CodeIgniter Forums
CI & KCFinder integration with CKEditor & how to secure it - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: CI & KCFinder integration with CKEditor & how to secure it (/thread-43757.html)



CI & KCFinder integration with CKEditor & how to secure it - El Forum - 07-22-2011

[eluser]playaz[/eluser]
Hi guys,

I'm using Codeigniter v2 & have installed CKEditor to allow the client to change pages etc.. I have also implemented KCFinder to allow the customer to upload images, flash etc.

The problem is that anyone with this URL can access the filebrowser and upload files - i'd need to make it so if a user isn't logged then disable the KCFinder. Has anyone successfully integrated KCFinder into CKEditor within a Codeigniter application.

http://kcfinder.sunhater.com/

Any help would be appreciated.


CI & KCFinder integration with CKEditor & how to secure it - El Forum - 07-25-2012

[eluser]Unknown[/eluser]
Hello,

I'm trying to do the same thing, but no success...
Have you managed to integrate it ? can you post some details ?

I would like to use kcfinder alone, not integrated into ckeditor...






CI & KCFinder integration with CKEditor & how to secure it - El Forum - 07-25-2012

[eluser]rwestergren[/eluser]
You would need to check if the user has a valid session when you load the view for CKEDITOR. If they don't, redirect them to your login page.

You should also check server-side when KCFinder makes its AJAX requests, to prevent a malicious user from bypassing the interface.


CI & KCFinder integration with CKEditor & how to secure it - El Forum - 07-27-2012

[eluser]ClaudioX[/eluser]
I trying to solve this too. Thinking in:
1 - erase the line in config/database.php:
Code:
<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2 - access the database using database.php infos only by PHP and check if the session is active.

But i dont know if the first change will expose the aplication.

Anyone know more?



CI & KCFinder integration with CKEditor & how to secure it - El Forum - 07-27-2012

[eluser]ClaudioX[/eluser]
Yeah.. its will able to any other script to access the database too. sh**. ^^


CI & KCFinder integration with CKEditor & how to secure it - El Forum - 11-24-2012

[eluser]YahyaKACEM[/eluser]
hi, did you get the KCfinder & the CKeditor to work correctly. if so is there a step by step tutorial that you follow i could use a link here.
thanx, in advance.