phpcodeigniterckfinderion-auth

Codeigniter 3.x, Ion-auth, CKFinder - how to pass the logged in status from ion-auth to CKFinder's config file


How do I pass the logged in status from ion-auth/codeigniter to CKFinder's config file?

In CKfinder, there is a config file for authentication as follows:

$config['authentication'] = function () {
    return false;
};

In codeigniter I am using ion-auth. In the Auth controller in the login() method, I added this if the user is successfully logged in:

$_SESSION['userloggedin'];

The $_SESSION['userloggedin'] does get set as when I echo to screen, I get "1" but that echo is in the login() method. I can seem to get the session var in the CKfinder config. How to I do that? I want to do something like this:

$config['authentication'] = function () {
    if ($_SESSION['userloggedin'] === true) { 
        return true;
    } else {
        return false;
    }
};

Any help appreciated.


Solution

  • You can't access $_SESSION directly because CI uses its own form of sessions that are typically prepended with __ci_vars and there is no easy way of directly accessing them unless you load the session driver independently which is a whole other can of worms.

    Here is how I made it work:

    Alright so I use all the same things as you - CKFinder, IonAuth, .etc.

    index.php:

    Do the following $system_path = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'system'; and $application_folder = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'application'; this makes it so that those paths are correct when called from wherever.

    Next your index.php file make a file called CI.php and add the following:

    <?php
    ob_start();
    define('REQUEST', 'external');
    require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . "index.php"; //or wherever the directory is relative to your path
    ob_end_clean();
    return $CI;
    

    Then in your default route controller (so whichever controller your site lands on first if you go to localhost or somesite.com) add the top of the index() function add the defined if statement - if you don't do this your default route will render in CK and everything won't work.

    class Homepage extends MY_Frontend
    {
    
        public function index()
        {
            // FOR SI AND CKFINDER
            if (defined('REQUEST') && REQUEST === 'external') {
                return;
            }
    

    Then in your ck config:

    $CI = require_once $_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR . 'CI.php';
    
    
    /* ============================ General Settings ======================================= */
    // http://docs.cksource.com/ckfinder3-php/configuration.html
    
    $config = array();
    
    /* ============================ Enable PHP Connector HERE ============================== */
    // http://docs.cksource.com/ckfinder3-php/configuration.html#configuration_options_authentication
    
    $config['authentication'] = function () {
        $CI = & get_instance();
        $CI->load->library('session'); //if it's not autoloaded in your CI setup
        return $CI->session->has_userdata('user_id');
    };
    

    I am just checking if the session user_id flag is set (TRUE logged in, FALSE not) as my frontend controller doesn't make use of it (or sessions), and that is what CK is getting routed through. If your entire site is behind ion_auth or if you autoload it or sessions than you can probably just use return $this->ion_auth->logged_in();.

    Please keep in mind that if you use CSRF than CK might also be affected and not work since it won't have the proper tokens.

    I do the following in my CI config file:

    if (defined('REQUEST') && REQUEST === 'external') {
        $config['csrf_protection'] = FALSE;
    } else {
        $config['csrf_protection'] = TRUE;
    }
    

    This solution is not elegant, but it is the only thing I found that worked! There are some libraries to load CK from within CI but all were too old for the version of CK I was using.