EllisLab text mark
Advanced Search
2 of 4
2
   
Using SWFUpload + Sessions + upload class, how I did it.
Posted: 22 March 2009 04:59 PM   [ # 16 ]   [ Rating: 0 ]
Avatar
Joined: 2008-05-17
1073 posts

@defunct:
What session library do you use?
If it’s CI session, have a look at http://ellislab.com/forums/viewreply/536121/.

 
Posted: 22 March 2009 08:00 PM   [ # 17 ]   [ Rating: 0 ]
Joined: 2009-03-11
13 posts
post_params{"PHPSESSID" "<?=$this->session->userdata('session_id')?>"}

also make sure you have

$this->load->library('session'); 

up top

 
Posted: 22 March 2009 09:08 PM   [ # 18 ]   [ Rating: 0 ]
Joined: 2009-03-22
8 posts

I am using dx_auth, which seems to use ci sessions, but it stores them in the database. It autoloads ci’s session library as well in their class.

The problem is I have the check on the entire controller, (files) but I’m posting to /files/do_upload/ on my controller. I need some way to pass the session to the construct (using post or get) and passing that to dx_auth somehow…I’m fairly new to CI so not 100% sure how sessions are handled, it is surely cookie based though.

The instructions at the top of this (editing Session.php) are outdated it seems as well, the code isn’t the same, nor are the line numbers.

I do have the proper session ID on my form page, using the technique above, but whenever I post a new flash session is added to the database and just adding it to session_id() in my construct doesn’t seem to work correctly with dx_auth.

So I’m a bit stuck at the moment.

 
Posted: 22 March 2009 09:14 PM   [ # 19 ]   [ Rating: 0 ]
Joined: 2009-03-11
13 posts

you can set the session id by getting the PHPSESSID post param.

 
Posted: 22 March 2009 09:29 PM   [ # 20 ]   [ Rating: 0 ]
Joined: 2009-03-22
8 posts

I know that. I am getting the phpsessid from flash but how do I tell dx_auth to use that var for the current session?

 
Posted: 22 March 2009 09:37 PM   [ # 21 ]   [ Rating: 0 ]
Joined: 2009-03-11
13 posts

not sure but on the first page of this forum there is this.

//you should have swfuploader POST your session id (youll see in the view)
       
$params['session_id'$this->input->post("PHPSESSID");
       
//load the session library the new way, by passing it the session id
       
$this->load->library('session'$params); 

I would figure its something similar. This sets the session id when you load the session if its already loaded you should be able to call the session id and update it but you would need to look in the session helper for that.

 
Posted: 22 March 2009 09:58 PM   [ # 22 ]   [ Rating: 0 ]
Joined: 2009-03-22
8 posts

Yeah those are the instructions after modifying session.php. The problem is the instructions say to edit _sess_run(). That function no longer exists. But I will try it again. Not sure how you did as you are using dx_auth a well, unless your upload page isn’t secured at all.

 
Posted: 22 March 2009 10:24 PM   [ # 23 ]   [ Rating: 0 ]
Joined: 2009-03-11
13 posts

Ya thats the thing. I dont have a formal upload page. I am storing files via database so i just check for malicious code and save the file to the database.

 
Posted: 22 March 2009 11:39 PM   [ # 24 ]   [ Rating: 0 ]
Joined: 2009-03-22
8 posts

I don’t mean it that way, if you store in a db it is still being stored in a temp dir on your server, it has to upload somewhere before you dump it in a db. I mean it seems like you aren’t checking if the user is actually logged in with:

// Ensure user is logged in
        
if (!$this->dx_auth->is_logged_in())  
        
{  
            
// Redirect to login page
            
redirect('/auth/login/''refresh');
        

So you could actually load your file upload page without being logged in if you knew the url, meaning you aren’t even using the session id and would throw php errors saying it can’t find the user_id you passing via the url string.

I want to still be able to do my is logged in check so the page is secure from users that aren’t logged in but somehow inject that session id so that dx_auth thinks the flash app is the same user.

 
Posted: 23 March 2009 06:13 AM   [ # 25 ]   [ Rating: 0 ]
Avatar
Joined: 2008-05-17
1073 posts

Didn’t you read this one?

pistolPete - 22 March 2009 08:59 PM

If it’s CI session, have a look at http://ellislab.com/forums/viewreply/536121/.

 
Posted: 23 March 2009 08:55 AM   [ # 26 ]   [ Rating: 0 ]
Joined: 2009-03-11
13 posts

i dont need to check that since the up loader is already on a page that the user has to be logged in to see. You dont need to know the temp directory because at the point i mess with the data its in the post array. And no you cant just upload your content since i am not sending any file to the server file system. And without the authentication from the previous page the database script will fail due to constraints i placed on the database. pistolPete is right, you need to read the post he placed.

 
Posted: 23 March 2009 11:57 PM   [ # 27 ]   [ Rating: 0 ]
Joined: 2009-03-22
8 posts
pistolPete - 23 March 2009 10:13 AM

Didn’t you read this one?

pistolPete - 22 March 2009 08:59 PM

If it’s CI session, have a look at http://ellislab.com/forums/viewreply/536121/.

Sorry I had missed that. That looks like I what I want to do, but can you post your entire MY_Session.php to give me a hand please?

Thanks

 
Posted: 24 March 2009 01:08 AM   [ # 28 ]   [ Rating: 0 ]
Joined: 2009-03-22
8 posts

I did try it, and flash is still creating a new session in my database.

I had to encapsulate with single quotes or it would break swfupload due to the ” and the { in the cookie

post_params{"<?php echo $this->config->item('sess_cookie_name'); ?>" :'<?php echo $this->session->get_cookie_data(); ?>'}

and outputs as

post_params{"ci_session" :'a:4:{s:10:"session_id";s:32:"e55ck53405a9fc762cf3f153a0ce6162";s:10:"ip_address";s:13:"192.168.200.1";s:10:"user_agent";s:50:"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv";s:13:"last_activity";s:10:"1237774716";}f929353264c04b5e2e90a05b7080a91e'}

Still no go :(

 
Posted: 24 March 2009 05:07 AM   [ # 29 ]   [ Rating: 0 ]
Joined: 2007-09-13
247 posts

Try writing the upload routine. The upload_url outside the authenticated area and it should work fine. The page from which is it uploading can be under security but the processing page can be a different controller outside the authenticated area. For now this workaround is good to make it work with CI 1.7.x with the new session class.

 Signature 

Sarfaraz Momin.
PHP With Us

 
Posted: 24 March 2009 05:28 AM   [ # 30 ]   [ Rating: 0 ]
Avatar
Joined: 2008-05-17
1073 posts
defunct - 24 March 2009 03:57 AM

can you post your entire MY_Session.php

I attached the file.
Btw: I use cookie encryption;

$config['sess_encrypt_cookie']  TRUE
 
2 of 4
2