I am using Codeigniter with the TankAuth library installed and trying to upload to index.php/requests/doUpload from swfupload but can't access the page as authenticated. I have read many posts around the net about similar problem and tried to set $config['sess_match_useragent'] = FALSE;
but still no difference. I have ended up skipping the login check in my controller for testing purposes. But now I need to access tankAuth library from my controller to get the current logged in user ID. It is requested in my application and cannot skip it, I really need to pass the logged in user id to that doUpload model. I have setup controller like this:
function doUploadFileFn() {
if (!$this->tank_auth->is_logged_in()) {
return;
} else {
$user_id = $this->tank_auth->get_user_id();
$this->load->model('requests/doUploadFile');
$this->doUploadFile开发者_Python百科->uploadData($user_id);
}
}
Now, it does not pass the is_logged_in() check, as I learned from other posts, CI deletes the session but I have setup the config not to match the user agent but still not working.
Is there any solution to this out there ?
Following the tutorial in the CI forums I was able to achieve what you are asking for.
1) Put this in the SWFUpload JS config:
post_params: {"<?php echo $this->config->item('sess_cookie_name'); ?>" :"<?php echo $this->session->get_cookie_data(); ?>"},
2) And place the MY_Session.php
file in your application/libraries/
folder.
3) The new library should be loaded the moment the view is loaded if not (for some reason) then load your library in the controller.
P.S: You need to set:
$config['sess_match_useragent'] = FALSE;
Otherwise a new session will be created for a useragent Shockwave Flash
EDIT: Okay, based on your comment..you really need to set your post_params
setting to your current session so it can be sent when the flash post
to your controller, now in your case the best thing I could think of is the below:
Your externalUntouchableJsFile.js:
// JS scripts...
...
var swfu = new SWFUpload({
...
...
post_params: GLOBAL_VAR,
...
});
...
// rest of your JS
And in your PHP view and before loading this JS file have something like:
<script>
var GLOBAL_VAR = {};
<?php if(session_is_there) { ?>
GLOBAL_VAR = {"<?php echo $this->config->item('sess_cookie_name'); ?>" :"<?php echo $this->session->get_cookie_data(); ?>"}
<?php } ?>
</script>
<script type="text/javascript" src="<?php echo base_url() ?>path/to/js/externalUntouchableJsFile.js"></script>
EDIT 2: Since you are using an external js file, you may forget to define the global variable so use:
post_params: (typeof GLOBAL_VAR === 'undefined') ? {}:GLOBAL_VAR,
It bears mentioning that the Flash file should be served from the same domain as your CI site or one won't be able to read the other's cookies. Also make sure that the login cookie path is set to the root path. If SWFUpload can not read the login cookie, it can not send it either.
Flash has limited access to session cookies, as documented here in the SWFUpload forum. Is it possible that you've set the auto login to avoid setting an expiration (in config/tank_auth.php), thereby making it a session cookie? If that is the case, then the SWFUpload SWF may not be able to access or send the autologin cookie value, depending on the version of Flash player on the computer. Double-check your cookie expiration values using a debug tool like Firebug to see if this is the case. If the upload works when you check a "remember" me box but not otherwise, that would indicate a session cookie problem.
To force the SWF to pass the TankAuth cookie value on file uploads, you could first overload the cookie helper get_cookie function to look in either the $_COOKIE array or the $_POST array for values. Then, it appears that with SWFUpload v2 you can send additional POST values along with the upload, and this would be the way to send the autologin key, which would then allow your controller to get the user_id. But before hacking the Cookie helper, make sure your moving parts are working first, as described in the first paragraph.
I have managed to apply a rough fix for this by passing the logged user ID in the URL, and getting it from Javascript with URL functions. It's the best method I can rely to right now, it doesn't bother me too much that the user ID is visible because I'm using a managed iframe to display that specific part of the app and the app is for internal company use only.
Thanks for your answers.
精彩评论