Full Subject: CK editor with KCfinder 2.x: File/image/video upload in different folders for different applications using a single CKeditor, by making $Config['UserFilesPath'] fully dynamic in a secure way
It can be done in many ways. I am explaining a process, which I applied as per my php applications' code structure. The same code structure/framework I followed for different applications, with each application as a sub-folder in my server. So, there is a logical need to use one single CKeditor with KCfinder and configure it in some way, so that it work properly for all the applications. The content part of CKeditor is ok. It can easily be reused by different applications or projects from a single CKeditor component. But the problem arises with file upload, like image, video or any other document. To make it applicable for different project, the files must be uploaded in separe folders for different projects. And for that $_CONFIG['uploadURL'] must by configured with dynamic folder path, means different folder path for each project, but calling the the same CKeditor KCfinder component in the same location. I am explaning some differnt process together in a step-by-step way. Those worked for me fine with KCfinder version 2.51 and I hope they will work for others as well. If it does not work for other developrs, then may be they need to make some tweaks in those process as per their project code structure and folder write permission as well as per the CKeditor and KCfinder version.
1) In CKeditor\filemanagers\kcfinder_2_51\config.php file
a) In $_CONFIG array definition, search for this line 'disabled' => false, and if you find any replace it with 'disabled' => true,
At the end of that file put the following code. The code is self explaining with the logic and details commented out within it. The code is:
//Code to assign $_CONFIG['uploadURL'] dynamic value: different for different projects or sites: added by Mrinal Nandi on 5 oct, 2013: start
//session dependent dynamic $_CONFIG['uploadURL'] setting :start
////session dependent secure method: only for single site setting: i.e. one CKeditor KCfinder for each one project domain or subdomain, not one CKeditor KCfinder for multiple project:start
// session_start();
//if(isset($_SESSION['KCFINDER']['uploadURL']) && $_SESSION['KCFINDER']['uploadURL']!="") { //$_SESSION['SESSION_SERVER_RELATIVEPATH']: relative folder path of the project corresponding to the webroot; should be like "/project/folder/path/" //set this session variable in a common file in your project where the session started
// $file_upload_relative_path=$_SESSION['KCFINDER']['uploadURL'];
//}
////session dependent secure method: only for single site setting: i.e. one CKeditor KCfinder for each one project domain or subdomain, not one CKeditor KCfinder for multiple project:start
//Using a single CKeditor KCfinder component for different projects or sites (multisite): start
//session dependent settings a single CKeditor KCfinder component for different projects or sites (multisite): start
//Assuming different session_name for different projects, if represented as different sub-folders, but not work if represented as sub-domains or different domains
//Secure and deny access for unauthorized users without any session, thus restrict access via direct link
//but not work if projects represented as sub-domains or different domains, then have to use the session independent way provided bellow (though it is insecure), or have to implement some session related way as per the project flow and structure
session_name(base64_decode($_REQUEST['param_project']));
session_start();
if(isset($_SESSION['KCFINDER']['uploadURL']) && $_SESSION['KCFINDER']['uploadURL']!="") { //$_SESSION['SESSION_SERVER_RELATIVEPATH']: relative folder path of the project corresponding to the webroot; should be like "/project/folder/path/" //set this session variable in a common file in your project where the session started
$file_upload_relative_path=$_SESSION['KCFINDER']['uploadURL'];
}
//session dependent settings a single CKeditor KCfinder component for different projects or sites (multisite): end
//session dependent dynamic $_CONFIG['uploadURL'] setting :end
////session independent dynamic $_CONFIG['uploadURL'] setting: without using session :start
//if(isset($_REQUEST['param_project']) && $_REQUEST['param_project']!=""){ //base64 encoded relative folder path for file upload in the project, corresponding to the webroot; should be like "/project/folder/file/upload/path/" before encoding
// $file_upload_relative_path=base64_decode($_REQUEST['param_project']);
//
//}
////session independent dynamic $_CONFIG['uploadURL'] setting: without using session :end
if(isset($file_upload_relative_path) && trim($file_upload_relative_path)!="" ){
if(isset($_SESSION['KCFINDER']['uploadURL'])){
$_CONFIG['disabled']=false;
} else if(is_dir($file_upload_relative_path)) { //to make it relatively secure so that hackers can not create any upload folder automatcally in the server, using a direct link and can not upload files there
$_CONFIG['disabled']=false;
}
}
// Path to user files relative to the document root.
