I have the following CK editor file manager: https://github.com/sunhater/kcfinder
My problem is I have one CMS system and would like to secure the browser.php file. If member who not logged in on the site can open the brwser.php and he/she can delete the uploaded images. I have a login system which checks the $_SESSION['userlogin']
is empty or not. So my question is where to add my login session to check if the $_SESSION['userlogin']
is empty or not? I tried take it to the browser.php, but it is not working:
if (empty($_SESSION['userlogin'])) {
header('Location: http://www.example.com/login');
}
When i try to var_dump($_SESSION)
it shows me NULL why?
KCFinder already has this feature built into it. In your login procedure, you should set a session variable:
if($login_successful) {
$_SESSION['KCFINDER'] = array();
$_SESSION['KCFINDER']['disabled'] = false;
}
KCFinder should be disabled by default, it's this session variable that enables it. Does this solve it?