4
I've solved it. Now the editor will first check if you are a XOOPS admin, if yes it will let you manage images and upload.
Here's the solution:
Open class/xoopseditor/ckeditor/ckfinder/config.php
around line line 32 find:
le="color: #000000"><?php return false;
replace with:
le="color: #000000"><?php include_once "../../../../../../../mainfile.php"; $isadmin = ($xoopsUser && $xoopsUser->isAdmin()) ? 1 : 0; if ($isadmin===1) { return true; } else { return false; }
So the entire function should look like this:
le="color: #000000"><?php function CheckAuthentication() { //WARNING : DO NOT simply return "true". By doing so, you are allowing //"anyone" to upload and list the files in your server. You must implement //some kind of session validation here. Even something very simple as... // return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized']; //... where $_SESSION['IsAuthorized'] is set to "true" as soon as the //user logs in your system. include_once "../../../../../../../mainfile.php"; $isadmin = ($xoopsUser && $xoopsUser->isAdmin()) ? 1 : 0; if ($isadmin===1) { return true; } else { return false; } }