当前位置: 动力学知识库 > 问答 > 编程问答 >

PHP KCFinder Session security option

问题描述:

I have the following CK editor file manager: https://github.com/sunhater/kcfinder

My problem is I have one CMS system and would like to secure the browser.php file. If member who not logged in on the site can open the brwser.php and he/she can delete the uploaded images. I have a login system which checks the $_SESSION['userlogin'] is empty or not. So my question is where to add my login session to check if the $_SESSION['userlogin'] is empty or not? I tried take it to the browser.php, but it is not working:

if (empty($_SESSION['userlogin'])) {

header('Location: http://www.example.com/login');

}

When i try to var_dump($_SESSION) it shows me NULL why?

网友答案:

KCFinder already has this feature built into it. In your login procedure, you should set a session variable:

if($login_successful) {
  $_SESSION['KCFINDER']                 = array();
  $_SESSION['KCFINDER']['disabled']     = false;    
}

KCFinder should be disabled by default, it's this session variable that enables it. Does this solve it?

分享给朋友:
您可能感兴趣的文章:
随机阅读: