session_start();
date_default_timezone_set(‘Asia/Taipei’);
function CheckAuthentication()
{
// WARNING : DO NOT simply return “true”. By doing so, you are allowing
// “anyone” to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as…
// return isset($_SESSION[‘IsAuthorized’]) && $_SESSION[‘IsAuthorized’];
// … where $_SESSION[‘IsAuthorized’] is set to “true” as soon as the
// user logs in your system. To be able to use session variables don’t
// forget to add session_start() at the top of this file.
$login_verified = false;
if(isset($_SESSION[‘token’]) == true && strlen($_SESSION[‘token’]) == 32){
if(isset($_SESSION[‘HTTP_USER_AGENT’]) == true){
if($_SESSION[‘HTTP_USER_AGENT’] == md5($_SERVER[‘HTTP_USER_AGENT’])){
$login_verified = true;
}
}
}
//echo var_dump($login_verified);
//exit();
return true;
}
$tmp_url = dirname($_SERVER[‘PHP_SELF’]);
$p = strpos($tmp_url, ‘/admin’);
$tmp_url = substr($tmp_url, 0, $p);
$baseUrl = $tmp_url . ‘/uploads/’;
$upload_url = $baseUrl . ‘images/’ . date(‘Y’) . ‘/’ . date(‘m’) . ‘/’;
$baseDir = resolveUrl($baseUrl);
$upload_dir = $baseDir . ‘images/’ . date(‘Y’) . ‘/’ . date(‘m’) . ‘/’;
$config[‘ResourceType’][] = Array(
‘name’ => ‘Images’,
‘url’ => $upload_url,
‘directory’ => $upload_dir,
‘maxSize’ => 0,
‘allowedExtensions’ => ‘bmp,gif,jpeg,jpg,png’,
‘deniedExtensions’ => ”);
When someone writes an post he/she keeps the idea of a
user in his/her brain that how a user can know it.
Thus that’s why this post is outstdanding. Thanks!