CodeIgniter Forums

Full Version: CI & KCFinder integration with CKEditor & how to secure it
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]playaz[/eluser]
Hi guys,

I'm using Codeigniter v2 & have installed CKEditor to allow the client to change pages etc.. I have also implemented KCFinder to allow the customer to upload images, flash etc.

The problem is that anyone with this URL can access the filebrowser and upload files - i'd need to make it so if a user isn't logged then disable the KCFinder. Has anyone successfully integrated KCFinder into CKEditor within a Codeigniter application.

http://kcfinder.sunhater.com/

Any help would be appreciated.

El Forum

[eluser]Unknown[/eluser]
Hello,

I'm trying to do the same thing, but no success...
Have you managed to integrate it ? can you post some details ?

I would like to use kcfinder alone, not integrated into ckeditor...



El Forum

[eluser]rwestergren[/eluser]
You would need to check if the user has a valid session when you load the view for CKEDITOR. If they don't, redirect them to your login page.

You should also check server-side when KCFinder makes its AJAX requests, to prevent a malicious user from bypassing the interface.

El Forum

[eluser]ClaudioX[/eluser]
I trying to solve this too. Thinking in:
1 - erase the line in config/database.php:
Code:
<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2 - access the database using database.php infos only by PHP and check if the session is active.

But i dont know if the first change will expose the aplication.

Anyone know more?

El Forum

[eluser]ClaudioX[/eluser]
Yeah.. its will able to any other script to access the database too. sh**. ^^

El Forum

[eluser]YahyaKACEM[/eluser]
hi, did you get the KCfinder & the CKeditor to work correctly. if so is there a step by step tutorial that you follow i could use a link here.
thanx, in advance.