• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Using SWFUpload + Sessions + upload class, how I did it.

I know that. I am getting the phpsessid from flash but how do I tell dx_auth to use that var for the current session?

not sure but on the first page of this forum there is this.
//you should have swfuploader POST your session id (youll see in the view)
       $params['session_id'] = $this->input->post("PHPSESSID");
       //load the session library the new way, by passing it the session id
       $this->load->library('session', $params);

I would figure its something similar. This sets the session id when you load the session if its already loaded you should be able to call the session id and update it but you would need to look in the session helper for that.

Yeah those are the instructions after modifying session.php. The problem is the instructions say to edit _sess_run(). That function no longer exists. But I will try it again. Not sure how you did as you are using dx_auth a well, unless your upload page isn't secured at all.

Ya thats the thing. I dont have a formal upload page. I am storing files via database so i just check for malicious code and save the file to the database.

I don't mean it that way, if you store in a db it is still being stored in a temp dir on your server, it has to upload somewhere before you dump it in a db. I mean it seems like you aren't checking if the user is actually logged in with:

// Ensure user is logged in
        if (!$this->dx_auth->is_logged_in())  
            // Redirect to login page
            redirect('/auth/login/', 'refresh');

So you could actually load your file upload page without being logged in if you knew the url, meaning you aren't even using the session id and would throw php errors saying it can't find the user_id you passing via the url string.

I want to still be able to do my is logged in check so the page is secure from users that aren't logged in but somehow inject that session id so that dx_auth thinks the flash app is the same user.

Didn't you read this one?
[quote author="pistolPete" date="1237769997"]If it's CI session, have a look at http://ellislab.com/forums/viewreply/536121/.[/quote]

i dont need to check that since the up loader is already on a page that the user has to be logged in to see. You dont need to know the temp directory because at the point i mess with the data its in the post array. And no you cant just upload your content since i am not sending any file to the server file system. And without the authentication from the previous page the database script will fail due to constraints i placed on the database. pistolPete is right, you need to read the post he placed.

[quote author="pistolPete" date="1237817600"]Didn't you read this one?
[quote author="pistolPete" date="1237769997"]If it's CI session, have a look at http://ellislab.com/forums/viewreply/536121/.[/quote][/quote]

Sorry I had missed that. That looks like I what I want to do, but can you post your entire MY_Session.php to give me a hand please?


I did try it, and flash is still creating a new session in my database.

I had to encapsulate with single quotes or it would break swfupload due to the " and the { in the cookie

post_params: {"<?php echo $this->config->item('sess_cookie_name'); ?>" :'<?php echo $this->session->get_cookie_data(); ?>'},

and outputs as

post_params: {"ci_session" :'a:4:{s:10:"session_id";s:32:"e55ck53405a9fc762cf3f153a0ce6162";s:10:"ip_address";s:13:"";s:10:"user_agent";s:50:"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv";s:13:"last_activity";s:10:"1237774716";}f929353264c04b5e2e90a05b7080a91e'},

Still no go Sad

[eluser]Sarfaraz Momin[/eluser]
Try writing the upload routine. The upload_url outside the authenticated area and it should work fine. The page from which is it uploading can be under security but the processing page can be a different controller outside the authenticated area. For now this workaround is good to make it work with CI 1.7.x with the new session class.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.