Pergunta
I'm using KCFinder to let users upload files to my website. However, anyone can upload files to my server atm by typing mysite.com/kcfinder/browse.php. I want users only to be able to use KCFinder iff an variable called $permitted is set on the page they came from. How would I implement this?
Solução
please see SESSION INTEGRATION in docs of KCFinder
http://kcfinder.sunhater.com/docs/integrate#session
by setting SESSION var like this
https://stackoverflow.com/questions/19478615
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$_SESSION['KCFINDER'] = array();
$_SESSION['KCFINDER']['disabled'] = false;
you will enable the KCFINDER. Do this only for authenticated users and you should be ok.
Outras dicas
How about set a cookie in whatever area authorizes access to KCFinder, and use .htaccess to set a cookie requirement for the kcfinder directory?
Cookies are set with the setcookie function: http://php.net/manual/en/function.setcookie.php
In your .htaccess, add:
RewriteCond %{HTTP_COOKIE} !cookie-name=COOKIE_NAME_HERE [NC]
RewriteRule ^(.*)$ /login/ [NC,L]
Where COOKIE_NAME_HERE is your cookie's name, and /login/ is whatever path you want users to go to should they try to access KCFinder without authorization.
