You are not logged in.
Pages: 1
I need the image manager to use a different image folder path between sessions (login user)
my question is, how do I pass that path from the xinha javascript loader code to the config.inc.php
anyone did that ? or any developer could give me a quick hand.
what I am thinking is doing something like this....
xinha_plugins = null;
xinha_image_folder = 'demo_images/clients_xyz';
// This contains the names of textareas we will make into Xinha editors
xinha_init = xinha_init ? xinha_init : function()
{
then in the PHP i need to be able to use that JS variable.
but how?
thanks
Offline
xinha_config.ImageManager.backend_config = ...
xinha_config.ImageManager.backend_config_hash = ...
xinha_config.ImageManager.backend_config_secret_key_location = ...
I found those three variables, it seems to be able to do the trick.
although, I don't have access to PHP generating the JS because my software is in Ruby, only the ImageManager use PHP.
so I can generate the config and the config_hash in ruby just fine. but the sessions variables are not stored.
so I don't think I can't populate the PHP session from ruby which is a problem in this case.
any idea ?
Last edited by somekool (2006-08-08 22:11:09)
Offline
if($_REQUEST['backend_config_hash'] !== sha1($_REQUEST['backend_config']))
{
die("Backend security error.");
}
I decided to remove the session protections.
it works fine now
thanks
Last edited by somekool (2006-08-08 22:36:02)
Offline
Take into consideration that when removing this security measures (checking the hash) it is now possible to inject any configuration (e.g. any directory) into ImageManager just by constructing the URL to it. That could mean that you are open to some nasty attacks to your application. Checking the passed configuration hash ensures that the ImageMnager plugin has been called by your legitimate script.
If it is possible, you could try writing data from your Ruby application e.g. into some temporary file, database etc. and modifying ImageManager config.php to fetch it from there.
Cheers,
Chris Kotowicz
Offline
Yea, removing those protections is not a hot idea in most cases, I'd say perhaps store a temporary file name in a cookie, a different one for each user, in that temporary file you could put the config stuff for ImageManager, and then modify config.php to find the file from the cookie and read the config from that. Just be careful that you don't leave the cookie open to abuse (have a certain known format to the filename, anything else won't work).
James Sleeman
Offline
Pages: 1