403 Forbidden Uploading Image

[jamboljack]

I uploaded web in other domain it's work uploading image, but i have another domain it's does'nt work.

A message in console : POST http://langgardalem.id/assets/filemanager/connectors/php/filemanager.php 403 (Forbidden)

I set file permission folder to 755

[simogeo]

Be sure the auth() method in config file returns true.

[jamboljack]

Where is the location of file ??

[jamboljack]

Oh,, I see,, wait

[jamboljack]

<?php /**

• Filemanager PHP connector
• This file should at least declare auth() function
• and instantiate the Filemanager as '$fm'
• IMPORTANT : by default Read and Write access is granted to everyone
• Copy/paste this file to 'user.config.php' file to implement your own auth() function
• to grant access to wanted users only
• filemanager.php
• use for ckeditor filemanager
• @license MIT License
• @author Simon Georget <simon (at) linea21 (dot) com>
• @copyright Authors */

ob_start(); include('../../../../index.php'); ob_end_clean();

$CI =& get_instance(); $CI->load->driver('session');

$session = @$_SESSION['logged_in_langgardalem'];

if($session == TRUE) { $codeigniterAuth = true; } else { $codeigniterAuth = false; }

/**

• Check if user is authorized
• @return boolean true if access granted, false if no access */ function auth() { // You can insert your own code over here to check if the user is authorized. // If you use a session variable, you've got to start the session first (session_start()) return $GLOBALS['codeigniterAuth']; } // we instantiate the Filemanager $fm = new Filemanager(); ?>

[jamboljack]

[simogeo]

I guess session_start() is missing

[jamboljack]

I activate CSRF protection on config CI, each Form have script like this : <input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>">

If i deactivate that fiture, it's success. But how set the filemanager with CSRF Protection ? where i must set the token ??

[simogeo]

it is not implemented