Back to Fred Mac Donald's Blog
When integrating KCFinder as the remote file manager for managing images that needs to be used in articles or pages on XMS Systems I ran into a couple of problems.
Let me explain...
Depending who is logged in and what access rights they have to the site the folder structure could be either one of the following
No matter how I configured KCFinder it always insisted on the following folder structure
It always created an 'image' folder. The result is that I was unable to upgrade from a previous remote file browser that gave me endless mod_sec issues and by the looks of it is not fully php5.3 compatible.
After searching countless hours on the forums and all over the internet, all I could find was "How do I..." and not a single "This is how to..."
First we need to make sure the KCFinder session variables are properly configured
'_sessionVar' => &$_SESSION['KCFINDER'], '_sessionLifetime' => 30, '_sessionDir' => "/home/something/tmp", // Path from server root '_sessionDomain' => ".mydomain.com", // Note the "dot" in front of the domain '_sessionPath' => "/tmp", // This will be the tmp folder on your hosting account, typically a folder above the root of your site. Make sure to CHMOD this folder to 1777 to ensure only the owner of the session can delete the file.
It is worth mentioning that you need to make sure the uploader is disabled to not logged in users by setting this line
'disabled' => true,
Rather activate the uploader from within your application where you can set the authentication.
2. Initialise the php session at the top of the config.php file
// CKEditor & FCKEditor types // 'files' => "", // 'flash' => "swf", // 'images' => "*img", // TinyMCE types // 'files' => "", // 'media' => "swf flv avi mpg mpeg qt mov wmv asf rm", // 'image' => "*img",
$_SESSION['fold_type'] => "*img swf flv avi mpg mpeg qt mov wmv asf rm", // Folder now dynamically defined in the application
5. Save your config.php file
6. Open your application page where you initialize your editor and call KCFinder
$_SESSION['KCFINDER'] = array(); $_SESSION['KCFINDER']['disabled'] = false; // Activate the uploader, Users to this page MUST be authenticated $_SESSION['KCFINDER']['uploadURL'] = "/uploads"; // Based on my first folder structure $_SESSION['fold_type'] = "media"; // Based on my first folder structure
or
$_SESSION['KCFINDER'] = array(); $_SESSION['KCFINDER']['disabled'] = false; // Activate the uploader, Users to this page MUST be authenticated $_SESSION['KCFINDER']['uploadURL'] = "/my_uploads/media/Members"; // Based on my second folder structure $_SESSION['fold_type'] = "member_account_number_pulled_from_secure_session_variable"; // Based on my second folder structure
file: '../tiny_mce/plugins/kcfinder/browse.php?opener=tinymce',
What happens is that your $_SESSION['fold_type'] variable is passed to the 'type' array in the config.php file.
Now you should have your folders dynamically created and different users can have their own private upload folders.
When a user edit a page their folder will automatically be created and they will not have access to any other folder above their own.
Since the remote browser is integrated into a CMS that needs to be installed easily and quikly with the minimum of configuration I want the config.php file to configure itself when the CMS is installed onto a new account on my servers.
This ment that I had to come up with a way to "auto configure" the following two values;
'_sessionDir' => "/home/something/tmp", // Path from server root '_sessionDomain' => ".mydomain.com", // Note the "dot" in front of the domain
To achieve this I implemented a rudimentary bit of code, ugly but functional. After starting the session at the top of the config.php file I added the following code:
$base_url = explode("/",$_SERVER['DOCUMENT_ROOT']); $base_url = '/'.$base_url[1].'/'.$base_url[2].'/tmp'; // assuming the full path is "/home/username/tmp" $domain = '.'.$_SERVER['HTTP_HOST'];
'_sessionDir' => $base_url, '_sessionDomain' => $domain,
Please make sure you have all your user authentication in place and configure the config.php file as required to stop unwanted files from being uploaded and file extentions from being renamed.