config.php of ckFinder

session_start();
date_default_timezone_set(‘Asia/Taipei’);
function CheckAuthentication()
{
// WARNING : DO NOT simply return “true”. By doing so, you are allowing
// “anyone” to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as…

// return isset($_SESSION[‘IsAuthorized’]) && $_SESSION[‘IsAuthorized’];

// … where $_SESSION[‘IsAuthorized’] is set to “true” as soon as the
// user logs in your system. To be able to use session variables don’t
// forget to add session_start() at the top of this file.

$login_verified = false;

if(isset($_SESSION[‘token’]) == true && strlen($_SESSION[‘token’]) == 32){
if(isset($_SESSION[‘HTTP_USER_AGENT’]) == true){
if($_SESSION[‘HTTP_USER_AGENT’] == md5($_SERVER[‘HTTP_USER_AGENT’])){
$login_verified = true;
}
}
}

//echo var_dump($login_verified);
//exit();
return true;
}

 

$tmp_url = dirname($_SERVER[‘PHP_SELF’]);
$p = strpos($tmp_url, ‘/admin’);
$tmp_url = substr($tmp_url, 0, $p);
$baseUrl = $tmp_url . ‘/uploads/’;
$upload_url = $baseUrl . ‘images/’ . date(‘Y’) . ‘/’ . date(‘m’) . ‘/’;

$baseDir = resolveUrl($baseUrl);
$upload_dir = $baseDir . ‘images/’ . date(‘Y’) . ‘/’ . date(‘m’) . ‘/’;

 

$config[‘ResourceType’][] = Array(
‘name’ => ‘Images’,
‘url’ => $upload_url,
‘directory’ => $upload_dir,
‘maxSize’ => 0,
‘allowedExtensions’ => ‘bmp,gif,jpeg,jpg,png’,
‘deniedExtensions’ => ”);

One thought on “config.php of ckFinder

  1. sarah

    When someone writes an post he/she keeps the idea of a
    user in his/her brain that how a user can know it.

    Thus that’s why this post is outstdanding. Thanks!

Comments are closed.