• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CI & KCFinder integration with CKEditor & how to secure it

Hi guys,

I'm using Codeigniter v2 & have installed CKEditor to allow the client to change pages etc.. I have also implemented KCFinder to allow the customer to upload images, flash etc.

The problem is that anyone with this URL can access the filebrowser and upload files - i'd need to make it so if a user isn't logged then disable the KCFinder. Has anyone successfully integrated KCFinder into CKEditor within a Codeigniter application.


Any help would be appreciated.


I'm trying to do the same thing, but no success...
Have you managed to integrate it ? can you post some details ?

I would like to use kcfinder alone, not integrated into ckeditor...

You would need to check if the user has a valid session when you load the view for CKEDITOR. If they don't, redirect them to your login page.

You should also check server-side when KCFinder makes its AJAX requests, to prevent a malicious user from bypassing the interface.

I trying to solve this too. Thinking in:
1 - erase the line in config/database.php:
<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2 - access the database using database.php infos only by PHP and check if the session is active.

But i dont know if the first change will expose the aplication.

Anyone know more?

Yeah.. its will able to any other script to access the database too. sh**. ^^

hi, did you get the KCfinder & the CKeditor to work correctly. if so is there a step by step tutorial that you follow i could use a link here.
thanx, in advance.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.