice for local network transfers.
FTP Import for Power Users
For those familiar with FTP protocols, TV Drop includes anonymous FTP connection support. This provides an additional layer of flexibility for users who prefer traditional file transfer methods or want to integrate TV Drop into existing workflows.
Like the other methods, FTP import provides convenient QR codes for quick connection setup.
Smart File Management Built for TV
TV Drop isn’t just about transferring files — it’s about managing them efficiently once they arrive.
The application automatically scans your downloads folder and intelligently organizes content with folders displayed first, followed by files in alphabetical order. This Android TV-optimized interface makes navigation smooth and intuitive using your remote control.
Long-press the OK button on any file to reveal detailed information including filename, location, size, and last modified date. From this menu, you can open files directly in compatible viewer applications or delete items you no longer need.
System Insights at Your Fingertips
Understanding your Android TV’s capabilities helps you manage storage effectively. TV Drop includes a comprehensive settings page displaying critical system information: screen resolution, screen ratio, available storage space, total file and folder count, and memory usage.
When storage runs low, the built-in clear function lets you wipe the downloads folder with a single button press.
Designed for the TV Experience
Many Android applications simply port their mobile interfaces to TV platforms with minimal optimization. TV Drop takes the opposite approach — every element follows Android TV development principles.
Navigation feels natural with your remote. QR codes appear at appropriate sizes for easy scanning from across the room. Menu structures prioritize discoverability without overwhelming users.
Comprehensive Support and Transparency
TV Drop includes detailed FAQ pages addressing common questions, ensuring users can troubleshoot issues independently. Developer information, version details, and support channels are easily accessible through dedicated pages.
Privacy policy and terms of use pages provide complete transparency about data handling. Support and feedback options include QR codes linking to the Facebook support page and feedback form.
Subscription for Enhanced Features
TV Drop offers subscription options for users who want to support ongoing development and access premium features. Managing subscriptions is straightforward with dedicated pages explaining the process clearly.
Real-World Use Cases
Home Entertainment: Transfer movies and TV shows from your phone or computer directly to your Android TV without waiting for cloud uploads or dealing with USB drives.
Presentations: Send presentation files to your TV for client meetings or family gatherings where a large display makes all the difference.
Photo Sharing: Import vacation photos for instant slideshow viewing on the big screen during family gatherings.
Document Management: Keep important PDFs, spreadsheets, or documents accessible on your TV for quick reference.
Remote Assistance: Help family members access files on their Android TV even when you’re not physically present, thanks to token-based web import.
The Bottom Line
TV Drop solves a fundamental problem that Android TV users face daily: getting files onto their devices without hassle. By offering three distinct transfer methods, intelligent file management, and a truly TV-optimized interface, it transforms what was once a frustrating chore into a seamless experience.
Whether you’re a casual user who occasionally transfers a photo album or a power user managing extensive media libraries, TV Drop adapts to your needs without compromising simplicity.
The Android TV ecosystem finally has a file transfer solution worthy of the platform — one that respects your time, understands your needs, and actually works the way you expect it to.
Get the app at https://deepakpk.com/tvdrop
How We Handle Upload Session State in Our Apps
When we ship a chunked upload feature at 137Foundry, the part that takes the most design care is the upload session state. The chunked-protocol layer (whether Tus or S3 multipart) handles the wire-level resumability. The session state layer handles everything around it: authorization, quotas, progress tracking, cleanup, and the user-visible upload status across the application.
This is a walk-through of how we structure that state, what the tradeoffs are, and what we have changed over time.
Photo by Đào Hiếu on Unsplash
What "Session State" Actually Means
An upload session is the bookkeeping for one in-flight upload. The state record tracks:
The upload ID (a UUID we control).
The owning user ID (for authorization).
The destination path (where the file will live after assembly).
The declared content type and size from the client.
The current state (pending, uploading, processing, ready, rejected, expired).
Timestamps (created, last activity, completed).
A reference to the underlying protocol session (Tus session ID, S3 multipart upload ID, or equivalent).