$_CONFIG['uploadURL']= $file_upload_relative_path;
$_CONFIG['param_project'] = $_REQUEST['param_project'];
//Using a single CKeditor KCfinder component for different projects or sites (multisite): end
//Code to assign $_CONFIG['uploadURL'] dynamic value: different for different projects or sites: added by Mrinal Nandi on 5 oct, 2013: end
2) In ckeditor\filemanagers\kcfinder_2_51\js\browser\misc.js
Search for this line: var data = 'browse.php?type=' + encodeURIComponent(this.type) + '&lng=' + this.lang;
Replace it with that line:
var data = 'browse.php?type=' + encodeURIComponent(this.type) + '&lng=' + this.lang + '¶m_project=' + this.param_project;
3) In ckeditor\filemanagers\kcfinder_2_51\tpl\tpl_javascript.php
Search for this line: browser.type = "<?php echo text::jsValue($this->type) ?>";
Put these commands after that line:
browser.param_project = "<?php echo text::jsValue($this->config['param_project']) ?>";
4) In ckeditor\filemanagers\kcfinder_2_51\core\uploader.php
Search for this lines in __construct() function :
if (isset($this->config['_check4htaccess']) &&
$this->config['_check4htaccess']
) {
$htaccess = "{$this->config['uploadDir']}/.htaccess";
if (!file_exists($htaccess)) {
if (!@file_put_contents($htaccess, $this->get_htaccess()))
$this->backMsg("Cannot write to upload folder. {$this->config['uploadDir']}");
} else {
if (false === ($data = @file_get_contents($htaccess)))
$this->backMsg("Cannot read .htaccess");
if (($data != $this->get_htaccess()) && !@file_put_contents($htaccess, $data))
$this->backMsg("Incorrect .htaccess file. Cannot rewrite it!");
}
}
And comment out that full section
4) Now where you want to show the CKeditor in your project, you have to put those lines in the corresponding php file/page, obviously with changed values of variables corresponding to your project/app. But please read the comments first to decide what lines you should keep and what should be commented out as per your flow:
include_once(Absolute/Folder/path/for/CKeditor/."ckeditor/ckeditor.php") ;
//If you did not want a session oriented way, cooment out the session related lines
$_SESSION['KCFINDER'] = array();
$_SESSION['KCFINDER']['uploadURL']=$SERVER_RELATIVEPATH."userfiles/";
$CKEditor = new CKEditor();
$CKEditor->basePath = HTTP_COMPONENTPATH."ckeditor_3.6.2/ckeditor/";
//$_SESSION['KCFINDER']['uploadURL']="/userfiles/fashion_qr/";
$CKEditor->config["filebrowserBrowseUrl"] = ($CKEditor->basePath)."filemanagers/kcfinder_2_51/browse.php?type=files¶m_project=".base64_encode(session_name());
$CKEditor->config["filebrowserImageBrowseUrl"] = ($CKEditor->basePath)."filemanagers/kcfinder_2_51/browse.php?type=images¶m_project=".base64_encode(session_name());
$CKEditor->config["filebrowserFlashBrowseUrl"] = ($CKEditor->basePath)."filemanagers/kcfinder_2_51/browse.php?type=flash¶m_project=".base64_encode(session_name());
$CKEditor->editor("Content", getIfSet($data['Content']));
//if you did not want a session oriented way, then in the above code code segment, just replace all the texts: base64_encode(session_name()) with this one: base64_encode(session_name($SERVER_RELATIVEPATH."userfiles/"))
And you are done.