1 | <?php |
---|
2 | /* |
---|
3 | * ### CKFinder : Configuration File - Basic Instructions |
---|
4 | * |
---|
5 | * In a generic usage case, the following tasks must be done to configure |
---|
6 | * CKFinder: |
---|
7 | * 1. Check the $baseUrl and $baseDir variables; |
---|
8 | * 2. If available, paste your license key in the "LicenseKey" setting; |
---|
9 | * 3. Create the CheckAuthentication() function that enables CKFinder for authenticated users; |
---|
10 | * |
---|
11 | * Other settings may be left with their default values, or used to control |
---|
12 | * advanced features of CKFinder. |
---|
13 | */ |
---|
14 | |
---|
15 | /** |
---|
16 | * This function must check the user session to be sure that he/she is |
---|
17 | * authorized to upload and access files in the File Browser. |
---|
18 | * |
---|
19 | * @return boolean |
---|
20 | */ |
---|
21 | function CheckAuthentication() |
---|
22 | { |
---|
23 | //WARNING : DO NOT simply return "true". By doing so, you are allowing |
---|
24 | //"anyone" to upload and list the files in your server. You must implement |
---|
25 | //some kind of session validation here. Even something very simple as... |
---|
26 | |
---|
27 | //return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized']; |
---|
28 | return true; |
---|
29 | |
---|
30 | //... where $_SESSION['IsAuthorized'] is set to "true" as soon as the |
---|
31 | //user logs in your system. |
---|
32 | |
---|
33 | //return false; |
---|
34 | } |
---|
35 | |
---|
36 | // LicenseKey : Paste your license key here. If left blank, CKFinder will be |
---|
37 | // fully functional, in demo mode. |
---|
38 | $config['LicenseName'] = 'www.crscb.cz'; |
---|
39 | $config['LicenseKey'] = 'M63S-FK13-X35P-MK15-3379-DN1K-BDF7'; |
---|
40 | |
---|
41 | /* |
---|
42 | To make it easy to configure CKFinder, the $baseUrl and $baseDir can be used. |
---|
43 | Those are helper variables used later in this config file. |
---|
44 | */ |
---|
45 | |
---|
46 | /* |
---|
47 | $baseUrl : the base path used to build the final URL for the resources handled |
---|
48 | in CKFinder. If empty, the default value (/userfiles/) is used. |
---|
49 | |
---|
50 | Examples: |
---|
51 | $baseUrl = 'http://example.com/ckfinder/files/'; |
---|
52 | $baseUrl = '/userfiles/'; |
---|
53 | |
---|
54 | ATTENTION: The trailing slash is required. |
---|
55 | */ |
---|
56 | //$baseUrl = '/ckfinder/userfiles/'; |
---|
57 | $baseUrl = '/pages/userfiles/'; |
---|
58 | |
---|
59 | /* |
---|
60 | $baseDir : the path to the local directory (in the server) which points to the |
---|
61 | above $baseUrl URL. This is the path used by CKFinder to handle the files in |
---|
62 | the server. Full write permissions must be granted to this directory. |
---|
63 | |
---|
64 | Examples: |
---|
65 | // You may point it to a directory directly: |
---|
66 | $baseDir = '/home/login/public_html/ckfinder/files/'; |
---|
67 | $baseDir = 'C:/SiteDir/CKFinder/userfiles/'; |
---|
68 | |
---|
69 | // Or you may let CKFinder discover the path, based on $baseUrl: |
---|
70 | $baseDir = resolveUrl($baseUrl); |
---|
71 | |
---|
72 | ATTENTION: The trailing slash is required. |
---|
73 | */ |
---|
74 | $baseDir = resolveUrl($baseUrl); |
---|
75 | |
---|
76 | /* |
---|
77 | * ### Advanced Settings |
---|
78 | */ |
---|
79 | |
---|
80 | /* |
---|
81 | Thumbnails : thumbnails settings. All thumbnails will end up in the same |
---|
82 | directory, no matter the resource type. |
---|
83 | */ |
---|
84 | $config['Thumbnails'] = Array( |
---|
85 | 'url' => $baseUrl . '_thumbs', |
---|
86 | 'directory' => $baseDir . '_thumbs', |
---|
87 | 'enabled' => true, |
---|
88 | 'directAccess' => false, |
---|
89 | 'maxWidth' => 100, |
---|
90 | 'maxHeight' => 100, |
---|
91 | 'bmpSupported' => false, |
---|
92 | 'quality' => 80); |
---|
93 | |
---|
94 | /* |
---|
95 | Set the maximum size of uploaded images. If an uploaded image is larger, it |
---|
96 | gets scaled down proportionally. Set to 0 to disable this feature. |
