How to control acess to a third party PHP script
This is an open discussion with 1 reply, filed under General.
Search
I managed to have it work by surrounding KCFinder's entry script with Symphony code, but changing a third-party source code feels rather ugly to me. I'm still looking for a better approach.
define('DOCROOT', '../../../..'); require DOCROOT."/symphony/lib/boot/bundle.php"; require DOCROOT."/symphony/lib/boot/func.utilities.php"; require DOCROOT."/symphony/lib/boot/defines.php"; require DOCROOT."/symphony/lib/core/class.symphony.php"; require DOCROOT."/symphony/lib/core/class.administration.php"; if (Administration::instance()->isLoggedIn()) { // KCFinder original initialization code. }
Create an account or sign in to comment.
Hi there. I'm integrating KCFinder (a CKFinder clone) to a website — and most probably making an extension out of it — and I'm having trouble figuring out how to implement Symphony access control on it. For now, it's integrated with the wysiwyg editor so that when authors click on "Insert image" on the editor's toolbar they can open a new dialog to browse the workspace/uploads folder. However, the URL used to reach KCFinder is currently (temporarily!) a direct access to it's PHP script file (implemented as a RewriteRule in .htaccess) and thus anybody can access it from outside Symphony (i.e. without being logged in). Of course, this is not a practicable solution. So, how would you restrict access to a third-party PHP script to only logged in authors (ideally without editing that script)? I'm thinking about some Symphony-controlled proxy or redirect but I have no clue how to do it with the API.