diff --git a/tiny_mce/plugins/imgmanager/dialog.php b/tiny_mce/plugins/imgmanager/dialog.php
index d19500e..69207fd 100644
--- a/tiny_mce/plugins/imgmanager/dialog.php
+++ b/tiny_mce/plugins/imgmanager/dialog.php
@@ -10,6 +10,7 @@
+
@@ -19,9 +20,9 @@
-
+ = $_SESSION['session_id'] ?>
diff --git a/tiny_mce/plugins/imgmanager/js/dialog.js b/tiny_mce/plugins/imgmanager/js/dialog.js
index 23e6f96..9678ca7 100644
--- a/tiny_mce/plugins/imgmanager/js/dialog.js
+++ b/tiny_mce/plugins/imgmanager/js/dialog.js
@@ -19,7 +19,7 @@ var ImgManagerDialog = {
'folder' : '',
'auto' : false,
'multi' : true,
- 'scriptData': {"uploadify":1}
+ 'scriptData': {"uploadify":1,"hash":hash}
});
},
close : function() {
diff --git a/tiny_mce/plugins/imgmanager/libs/EncriptDecript.php b/tiny_mce/plugins/imgmanager/libs/EncriptDecript.php
new file mode 100644
index 0000000..89c9b12
--- /dev/null
+++ b/tiny_mce/plugins/imgmanager/libs/EncriptDecript.php
@@ -0,0 +1,29 @@
+
+ * @since : 2012-03-02, 15.13.27
+ */
+class EncriptDecript{
+ protected $salt = "098j*#YDJ_)#)@D)(FFM)JFN@*(_(h8(#@DFJ@_kjd20-f92fy23039djm";
+
+ /**
+ * Get Encripted string
+ * @param String $string
+ * @return String
+ */
+ public function encript($string){
+ return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->salt), $string, MCRYPT_MODE_CBC, md5(md5($this->salt))));
+ }
+
+ /**
+ * Get Decripted string
+ * @param String $encrypted Encripted string
+ * @return String
+ */
+ public function decript($encrypted){
+ return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->salt), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($this->salt))), "\0");
+ }
+}
diff --git a/tiny_mce/plugins/imgmanager/libs/ajax.php b/tiny_mce/plugins/imgmanager/libs/ajax.php
index 3bbbfb8..e66236d 100644
--- a/tiny_mce/plugins/imgmanager/libs/ajax.php
+++ b/tiny_mce/plugins/imgmanager/libs/ajax.php
@@ -5,6 +5,19 @@
* @copyright Darius Matulionis
* @author Darius Matulionis
*/
+
+//UPLOADIFY SESSION AUTH
+//!!!! CHANGE THIS IF NEDED!!!!!!
+if (!empty($_FILES) && isset($_FILES['Filedata']) && $_REQUEST['hash']) {
+ require 'EncriptDecript.php';
+ $ed = new EncriptDecript();
+ $session_id = $ed->decript($_REQUEST['hash']);
+ $_COOKIE['PHPSESSID'] = $session_id;
+ session_id($session_id);
+ session_start();
+ $_SESSION['user_auth'] = true;
+}
+
require_once 'config.php';
require_once 'FilesHandler.php';
$filesHandler = new FilesHandler();
@@ -21,7 +34,6 @@
$targetPath = UPLOADS_PATH . DIRECTORY_SEPARATOR . $sub_dircetory;
- //$targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/';
$targetFile = str_replace('//', '/', $targetPath) . $_FILES['Filedata']['name'];
move_uploaded_file($tempFile, $targetFile);
diff --git a/tiny_mce/plugins/imgmanager/libs/config.php b/tiny_mce/plugins/imgmanager/libs/config.php
index e466e8b..4f0f8ad 100644
--- a/tiny_mce/plugins/imgmanager/libs/config.php
+++ b/tiny_mce/plugins/imgmanager/libs/config.php
@@ -12,8 +12,21 @@
/**
* AUTH SHOULD BE DONE HERE !!!!
*/
-//!!!! CHANGE THIS !!!!!!
-$auth = true;
+//!!!! CHANGE THIS !!!!!! AND THEN ajax.php
+
+$session_id = session_id() ? session_id() : $_COOKIE["PHPSESSID"];
+if(session_start()){
+ $_SESSION['session_id'] = $session_id;
+ $_SESSION['user_auth'] = true;
+}
+
+$auth = false;
+if($_SESSION['session_id'] && $_SESSION['user_auth']){
+ $auth = true;
+ require 'EncriptDecript.php';
+ $ed = new EncriptDecript();
+ $encripted_session_id =$ed->encript($session_id);
+}
if(!$auth){
die("You are not allowed to be here !!!");
@@ -29,6 +42,10 @@
defined('LIBS_PATH')
|| define('LIBS_PATH', realpath(dirname(__FILE__)));
+//ENCRIPTED SESSION ID
+defined('ENCRIPTED_SESSION_ID')
+ || define('ENCRIPTED_SESSION_ID', $encripted_session_id);
+
//!!!! CHANGE THIS !!!!!!
// WEB BASE DIRECTORY