问题
I'm trying to integrate CKFinder with Laravel, and I'm about 95% there. I can get everything to work, except for the CheckAuthentication function - I have to make it return true regardless for the upload to work.
What I've tried doing is bootstrapping Laravel in the config.php file and then checking if a user is logged in, like below:
public/packages/ckfinder/config.php
<?php
/*
* ### CKFinder : Configuration File - Basic Instructions
*
* In a generic usage case, the following tasks must be done to configure
* CKFinder:
* 1. Check the $baseUrl and $baseDir variables;
* 2. If available, paste your license key in the "LicenseKey" setting;
* 3. Create the CheckAuthentication() function that enables CKFinder for authenticated users;
*
* Other settings may be left with their default values, or used to control
* advanced features of CKFinder.
*/
/** RIPPED FROM public/index.php **/
/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader
| for our application. We just need to utilize it! We'll require it
| into the script here so that we do not have to worry about the
| loading of any our classes "manually". Feels great to relax.
|
*/
require __DIR__.'/../../../bootstrap/autoload.php';
/*
|--------------------------------------------------------------------------
| Turn On The Lights
|--------------------------------------------------------------------------
|
| We need to illuminate PHP development, so let's turn on the lights.
| This bootstraps the framework and gets it ready for use, then it
| will load up this application so that we can run it and send
| the responses back to the browser and delight these users.
|
*/
$app = require __DIR__.'/../../../bootstrap/start.php';
/** END public/index.php **/
/**
* This function must check the user session to be sure that he/she is
* authorized to upload and access files in the File Browser.
*
* @return boolean
*/
function CheckAuthentication()
{
// WARNING : DO NOT simply return "true". By doing so, you are allowing
// "anyone" to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as...
return Auth::check();
}
This always returns false, though. I've also tried directly using Laravel's Session to set a variable to true when someone logs in, and false when they log out, and then checking that in the config.php file, but it always returns the default value in Session::get("IsAuthorized", false);. Can anyone offer some guidance as to -
1) How to authenticate whether the user should be allowed to upload?
2) Why bootstrapping Laravel in another file seems to cause it to use a separate session, even when it's loading the same files?
回答1:
I tried integrating simogeo's Filemanager and KCFinder into a Laravel project and I found the same problem.
With this code, it's possible to share Laravel's session and check authentication from external projects:
https://gist.github.com/frzsombor/ddd0e11f93885060ef35
回答2:
From my experience, starting from 4.1.28, Application::boot() does not initialize sensitive session data anymore.
So if you're integrating 3rd party library, which needs external authentification check through sessions, simple checking Auth::check() will not work. However, we can still use old $_SESSION variable.
E.g. this one will not work:
require __DIR__.'/../bootstrap/autoload.php';
$app = require_once __DIR__.'/../bootstrap/start.php';
$app->boot();
return Auth::check();
Session variables for Auth::check() to work are initialized only in $app->run() sequence. But in that case, routing will take place and probably you will get unrecognized page... unless you're using dedicated Laravel package for this.
This one - below - still works:
// Somewhere in your app - e.g. in filters.php, "auth"/"guest" filters declaration
if (session_id() == '') {
@session_start();
/* or Session:start(); */
}
$_SESSION['isLoggedIn'] = Auth::check() ? true : false;
Then in your case, function would be simple as:
function CheckAuthentication()
{
if (session_id() == '') {
@session_start();
}
return isset( $_SESSION['isLoggedIn'] ) && $_SESSION['isLoggedIn'] == true;
}
N.B. If you can use Ajax calls for authorization checks, you can still make a custom API with JSON request to user-logged (as an example) to see if user is authentificated.
To answer your second question - it's not so simple as it sounds. Laravel, as a default, uses file system for session storage. While session data is still accessible, it is encrypted - unless you will write your own Session manager, you can't extract anything from there easily.
来源:https://stackoverflow.com/questions/23954773/how-to-integrate-ckfinder-with-laravel