The session record is what the application server uses to authorize chunk operations, report progress to the user, and clean up after abandoned uploads. It is separate from the actual file content, which lives in object storage.
Where the State Lives
We store session state in our primary application database (Postgres in most projects). The alternative is a key-value store (Redis), which is faster but loses the data on restart unless persistence is configured.
Postgres wins for us because the session state is small (a few hundred bytes per session), the query rate is low (one query per chunk on average, which is well within database capacity), and the consistency guarantees match what we want (no lost session records, transactional updates when state transitions).
For very high-throughput upload systems, Redis or a dedicated KV store can make sense. The session state becomes a hot path and the in-memory access pattern is much cheaper than database round-trips. Most of our projects do not reach that scale, so the Postgres pattern stays.
State Transitions
The session record moves through a small number of states. The transitions we use:
pending -> uploading: The client sends the first chunk. Once any chunk has been received, the session is actively uploading.
uploading -> processing: The client signals completion (or the protocol detects all chunks have arrived). The application server validates the chunk count, triggers post-upload processing (virus scan, content validation, metadata extraction), and the user sees a "processing" indicator.
processing -> ready: All post-upload processing has completed successfully. The file is now accessible to the user.
processing -> rejected: Post-upload processing flagged the file as invalid (virus scan failed, content type mismatch, format check failed). The file is moved to a quarantine location or deleted, the session is marked rejected, and the user is notified.
pending or uploading -> expired: No activity for the configured expiration window (we use 7 days). The session is marked expired and the partial data is cleaned up.
Each transition writes to the database with a timestamp. The audit trail is useful for debugging support tickets and for understanding upload patterns over time.
Per-User Quotas
The session state record is where per-user upload quotas are enforced. Before creating a new session, we check the user's current usage against their plan limits.
The check happens at two levels. Storage quota: the total size of all files this user owns. If the new upload would push the user past their limit, we refuse to create the session. Concurrent upload quota: the number of in-progress uploads for this user. We limit this (typically to 5 to 10 concurrent uploads per user) to prevent abuse and to keep our upload-session table from growing unbounded.
For users on enterprise plans with higher limits, the quota values are pulled from the user's plan tier. For users on free or trial plans, the limits are tighter to encourage upgrade. The session state layer is where these business rules attach to the underlying upload infrastructure.
Progress Reporting
The session state record tracks the current upload offset (in bytes). Every time the client successfully uploads a chunk, the offset advances. The application server can report progress to other clients (e.g., a multi-window user, a real-time UI on another tab) by reading the current offset.
For real-time progress display, we use server-sent events or WebSockets to push offset updates to interested clients. This is mostly used for collaboration features (showing another team member that an upload is in progress, displaying the progress in a shared workspace).
For single-user progress display, the upload progress is reported by the client itself based on the bytes it has sent. The server-side offset is mainly for cross-client visibility and for resume support.
Resume Support
The session record makes resume possible. When a client reconnects after a network drop and wants to resume an upload, the flow is:
Client queries the application server for the session's current state.
Application server checks authorization (this user owns this session) and returns the current offset.
Client resumes upload from the reported offset.
For Tus-based uploads, the resume protocol is built into the wire format (HEAD request returns the offset) per the Tus specification. For S3 multipart uploads, the equivalent is ListParts which returns the parts that have been uploaded so far.
The session state record allows resume across longer time gaps. A user who closes the browser and returns days later can have their upload resume because the session record persists. The Tus session and the S3 multipart upload may have a shorter lifetime than the session record, but the application database always has the source of truth on what was happening.
Cleanup of Abandoned Uploads
Without cleanup, the upload table and the storage location fill up with partial uploads from users who never finished. We run two cleanup jobs.
The first is a scheduled job that scans for sessions in pending or uploading state with no activity for more than 7 days. These get marked expired and the partial chunks are deleted from storage.
The second is a per-user limit. If a user has more than the maximum concurrent uploads (10 in our default config), the oldest stale session gets expired to make room. This catches users who repeatedly start uploads without finishing them.
