session_start();
date_default_timezone_set(‘Asia/Taipei’);
function CheckAuthentication()
{
// WARNING : DO NOT simply return “true”. By doing so, you are allowing
// “anyone” to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as…

// return isset($_SESSION[‘IsAuthorized’]) && $_SESSION[‘IsAuthorized’];

// … where $_SESSION[‘IsAuthorized’] is set to “true” as soon as the
// user logs in your system. To be able to use session variables don’t
// forget to add session_start() at the top of this file.

$login_verified = false;

if(isset($_SESSION[‘token’]) == true && strlen($_SESSION[‘token’]) == 32){
if(isset($_SESSION[‘HTTP_USER_AGENT’]) == true){
if($_SESSION[‘HTTP_USER_AGENT’] == md5($_SERVER[‘HTTP_USER_AGENT’])){
$login_verified = true;
}
}
}

//echo var_dump($login_verified);
//exit();
return true;
}

$tmp_url = dirname($_SERVER[‘PHP_SELF’]);
$p = strpos($tmp_url, ‘/admin’);
$tmp_url = substr($tmp_url, 0, $p);
$baseUrl = $tmp_url . ‘/uploads/’;
$upload_url = $baseUrl . ‘images/’ . date(‘Y’) . ‘/’ . date(‘m’) . ‘/’;

$baseDir = resolveUrl($baseUrl);
$upload_dir = $baseDir . ‘images/’ . date(‘Y’) . ‘/’ . date(‘m’) . ‘/’;

$config[‘ResourceType’][] = Array(
‘name’ => ‘Images’,
‘url’ => $upload_url,
‘directory’ => $upload_dir,
‘maxSize’ => 0,
‘allowedExtensions’ => ‘bmp,gif,jpeg,jpg,png’,
‘deniedExtensions’ => ”);