---|
97 | */ |
---|
98 | $config['Images'] = Array( |
---|
99 | 'maxWidth' => 1600, |
---|
100 | 'maxHeight' => 1200, |
---|
101 | 'quality' => 80); |
---|
102 | |
---|
103 | /* |
---|
104 | RoleSessionVar : the session variable name that CKFinder must use to retrieve |
---|
105 | the "role" of the current user. The "role", can be used in the "AccessControl" |
---|
106 | settings (bellow in this page). |
---|
107 | |
---|
108 | To be able to use this feature, you must initialize the session data by |
---|
109 | uncommenting the following "session_start()" call. |
---|
110 | */ |
---|
111 | $config['RoleSessionVar'] = 'CKFinder_UserRole'; |
---|
112 | //session_start(); |
---|
113 | |
---|
114 | /* |
---|
115 | AccessControl : used to restrict access or features to specific folders. |
---|
116 | |
---|
117 | Many "AccessControl" entries can be added. All attributes are optional. |
---|
118 | Subfolders inherit their default settings from their parents' definitions. |
---|
119 | |
---|
120 | - The "role" attribute accepts the special '*' value, which means |
---|
121 | "everybody". |
---|
122 | - The "resourceType" attribute accepts the special value '*', which |
---|
123 | means "all resource types". |
---|
124 | */ |
---|
125 | |
---|
126 | $config['AccessControl'][] = Array( |
---|
127 | 'role' => '*', |
---|
128 | 'resourceType' => '*', |
---|
129 | 'folder' => '/', |
---|
130 | |
---|
131 | 'folderView' => true, |
---|
132 | 'folderCreate' => true, |
---|
133 | 'folderRename' => true, |
---|
134 | 'folderDelete' => true, |
---|
135 | |
---|
136 | 'fileView' => true, |
---|
137 | 'fileUpload' => true, |
---|
138 | 'fileRename' => true, |
---|
139 | 'fileDelete' => true); |
---|
140 | |
---|
141 | /* |
---|
142 | For example, if you want to restrict the upload, rename or delete of files in |
---|
143 | the "Logos" folder of the resource type "Images", you may uncomment the |
---|
144 | following definition, leaving the above one: |
---|
145 | |
---|
146 | $config['AccessControl'][] = Array( |
---|
147 | 'role' => '*', |
---|
148 | 'resourceType' => 'Images', |
---|
149 | 'folder' => '/Logos', |
---|
150 | |
---|
151 | 'fileUpload' => false, |
---|
152 | 'fileRename' => false, |
---|
153 | 'fileDelete' => false); |
---|
154 | */ |
---|
155 | |
---|
156 | /* |
---|
157 | ResourceType : defines the "resource types" handled in CKFinder. A resource |
---|
158 | type is nothing more than a way to group files under different paths, each one |
---|
159 | having different configuration settings. |
---|
160 | |
---|
161 | Each resource type name must be unique. |
---|
162 | |
---|
163 | When loading CKFinder, the "type" querystring parameter can be used to display |
---|
164 | a specific type only. If "type" is omitted in the URL, the |
---|
165 | "DefaultResourceTypes" settings is used (may contain the resource type names |
---|
166 | separated by a comma). If left empty, all types are loaded. |
---|
167 | |
---|
168 | maxSize is defined in bytes, but shorthand notation may be also used. |
---|
169 | Available options are: G, M, K (case insensitive). |
---|
170 | 1M equals 1048576 bytes (one Megabyte), 1K equals 1024 bytes (one Kilobyte), 1G equals one Gigabyte. |
---|
171 | Example: 'maxSize' => "8M", |
---|
172 | */ |
---|
173 | $config['DefaultResourceTypes'] = ''; |
---|
174 | |
---|
175 | $config['ResourceType'][] = Array( |
---|
176 | 'name' => 'Files', // Single quotes not allowed |
---|
177 | 'url' => $baseUrl . 'files', |
---|
178 | 'directory' => $baseDir . 'files', |
---|
179 | 'maxSize' => 0, |
---|
180 | 'allowedExtensions' => '7z,aiff,asf,avi,bmp,csv,doc,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png,ppt,pxd,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,sitd,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,zip', |
---|
181 | 'deniedExtensions' => ''); |
---|
182 | |
---|
183 | $config['ResourceType'][] = Array( |
---|
184 | 'name' => 'Images', |
---|