The cleanup is observability-friendly. We log every expiration with the user ID, file size, and stale duration. The data is useful for identifying users with broken upload flows (frequent abandons) and for capacity planning.
Authorization at Every Step
The session record is the anchor for authorization. Every operation against the upload (chunk uploads, status queries, completion calls, cancellation) checks that the requesting user matches the session's owner.
For multi-tenant applications, the session also encodes the tenant. Cross-tenant access is impossible because the URL paths in object storage include the tenant ID, and the session record's owner check would reject any cross-tenant attempt before reaching the storage layer.
The OWASP file upload cheat sheet covers the broader authorization considerations. The pattern we use enforces ownership at the session level (one user owns a session) and tenant isolation at the storage path level (no two tenants can share storage paths).
Recovery From Server-Side Failures
If our application server crashes mid-upload, the session state record survives because it is in the database. When the server comes back up, in-progress sessions can continue from where they left off. The chunk-level resume protocol (Tus HEAD, S3 ListParts) recovers the actual upload state.
If the database itself fails, the upload sessions are unavailable until recovery completes. We use Postgres' standard replication and failover patterns for this. The mean time to recovery is low enough that most uploads can pause and resume successfully.
If the storage backend (S3) has an outage, the chunks cannot be uploaded. The session stays in uploading state, and the client retries with exponential backoff. Once S3 recovers, the uploads resume. This pattern survives multi-hour S3 outages cleanly, which has been useful during the few S3 region-wide events we have seen.
Photo by Christina Morillo on Pexels
Schema We Use Now
The Postgres schema for upload sessions, simplified for readability:
CREATE TABLE upload_sessions ( id UUID PRIMARY KEY, user_id UUID NOT NULL REFERENCES users(id), tenant_id UUID NOT NULL, destination_path TEXT NOT NULL, declared_size BIGINT NOT NULL, declared_content_type TEXT NOT NULL, current_offset BIGINT NOT NULL DEFAULT 0, state TEXT NOT NULL CHECK (state IN ('pending', 'uploading', 'processing', 'ready', 'rejected', 'expired')), protocol TEXT NOT NULL CHECK (protocol IN ('tus', 's3_multipart')), protocol_session_id TEXT, created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), last_activity_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), completed_at TIMESTAMPTZ ); CREATE INDEX upload_sessions_user_active ON upload_sessions (user_id, last_activity_at) WHERE state IN ('pending', 'uploading'); CREATE INDEX upload_sessions_cleanup ON upload_sessions (last_activity_at) WHERE state IN ('pending', 'uploading');
The two indices support the most common query patterns: finding active uploads for a user (for quota checks and progress reporting) and finding stale uploads for cleanup. Both are partial indices that only include the relevant states, which keeps them small.
What We Changed Over Time
Looking back at the upload-session schema we shipped in the first project versus now:
We added the tenant_id column once we built our first multi-tenant product. The original single-tenant schema was missing it and we had to migrate.
We added the protocol and protocol_session_id columns when we started using S3 multipart alongside Tus. The original schema only knew about Tus session IDs.
We added the processing state when we added asynchronous virus scanning. Before that, sessions went straight from uploading to ready once the bytes were assembled, and the scan results were not represented in the state machine.
We added the last_activity_at index for cleanup once the table grew enough that scanning it became slow. The original cleanup query was a full table scan that worked fine for the first year and started to hurt by month 18.
Each addition was driven by a specific operational pain point. Building this from the start would have saved some migration work, but we did not know about most of these pain points until we hit them.
Where 137Foundry Helps
Upload pipelines are one of the recurring engineering surfaces we ship for clients. The 137Foundry services page covers the broader engineering work that surrounds these. The 137Foundry web development services page is the specific landing point for upload work. The full architectural framing is in the longer guide on resumable file uploads.
A Closing Note on Boring Code
The upload session state code is some of the most boring code we write. It is also some of the most important. Mistakes here produce hard-to-debug bugs in production months after launch. Getting the state machine right, the indices right, the cleanup right, and the authorization right at the start saves a lot of pain later.
