我试图将CKFinder与Laravel整合,我在那里约占95%。除了CheckAuthentication函数之外,我可以让一切工作正常 - 无论上传工作如何,我都必须return true。
我尝试过的是在config.php文件中引导Laravel,然后检查用户是否已登录,如下所示:
公共/包/ ckfinder / config.php中
<?php
/*
* ### CKFinder : Configuration File - Basic Instructions
*
* In a generic usage case, the following tasks must be done to configure
* CKFinder:
* 1. Check the $baseUrl and $baseDir variables;
* 2. If available, paste your license key in the "LicenseKey" setting;
* 3. Create the CheckAuthentication() function that enables CKFinder for authenticated users;
*
* Other settings may be left with their default values, or used to control
* advanced features of CKFinder.
*/
/** RIPPED FROM public/index.php **/
/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader
| for our application. We just need to utilize it! We'll require it
| into the script here so that we do not have to worry about the
| loading of any our classes "manually". Feels great to relax.
|
*/
require __DIR__.'/../../../bootstrap/autoload.php';
/*
|--------------------------------------------------------------------------
| Turn On The Lights
|--------------------------------------------------------------------------
|
| We need to illuminate PHP development, so let's turn on the lights.
| This bootstraps the framework and gets it ready for use, then it
| will load up this application so that we can run it and send
| the responses back to the browser and delight these users.
|
*/
$app = require __DIR__.'/../../../bootstrap/start.php';
/** END public/index.php **/
/**
* This function must check the user session to be sure that he/she is
* authorized to upload and access files in the File Browser.
*
* @return boolean
*/
function CheckAuthentication()
{
// WARNING : DO NOT simply return "true". By doing so, you are allowing
// "anyone" to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as...
return Auth::check();
}
但是这总是返回false。我还尝试直接使用Laravel的Session在某人登录时将变量设置为true,在他们注销时将其设置为false,然后在config.php文件中检查该变量,但是始终返回Session::get("IsAuthorized", false);中的默认值。任何人都可以提供一些指导 -
1)如何验证是否允许用户上传?
2)为什么在另一个文件中引导Laravel似乎会导致它使用单独的会话,即使它加载相同的文件?
答案 0 :(得分:1)
我尝试将simogeo的Filemanager和KCFinder集成到Laravel项目中,我发现了同样的问题。
使用此代码,可以共享Laravel的会话并检查外部项目的身份验证:
答案 1 :(得分:0)
根据我的经验,从4.1.28开始,Application :: boot()不再初始化敏感会话数据。
因此,如果您正在集成第三方库,需要通过会话进行外部验证检查,则简单检查Auth :: check()将无法正常工作。但是,我们仍然可以使用旧的$ _SESSION变量。
E.g。这个不起作用:
require __DIR__.'/../bootstrap/autoload.php';
$app = require_once __DIR__.'/../bootstrap/start.php';
$app->boot();
return Auth::check();
Auth :: check()工作的会话变量仅在$ app-&gt; run()序列中初始化。但在这种情况下,路由将会发生,并且您可能会得到无法识别的页面......除非您使用专用的Laravel程序包。
这一个 - 下面 - 仍然有效:
// Somewhere in your app - e.g. in filters.php, "auth"/"guest" filters declaration
if (session_id() == '') {
@session_start();
/* or Session:start(); */
}
$_SESSION['isLoggedIn'] = Auth::check() ? true : false;
然后在你的情况下,函数将很简单:
function CheckAuthentication()
{
if (session_id() == '') {
@session_start();
}
return isset( $_SESSION['isLoggedIn'] ) && $_SESSION['isLoggedIn'] == true;
}
N.B。如果您可以使用Ajax调用进行授权检查,您仍然可以使用JSON请求创建一个自定义API,以便用户记录(作为示例)以查看用户是否已经过身份验证。
回答你的第二个问题 - 听起来并不那么简单。作为默认值,Laravel使用文件系统进行会话存储。虽然会话数据仍然可访问,但它是加密的 - 除非您编写自己的会话管理器,否则您无法从中轻松提取任何内容。