185 | 'url' => $baseUrl . 'images', |
---|
186 | 'directory' => $baseDir . 'images', |
---|
187 | 'maxSize' => 0, |
---|
188 | 'allowedExtensions' => 'bmp,gif,jpeg,jpg,png', |
---|
189 | 'deniedExtensions' => ''); |
---|
190 | |
---|
191 | $config['ResourceType'][] = Array( |
---|
192 | 'name' => 'Flash', |
---|
193 | 'url' => $baseUrl . 'flash', |
---|
194 | 'directory' => $baseDir . 'flash', |
---|
195 | 'maxSize' => 0, |
---|
196 | 'allowedExtensions' => 'swf,flv', |
---|
197 | 'deniedExtensions' => ''); |
---|
198 | |
---|
199 | /* |
---|
200 | Due to security issues with Apache modules, it is recommended to leave the |
---|
201 | following setting enabled. |
---|
202 | |
---|
203 | How does it work? Suppose the following: |
---|
204 | |
---|
205 | - If "php" is on the denied extensions list, a file named foo.php cannot be |
---|
206 | uploaded. |
---|
207 | - If "rar" (or any other) extension is allowed, one can upload a file named |
---|
208 | foo.rar. |
---|
209 | - The file foo.php.rar has "rar" extension so, in theory, it can be also |
---|
210 | uploaded. |
---|
211 | |
---|
212 | In some conditions Apache can treat the foo.php.rar file just like any PHP |
---|
213 | script and execute it. |
---|
214 | |
---|
215 | If CheckDoubleExtension is enabled, each part of the file name after a dot is |
---|
216 | checked, not only the last part. In this way, uploading foo.php.rar would be |
---|
217 | denied, because "php" is on the denied extensions list. |
---|
218 | */ |
---|
219 | $config['CheckDoubleExtension'] = true; |
---|
220 | |
---|
221 | /* |
---|
222 | If you have iconv enabled (visit http://php.net/iconv for more information), |
---|
223 | you can use this directive to specify the encoding of file names in your |
---|
224 | system. Acceptable values can be found at: |
---|
225 | http://www.gnu.org/software/libiconv/ |
---|
226 | |
---|
227 | Examples: |
---|
228 | $config['FilesystemEncoding'] = 'CP1250'; |
---|
229 | $config['FilesystemEncoding'] = 'ISO-8859-2'; |
---|
230 | */ |
---|
231 | $config['FilesystemEncoding'] = 'UTF-8'; |
---|
232 | |
---|
233 | /* |
---|
234 | Perform additional checks for image files |
---|
235 | if set to true, validate image size |
---|
236 | */ |
---|
237 | $config['SecureImageUploads'] = true; |
---|
238 | |
---|
239 | /* |
---|
240 | Indicates that the file size (maxSize) for images must be checked only |
---|
241 | after scaling them. Otherwise, it is checked right after uploading. |
---|
242 | */ |
---|
243 | $config['CheckSizeAfterScaling'] = true; |
---|
244 | |
---|
245 | /* |
---|
246 | For security, HTML is allowed in the first Kb of data for files having the |
---|
247 | following extensions only. |
---|
248 | */ |
---|
249 | $config['HtmlExtensions'] = array('html', 'htm', 'xml', 'js'); |
---|
250 | |
---|
251 | /* |
---|
252 | Folders to not display in CKFinder, no matter their location. |
---|
253 | No paths are accepted, only the folder name. |
---|
254 | The * and ? wildcards are accepted. |
---|
255 | */ |
---|
256 | $config['HideFolders'] = Array(".svn", "CVS"); |
---|
257 | |
---|
258 | /* |
---|
259 | Files to not display in CKFinder, no matter their location. |
---|
260 | No paths are accepted, only the file name, including extension. |
---|
261 | The * and ? wildcards are accepted. |
---|
262 | */ |
---|
263 | $config['HideFiles'] = Array(".*"); |
---|
264 | |
---|
265 | /* |
---|
266 | After file is uploaded, sometimes it is required to change its permissions |
---|
267 | so that it was possible to access it at the later time. |
---|
268 | If possible, it is recommended to set more restrictive permissions, like 0755. |
---|
269 | Set to 0 to disable this feature. |
---|
270 | Note: not needed on Windows-based servers. |
---|
271 | */ |
---|
272 | $config['ChmodFiles'] = 0777 ; |
---|
273 | |
---|
274 | /* |
---|
275 | See comments above. |
---|
276 | Used when creating folders that does not exist. |
---|
277 | */ |
---|
278 | $config['ChmodFolders'] = 0755 ; |
---|