For teams building this for the first time, the time investment in the session state layer pays back many times over the lifetime of the product. The chunked protocol gets attention because the wire format is interesting. The session state often gets shortchanged because the schema is mundane. The boring schema is what makes the interesting protocol actually work.
What We Learned Building Resumable File Uploads in Production
We have shipped file upload features for several SaaS products over the years at 137Foundry. The first one taught us most of the lessons. Every one since has refined the playbook a little, but the architecture and the testing approach have stayed remarkably stable since we got it right the first time.
This is a behind-the-scenes look at what changed between our first naive upload feature and the one we ship now by default.
Photo by Anna Shvets on Pexels
The First Version Was Wrong in the Obvious Ways
The first upload feature we shipped at 137foundry.com was a single fetch with the file as the request body. The endpoint accepted up to 50MB and most uploads worked. The ones that did not work, we treated as user error or transient issues. The support tickets started arriving within two weeks of launch.
The tickets clustered. Users on mobile networks had failed uploads about three times more often than users on wired connections. Users in regions with worse-quality internet had higher failure rates than users in metro areas with fiber. The pattern was obvious in hindsight: our upload system worked for users with our office network conditions, and not for anyone else.
We rebuilt it. The second version used chunked uploads with retry logic, but we still had a single application server in the chunk path. Bandwidth costs went up. We could see in the metrics that the upload-server pool was the bottleneck during traffic spikes.
The third version moved the actual chunk bytes directly to S3 via pre-signed URLs. The application server only handled session creation, authorization, and completion notification. Bandwidth costs dropped substantially because we were no longer running the upload bytes through our application infrastructure.
That third version has been the working pattern for all subsequent products.
The Lessons That Stuck
A few specific things we wish we had known on day one.
The network is more hostile than office testing suggests. Our office WiFi rarely dropped connections. Production users had connections drop multiple times per hour, and our upload system had to survive that. Test environments need to reproduce real-world network conditions, not just simulate slow speeds.
Single-request uploads have an upper bound that is much lower than the file size limit suggests. We had a 50MB upload cap because that is where our application server's request handling started to struggle, but real users were trying to upload files much larger than that. The right answer was not to raise the cap; it was to change the architecture.
Pre-signed URLs are the architectural move that makes uploads scale. Once the chunk bytes flow directly to S3 instead of through the application servers, the application server count becomes independent of the upload bandwidth. We could scale uploads without scaling application server capacity, which we could not do with the mediated pattern.
The resume protocol matters more than the chunked protocol. Splitting an upload into chunks is straightforward; designing the resume protocol to handle partial failures cleanly is the hard part. We use the Tus protocol when the application is not deeply tied to S3, and S3 multipart uploads when it is. Both handle resume natively.
Background scanning is the only pattern that works for virus checks. Inline scanning during upload makes the user experience painful (multi-minute waits after the bytes have transferred) and the operational story painful (CPU spikes during upload traffic). Asynchronous scanning with a "processing" state in the UI is the only approach that scales.
The Bugs That Surprised Us
A few specific bugs caught us off guard despite reading other teams' write-ups before we built.
The "completed but missing" bug. The client's perspective is that the upload finished (all bytes sent, success response received). The server's perspective is that the final completion call failed to record the upload in our database. The client thinks the file is uploaded; our system thinks no upload happened. The user logs in the next day and the file is missing.
The fix was to make the completion step idempotent and to let the client re-confirm via a HEAD request if the original response was lost. This is built into the Tus protocol but we had to add it explicitly to our own variant before we migrated to Tus.
The "wrong content type" bug. A user uploaded a file labeled as PDF that was actually executable content with a renamed extension. Our content validation only checked the declared content type, not the file's actual format. We added inspection of the file header bytes after a security review caught this. The OWASP file upload cheat sheet covers the broader pattern; we had not read it carefully enough on the first pass.
The "chunk size too small" bug. We initially used 1MB chunks because the math seemed to suggest smaller chunks meant faster recovery from drops. In practice, the HTTP overhead per chunk added up to substantial total upload time, especially on slower connections. We moved to 5MB chunks and the average upload time dropped 30 percent without making the failure recovery noticeably worse.
