[eluser]defunct[/eluser]
I don't mean it that way, if you store in a db it is still being stored in a temp dir on your server, it has to upload somewhere before you dump it in a db. I mean it seems like you aren't checking if the user is actually logged in with:
Code:
// Ensure user is logged in
if (!$this->dx_auth->is_logged_in())
{
// Redirect to login page
redirect('/auth/login/', 'refresh');
}
So you could actually load your file upload page without being logged in if you knew the url, meaning you aren't even using the session id and would throw php errors saying it can't find the user_id you passing via the url string.
I want to still be able to do my is logged in check so the page is secure from users that aren't logged in but somehow inject that session id so that dx_auth thinks the flash app is the same user.
