dsljpwi494719 2016-10-27 12:15
浏览 14
已采纳

PHP KCFinder会话安全选项

I have the following CK editor file manager: https://github.com/sunhater/kcfinder My problem is I have one CMS system and would like to secure the browser.php file. If member who not logged in on the site can open the brwser.php and he/she can delete the uploaded images. I have a login system which checks the $_SESSION['userlogin'] is empty or not. So my question is where to add my login session to check if the $_SESSION['userlogin'] is empty or not? I tried take it to the browser.php, but it is not working:

if (empty($_SESSION['userlogin'])) {
    header('Location: http://www.example.com/login');
}

When i try to var_dump($_SESSION) it shows me NULL why?

  • 写回答

1条回答 默认 最新

  • dongzhao1865 2016-10-27 12:54
    关注

    KCFinder already has this feature built into it. In your login procedure, you should set a session variable:

    if($login_successful) {
  $_SESSION['KCFINDER']                 = array();
  $_SESSION['KCFINDER']['disabled']     = false;    
}

    KCFinder should be disabled by default, it's this session variable that enables it. Does this solve it?

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 爬取1-112页所有帖子的标题但是12页后要登录后才能 我使用selenium模拟登录 账号密码输入后 会报错 不知道怎么弄了
  • ¥30 关于用python写支付宝扫码付异步通知收不到的问题
  • ¥50 vue组件中无法正确接收并处理axios请求
  • ¥15 隐藏系统界面pdf的打印、下载按钮
  • ¥15 MATLAB联合adams仿真卡死如何解决(代码模型无问题)
  • ¥15 基于pso参数优化的LightGBM分类模型
  • ¥15 安装Paddleocr时报错无法解决
  • ¥15 python中transformers可以正常下载,但是没有办法使用pipeline
  • ¥50 分布式追踪trace异常问题
  • ¥15 人在外地出差,速帮一点点