The "long-term partial upload" bug. Some users started uploads and never returned. Their partial uploads sat in our quarantine bucket forever, slowly consuming storage. We added a 7-day expiration on incomplete uploads with a daily cleanup job. The bucket size stabilized and the cost stopped creeping up month over month.
What We Test For Now
Before any new upload feature ships, our team at 137foundry.com runs through a specific test checklist that has caught most of the bugs we have seen historically.
The 1GB upload test. Upload a 1GB file from start to finish over a stable connection. The test confirms the chunking works, the assembly works, and the post-processing pipeline handles a real-world file size.
The throttled-connection test. Upload the same 1GB file with browser dev tools throttling the connection to 1 Mbps. The test confirms the upload completes within a reasonable time, the progress reporting stays accurate, and the system does not time out anywhere along the path.
The drop-mid-upload test. Start a large upload, disable the network mid-upload, wait a minute, re-enable the network. The upload should pause cleanly, surface a "connection lost" indicator to the user, and resume from where it stopped when the network returns.
The chunk-corruption test. Inject random bit flips into one chunk via a proxy that mangles the payload. The server should detect the corruption (via checksums or hash comparison) and request a retry of that specific chunk.
The browser-close test. Start an upload, close the browser tab, wait an hour, return to the application. The application should offer to resume the partial upload if the context allows it, or at minimum should not silently lose the partial data.
Passing those five tests covers the failure modes that produced almost all of our historical support tickets. A system that fails any of them will produce tickets within a month of launch.
The Stack We Use Now
For most projects we run, the upload stack looks like this.
Storage: S3 (or an S3-compatible object store for self-hosted deployments).
Wire protocol: Either Tus or S3 multipart, depending on the application's storage abstraction. Tus when storage is abstracted (we might move backends), S3 multipart when storage is fixed.
Authorization layer: Application server generates pre-signed URLs or upload session tokens. Per-user quotas and content restrictions enforced at this layer.
Validation pipeline: Asynchronous workers pick up completed uploads, run content-type validation, virus scanning, and any application-specific checks. Files transition from "pending" to "ready" or "rejected" based on the result.
UI: Real-time progress with continuous bytes-per-second updates, graceful "connection lost" states with auto-retry, and explicit "processing" states between upload completion and file availability.
The full architectural framing is in the longer guide on resumable file uploads at 137foundry.com.
Photo by Paul Seling on Pexels
When to Build vs Buy
We have built upload pipelines and we have also integrated third-party services (Uppy with a hosted Tus server, Filestack, Cloudinary). The decision usually comes down to a few variables.
Build when: uploads are central to the application's value, when scale is high enough that bandwidth costs through a third party would be significant, when the application needs custom validation or processing during upload, or when long-term operational simplicity matters more than initial time-to-launch.
Buy when: uploads are a minor feature, when scale is low or unpredictable, when the team has no prior experience with upload infrastructure, or when getting to market fast matters more than long-term cost optimization.
For most products we work on at 137foundry.com, the build path wins because the products tend to have meaningful upload usage and the operational cost of a self-managed stack is small once it is built. For smaller products or quick prototypes, the buy path is often the right choice and we recommend it without hesitation.
A Closing Note for Other Teams
If your team is about to build a file upload feature for the first time and you are reading this, the two pieces of advice that would have saved us the most time:
Skip the single-request upload pattern entirely. Even if your file size cap is modest, the network reality you cannot see is going to bite you. Chunked from day one is a small extra investment that prevents a substantial rebuild later.
Test the failure modes specifically. The happy path will work. The interesting bugs are in the failure recovery. Set aside time for the drop-mid-upload test and the chunk-corruption test before declaring the feature ready.
Everything else can be learned as you go. These two we wish we had known on the first project.
OSCP file upload bypass checklist to prove Send/Accept/Store/Fetch in Burp, step-by-step. See what most people miss and stop silent 200 OKs—try it now.