phpsessionckeditorkcfinder

PHP KCFinder Session security option


I have the following CK editor file manager: https://github.com/sunhater/kcfinder My problem is I have one CMS system and would like to secure the browser.php file. If member who not logged in on the site can open the brwser.php and he/she can delete the uploaded images. I have a login system which checks the $_SESSION['userlogin'] is empty or not. So my question is where to add my login session to check if the $_SESSION['userlogin'] is empty or not? I tried take it to the browser.php, but it is not working:

if (empty($_SESSION['userlogin'])) {
    header('Location: http://www.example.com/login');
}

When i try to var_dump($_SESSION) it shows me NULL why?


Solution

  • KCFinder already has this feature built into it. In your login procedure, you should set a session variable:

    if($login_successful) {
      $_SESSION['KCFINDER']                 = array();
      $_SESSION['KCFINDER']['disabled']     = false;    
    }
    

    KCFinder should be disabled by default, it's this session variable that enables it. Does this solve it?