KFM forum

Kae's File Manager

1. neo314
   Member

   In integrating KFM with CKeditor with Wordpress, I want to block access unless the user is logged in as an admin but without having to specify a name and password again.

   Once I set the condition to determine if the person should have access, is simply adding to configuration.php the code:

   if ( !$allow ) { exit ("Not Allowed"); }

   sufficient to prevent unwanted access?

   What about kfm_admin_check()? does that need to be specifically set if the above code is in use?

   P.S. I think something like kfm_admin_check() for access to KFM with username/password as one option would be a nice addition.

   Posted 7 months ago #

2. Jomelo
   Member

   Hi,

   you can use the api to control extern settings.

   rename the file in api folder to this:
   config.php

   here you can edit all things.

   KAE gives an example to use the config.php in api folder with his cms.

   <?php
   if(!defined('START_TIME'))define('START_TIME',microtime(true));
   //include_once($_SERVER['DOCUMENT_ROOT'].'/.private/config.php');
   //include_once($_SERVER['DOCUMENT_ROOT'].'/common/webme_specific.php');
   $kfm_userfiles_address=$DBVARS['userbase'].'/f/';
   if(!session_id()){
     if(isset($_GET['cms_session']))session_id($_GET['cms_session']);
     session_start();
   }
   if(($_SERVER['PHP_SELF']!='/j/kfm/get.php' && $_SERVER['PHP_SELF']!='/j/kfm/get.php') && (!isset($kfm_api_auth_override)||!$kfm_api_auth_override) && !is_admin()){
     echo 'access denied!';
     exit;
   }
   $kfm_api_auth_override=true;
   $kfm->defaultSetting('theme', 'default');
   $kfm->defaultSetting('file_handler','return');
   $kfm->defaultSetting('file_url','filename');
   $kfm->defaultSetting('return_file_id_to_cms',$kfm_return_file_id_to_cms);

   Posted 7 months ago #

3. iki488
   Member

   Hi, I use KFM as a browser for CKeditor located in the backend of a Symfony project. The backend is already protected by password. How can I disallow users to connect to KFM unless they are connected ?

   The thing is that I can check if someone is connected or not, but it is contained in a Symfony variable which seems to be unavailable in the KFM dir...

   Posted 7 months ago #

4. Jomelo
   Member

   Can you transfer this variable over sessions ?

   Posted 7 months ago #

5. iki488
   Member

   uhm I don't know because I'm working on a plugin of an already existing project :s so I can't modify something else but my plugin :s
   The authentification is managed by the SfGuardAuth plugin of symfony and my plugin is accessible only if a user is authenticated. But still, I can access to kfm even if I'm not authenticated if I know its url...

   I can't figure out how secure kfm from my plugin... And the same from kfm...

   Posted 7 months ago #

6. kae
   Key Master

   neo134, KFM has already been integrated with WordPress. please see the FolioPress project: http://wordpress.org/extend/plugins/foliopress-wysiwyg/

   Posted 7 months ago #

7. kae
   Key Master

   iki488 - the best place to find the answer to this is on a Symphony forum.

   as Jomelo says, you should place some code in api/config.php which checks your Symphony session to see if you're logged in, and exits if you are not.

   you need to ask someone on the Symphony forum how to see if you're logged in - it's outside to scope of this forum.

   Posted 7 months ago #

RSS feed for this topic

Reply

You must log in to post.