I am experiencing a problem that I have been unable to solve.
We are using ckfinder on a website written in java. We are using tomcat to serve it. We have apache and php to deal with the ckfinder stuff.
Users that can actually upload files have to be authenticated (in our web application). The same web application sets a cookie, which ckfinder's config.php uses for authentication. We added code to the CheckAuthentication() function that checks this cookie successfully. Only superadmins can upload content to the ckfinder userfiles directory.
The issue I have is that the ckfinder directory content is visible to the unauthenticated user simply by going to http://127.0.0.1/ckfinder. Hence, the issue is probably entirely related to apache and I might be in the wrong place altogether.
The apache virtual host config looks like this:
<VirtualHost *:80> ServerAdmin me@server.com ProxyRequests On ProxyVia On # Do not pass requests to ckfinder through the AJP connection to Tomcat. ProxyPass /ckfinder ! DocumentRoot /var/www Alias /ckfinder /path/to/directory/ckfinder/web <Location /> Order deny,allow Allow from all ProxyPass ajp://127.0.0.1/ </Location> <Directory "/path/to/directory/ckfinder/web"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /path/to/directory/logs/error_log LogLevel warn CustomLog /path/to/directory/logs/access_log combined </VirtualHost>
Re: authentication issues
Perhaps you can try HTTP authentication?
In the CheckAuthentication function you can check for $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] but you need to figure out how to authenticate user automatically.
Wiktor Walc
CTO, CKSource - http://cksource.com
--
Follow CKEditor on: Twitter | Facebook | Google+