Private Upload Folders for Each User With Ckfinder

In CKFinder, all the images or files are saved in one folder. This create a sequrity risk. You dont want to show images of one user to other users. In this post i will show how you can do this easily. First you have to authenticate your CKFinder with session. You can see my previous post to get a clear idea.

First in you need put user name or any thing that is unique for each user in the SESSION. In my case i use email. So now what i am going to do is magic ;).

function CheckAuthentication()
	//WARNING : DO NOT simply return "true". By doing so, you are allowing
	//"anyone" to upload and list the files in your server. You must implement
	//some kind of session validation here. Even something very simple as...

	if(!empty($_SESSION['User']) )
			mkdir('/home/yoursite/public_html/app/webroot/files/'.md5($_SESSION['User']['email']), 0777);
		return true;
		return false;

	//... where $_SESSION['IsAuthorized'] is set to "true" as soon as the
	//user logs in your system.

	//return true;

Now for you set $baseUrl and baseDir like this

$baseUrl = ''.md5($_SESSION['User']['email']).'/';

$baseDir = '/home/yoursite/public_html/app/webroot/files/'.md5($_SESSION['User']['email']).'/';

Private Upload Folders for Each User With Ckfinder

That’s it. Now you can have private folder for each user. In the Next post i will show how you can mange AccessControl and also how you can mange the folder size of the user.

About Zakir Hyder

This entry was written by .

01. February 2011 by Zakir Hyder
Categories: CakePHP, CKEditor, CKFinder, PHP, Web Development | Tags: , , | Comments


  1. Zakir Hyder says:

    I am glad it helped you.

  2. […] we start, i suggest you to see my previous two post about CKFinder here and here. In this post i will show how you can manage ACL and also how you can limit you user to on […]

  3. Joe says:

    I’m attempting to solve this problem for an integration that is not able to share session. Not being a PHP developer, I’d appreciate your help to modify ckfinder to use a shared cookie approach if possible (as would your readers?).

    Check out the details of my conundrum here:

  4. Zakir Hyder says:

    Yes you can try to use cookie instead of session. It will be like $_COOKIE[“User”] instead $_SESSION[‘User’]. You can check php tutorial You can also set Cookies using javascript. You can also use jquery’s plugin