Private Upload Folders for Each User With Ckfinder

In CKFinder, all the images or files are saved in one folder. This create a sequrity risk. You dont want to show images of one user to other users. In this post i will show how you can do this easily. First you have to authenticate your CKFinder with session. You can see my previous post to get a clear idea.

First in you need put user name or any thing that is unique for each user in the SESSION. In my case i use email. So now what i am going to do is magic ;).

function CheckAuthentication()
{
	//WARNING : DO NOT simply return "true". By doing so, you are allowing
	//"anyone" to upload and list the files in your server. You must implement
	//some kind of session validation here. Even something very simple as...

	if(!empty($_SESSION['User']) )
	{
		if(!is_dir('/home/yoursite/public_html/app/webroot/files/'.md5($_SESSION['User']['email'])))
			mkdir('/home/yoursite/public_html/app/webroot/files/'.md5($_SESSION['User']['email']), 0777);
		return true;
	}
	else
	{
		return false;
	}

	//... where $_SESSION['IsAuthorized'] is set to "true" as soon as the
	//user logs in your system.

	//return true;
}

Now for you set $baseUrl and baseDir like this

$baseUrl = 'http://yoursite.com/files/'.md5($_SESSION['User']['email']).'/';

$baseDir = '/home/yoursite/public_html/app/webroot/files/'.md5($_SESSION['User']['email']).'/';

Private Upload Folders for Each User With Ckfinder

That’s it. Now you can have private folder for each user. In the Next post i will show how you can mange AccessControl and also how you can mange the folder size of the user.

About Zakir Hyder

This entry was written by .

01. February 2011 by Zakir Hyder
Categories: CakePHP, CKEditor, CKFinder, PHP, Web Development | Tags: , , | Comments

Comments

  1. Zakir Hyder says:

    I am glad it helped you.

  2. […] we start, i suggest you to see my previous two post about CKFinder here and here. In this post i will show how you can manage ACL and also how you can limit you user to on […]

  3. Joe says:

    I’m attempting to solve this problem for an integration that is not able to share session. Not being a PHP developer, I’d appreciate your help to modify ckfinder to use a shared cookie approach if possible (as would your readers?).

    Check out the details of my conundrum here: http://cksource.com/forums/viewtopic.php?f=10&t=26938

  4. Zakir Hyder says:

    Joe,
    Yes you can try to use cookie instead of session. It will be like $_COOKIE[“User”] instead $_SESSION[‘User’]. You can check php tutorial http://www.w3schools.com/php/php_cookies.asp. You can also set Cookies using javascript. You can also use jquery’s plugin https://github.com/carhartl/jquery-cookie.