如何将CKFinder与Laravel集成?
[英]How to integrate CKFinder with Laravel?
问题描述
I'm trying to integrate CKFinder with Laravel, and I'm about 95% there. 
我正在尝试将CKFinder与Laravel整合在一起,而我在那里的成绩约为95%。 I can get everything to work, except for the CheckAuthentication function - I have to make it return true regardless for the upload to work. 我可以让一切工作,除了CheckAuthentication函数 - 我必须使它return true无论上传工作。
What I've tried doing is bootstrapping Laravel in the config.php file and then checking if a user is logged in, like below: 我尝试做的是在config.php文件中引导Laravel,然后检查用户是否已登录,如下所示:
public/packages/ckfinder/config.php 公共/包/ ckfinder / config.php文件
<?php
/*
* ### CKFinder : Configuration File - Basic Instructions
*
* In a generic usage case, the following tasks must be done to configure
* CKFinder:
* 1. Check the $baseUrl and $baseDir variables;
* 2. If available, paste your license key in the "LicenseKey" setting;
* 3. Create the CheckAuthentication() function that enables CKFinder for authenticated users;
*
* Other settings may be left with their default values, or used to control
* advanced features of CKFinder.
*/
/** RIPPED FROM public/index.php **/
/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader
| for our application. We just need to utilize it! We'll require it
| into the script here so that we do not have to worry about the
| loading of any our classes "manually". Feels great to relax.
|
*/
require __DIR__.'/../../../bootstrap/autoload.php';
/*
|--------------------------------------------------------------------------
| Turn On The Lights
|--------------------------------------------------------------------------
|
| We need to illuminate PHP development, so let's turn on the lights.
| This bootstraps the framework and gets it ready for use, then it
| will load up this application so that we can run it and send
| the responses back to the browser and delight these users.
|
*/
$app = require __DIR__.'/../../../bootstrap/start.php';
/** END public/index.php **/
/**
* This function must check the user session to be sure that he/she is
* authorized to upload and access files in the File Browser.
*
* @return boolean
*/
function CheckAuthentication()
{
// WARNING : DO NOT simply return "true". By doing so, you are allowing
// "anyone" to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as...
return Auth::check();
}
This always returns false, though. 但是,这总是返回false。 I've also tried directly using Laravel's Session to set a variable to true when someone logs in, and false when they log out, and then checking that in the config.php file, but it always returns the default value in Session::get("IsAuthorized", false); 我也尝试直接使用Laravel的Session在某人登录时将变量设置为true,在他们注销时将其设置为false,然后在config.php文件中检查该变量,但它始终在Session::get("IsAuthorized", false);返回默认值Session::get("IsAuthorized", false); . 。 Can anyone offer some guidance as to - 任何人都可以提供一些指导 -
1) How to authenticate whether the user should be allowed to upload? 1)如何验证是否允许用户上传?
2) Why bootstrapping Laravel in another file seems to cause it to use a separate session, even when it's loading the same files? 2)为什么在另一个文件中引导Laravel似乎会导致它使用单独的会话,即使它正在加载相同的文件?
2 个解决方案
解决方案1
1 2015-01-09 11:24:35
I tried integrating simogeo's Filemanager and KCFinder into a Laravel project and I found the same problem. 我尝试将simogeo的Filemanager和KCFinder集成到Laravel项目中,我发现了同样的问题。
With this code, it's possible to share Laravel's session and check authentication from external projects: 使用此代码,可以共享Laravel的会话并检查外部项目的身份验证:
https://gist.github.com/frzsombor/ddd0e11f93885060ef35 https://gist.github.com/frzsombor/ddd0e11f93885060ef35
解决方案2
0 2014-06-09 17:28:37
From my experience, starting from 4.1.28, Application::boot() does not initialize sensitive session data anymore. 根据我的经验,从4.1.28开始,Application :: boot()不再初始化敏感会话数据。
So if you're integrating 3rd party library, which needs external authentification check through sessions, simple checking Auth::check() will not work. 因此,如果您要集成第三方库,需要通过会话进行外部验证检查,则简单检查Auth :: check()将不起作用。 However, we can still use old $_SESSION variable. 但是,我们仍然可以使用旧的$ _SESSION变量。
Eg this one will not work: 例如,这个不起作用:
require __DIR__.'/../bootstrap/autoload.php';
$app = require_once __DIR__.'/../bootstrap/start.php';
$app->boot();
return Auth::check();
Session variables for Auth::check() to work are initialized only in $app->run() sequence. Auth :: check()工作的会话变量仅在$ app-> run()序列中初始化。 But in that case, routing will take place and probably you will get unrecognized page... unless you're using dedicated Laravel package for this. 但在这种情况下,路由将会发生,并且您可能会得到无法识别的页面...除非您使用专用的Laravel程序包。
This one - below - still works: 这个 - 下面 - 仍然有效:
// Somewhere in your app - e.g. in filters.php, "auth"/"guest" filters declaration
if (session_id() == '') {
@session_start();
/* or Session:start(); */
}
$_SESSION['isLoggedIn'] = Auth::check() ? true : false;
Then in your case, function would be simple as: 那么在你的情况下,函数将很简单:
function CheckAuthentication()
{
if (session_id() == '') {
@session_start();
}
return isset( $_SESSION['isLoggedIn'] ) && $_SESSION['isLoggedIn'] == true;
}
NB If you can use Ajax calls for authorization checks, you can still make a custom API with JSON request to user-logged (as an example) to see if user is authentificated. 注意如果您可以使用Ajax调用进行授权检查,您仍然可以使用JSON请求创建一个自定义API,以便用户记录(作为示例)以查看用户是否已经过身份验证。
To answer your second question - it's not so simple as it sounds. 回答你的第二个问题 - 听起来并不那么简单。 Laravel, as a default, uses file system for session storage. 作为默认值,Laravel使用文件系统进行会话存储。 While session data is still accessible, it is encrypted - unless you will write your own Session manager, you can't extract anything from there easily. 虽然会话数据仍然可访问,但它是加密的 - 除非您编写自己的会话管理器,否则您无法轻松地从中提取任何内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.