1

How do I pass the logged in status from ion-auth/codeigniter to CKFinder's config file?

In CKfinder, there is a config file for authentication as follows:

$config['authentication'] = function () {
    return false;
};

In codeigniter I am using ion-auth. In the Auth controller in the login() method, I added this if the user is successfully logged in:

$_SESSION['userloggedin'];

The $_SESSION['userloggedin'] does get set as when I echo to screen, I get "1" but that echo is in the login() method. I can seem to get the session var in the CKfinder config. How to I do that? I want to do something like this:

$config['authentication'] = function () {
    if ($_SESSION['userloggedin'] === true) { 
        return true;
    } else {
        return false;
    }
};

Any help appreciated.

spreaderman
  • 918
  • 2
  • 10
  • 39
  • Have follow this: https://docs-old.ckeditor.com/ckfinder3-php/configuration.html#configuration_options_authentication I can echo the session var in other pages. Just doesn't seem to be getting to the ckfinder config. – spreaderman Dec 02 '17 at 12:04
  • Oh my friend you are in for a treat. Ci doesn't work well with others. – Alex Dec 02 '17 at 19:34
  • So strange. I can see $_SESSION['userloggedin'] through my entire CI site but for some reason not in the config file. – spreaderman Dec 03 '17 at 04:44

1 Answers1

3

You can't access $_SESSION directly because CI uses its own form of sessions that are typically prepended with __ci_vars and there is no easy way of directly accessing them unless you load the session driver independently which is a whole other can of worms.

Here is how I made it work:

Alright so I use all the same things as you - CKFinder, IonAuth, .etc.

index.php:

Do the following $system_path = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'system'; and $application_folder = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'application'; this makes it so that those paths are correct when called from wherever.

Next your index.php file make a file called CI.php and add the following:

<?php
ob_start();
define('REQUEST', 'external');
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . "index.php"; //or wherever the directory is relative to your path
ob_end_clean();
return $CI;

Then in your default route controller (so whichever controller your site lands on first if you go to localhost or somesite.com) add the top of the index() function add the defined if statement - if you don't do this your default route will render in CK and everything won't work.

class Homepage extends MY_Frontend
{

    public function index()
    {
        // FOR SI AND CKFINDER
        if (defined('REQUEST') && REQUEST === 'external') {
            return;
        }

Then in your ck config:

$CI = require_once $_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR . 'CI.php';


/* ============================ General Settings ======================================= */
// http://docs.cksource.com/ckfinder3-php/configuration.html

$config = array();

/* ============================ Enable PHP Connector HERE ============================== */
// http://docs.cksource.com/ckfinder3-php/configuration.html#configuration_options_authentication

$config['authentication'] = function () {
    $CI = & get_instance();
    $CI->load->library('session'); //if it's not autoloaded in your CI setup
    return $CI->session->has_userdata('user_id');
};

I am just checking if the session user_id flag is set (TRUE logged in, FALSE not) as my frontend controller doesn't make use of it (or sessions), and that is what CK is getting routed through. If your entire site is behind ion_auth or if you autoload it or sessions than you can probably just use return $this->ion_auth->logged_in();.

Please keep in mind that if you use CSRF than CK might also be affected and not work since it won't have the proper tokens.

I do the following in my CI config file:

if (defined('REQUEST') && REQUEST === 'external') {
    $config['csrf_protection'] = FALSE;
} else {
    $config['csrf_protection'] = TRUE;
}

This solution is not elegant, but it is the only thing I found that worked! There are some libraries to load CK from within CI but all were too old for the version of CK I was using.

Alex
  • 9,215
  • 8
  • 39
  • 82
  • Thank you very much for that solution, Alex. You are using ci’s sessions but wouldn’t it be possible with just php’s sessions? That is the way I have try to do it but for some strange reason, although I can read the session var in other places, I cannot read it in the config. – spreaderman Dec 03 '17 at 01:17
  • I'm not sure. I don't use the session variable from php with ci, as I just use the session driver. Wisdom would suggest that if you are using the php session then it should be accessible throughout. Further, since Ion Auth uses ci sessions why even bother with setting a php session variable yourself? – Alex Dec 03 '17 at 16:23
  • Upon reading the documentation again, I think it is because whenever the session driver is loaded (like with ion_auth) `$_SESSION['addme'] = 'sometest';` gets added to the CI session system not the php one. I confirmed this on localhost. – Alex Dec 03 '17 at 16:41
  • Very much appreciate your help Alex! Would it be possible to tell me where in the documentation is says that ion_auth is using native sessions? If it were using native php sessions wouldn't that mean it could be carried across to non CI apps? I thought it would be easier just to traverse out of CI sessions into a native session and then use elsewhere. I am very interested to learn how you tested $_SESSION['addme'] = 'sometest' gets added to the CI session and not the native one. – spreaderman Dec 04 '17 at 00:58
  • Sorry for the confusion I was saying Ion Auth uses the session driver of codeigniter not the native php session, as you can see in the model and library files. Also in the session library documentation for ci it says that you can set the session variables using `$_SESSION` which means that those variables must be somehow added to the codeigniter session system otherwise you wouldn't be able to retrieve them using codeigniters session library (the documentation is very grey here). As for my method, I'll have to get back to you. Don't remember what I did and am not by my computer. – Alex Dec 04 '17 at 01:28
  • Alex, took me a while but I finally understand what you mean! I am trying to follow your method. I get this error in the CKFinder window: "Your system folder path does not appear to be set correctly. Please open the following file and correct this: index.php" I have a standard CI install. – spreaderman Dec 05 '17 at 12:05
  • I can confirm my system is set correctly. When I run CI.php and do print_r($CI); Data as expected returned about CI instance. Problem seems to be in the config file and I can't figure out how to debug the errors to the screen. – spreaderman Dec 05 '17 at 12:23
  • I can confirm that return $CI->ion_auth->logged_in(); does return 1 (eg true) so confused about the error now. – spreaderman Dec 05 '17 at 12:31
  • ok, anyway, you solved my problem. I can not get TRUE or FALSE in the app config file. Seems I have mixed up some other settings. Thank you! – spreaderman Dec 05 '17 at 12:36
  • glad i could help! – Alex Dec 05 '17 at 15:35
  • above I say, " I can not get TRUE or FALSE i" but it should read, " I can now get TRUE or FALSE i" – spreaderman Dec 06 '17 at 01:25
  • Seems like I have another error in the ckfinder upload window. Your system folder path does not appear to be set correctly. Please open the following file and correct this: index.php – spreaderman Dec 06 '17 at 01:26
  • 1
    Forgot a key step. In your `index.php` file do the following `$system_path = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'system';` and `$application_folder = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'application';` this makes it so that those paths are correct when called from wherever – Alex Dec 06 '17 at 01:43