I'm using KCFinder to let users upload files to my website. However, anyone can upload files to my server atm by typing mysite.com/kcfinder/browse.php. I want users only to be able to use KCFinder iff an variable called $permitted is set on the page they came from. How would I implement this?
please see SESSION INTEGRATION in docs of KCFinder
http://kcfinder.sunhater.com/docs/integrate#session
by setting SESSION var like this
$_SESSION['KCFINDER'] = array();
$_SESSION['KCFINDER']['disabled'] = false;
you will enable the KCFINDER. Do this only for authenticated users and you should be ok.