Full source code website bán hàng thương mại điện tử gần giống shopee
473.464 lượt xem;
- config.php
- ckfinder /
- filemanage /
- project /
1 <?php
2 session_start();
3 /*
4 * ### CKFinder : Configuration File - Basic Instructions
5 *
6 * In a generic usage case, the following tasks must be done to configure
7 * CKFinder:
8 * 1. Check the $baseUrl and $baseDir variables;
9 * 2. If available, paste your license key in the "LicenseKey" setting;
10 * 3. Create the CheckAuthentication() function that enables CKFinder for authenticated users;
11 *
12 * Other settings may be left with their default values, or used to control
13 * advanced features of CKFinder.
14 */
15
16 /**
17 * This function must check the user session to be sure that he/she is
18 * authorized to upload and access files in the File Browser.
19 *
20 * @return boolean
21 */
22 function CheckAuthentication()
23 {if(isset($_SESSION['log']))// v?i $_SESSION['admin_id'] dc luu sau khi login
24 // WARNING : DO NOT simply return "true". By doing so, you are allowing
25 // "anyone" to upload and list the files in your server. You must implement
26 // some kind of session validation here. Even something very simple as...
27
28 // return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized'];
29
30 // ... where $_SESSION['IsAuthorized'] is set to "true" as soon as the
31 // user logs in your system. To be able to use session variables don't
32 // forget to add session_start() at the top of this file.
33
34 return true;
35 }
36
37 // LicenseKey : Paste your license key here. If left blank, CKFinder will be
38 // fully functional, in demo mode.
39 $config['LicenseName'] = '';
40 $config['LicenseKey'] = '';
41
42 /*
43 Uncomment lines below to enable PHP error reporting and displaying PHP errors.
44 Do not do this on a production server. Might be helpful when debugging why CKFinder does not work as expected.
45 */
46 // error_reporting(E_ALL);
47 // ini_set('display_errors', 1);
48
49 /*
50 To make it easy to configure CKFinder, the $baseUrl and $baseDir can be used.
51 Those are helper variables used later in this config file.
52 */
53
54 /*
55 $baseUrl : the base path used to build the final URL for the resources handled
56 in CKFinder. If empty, the default value (/userfiles/) is used.
57
58 Examples:
59 $baseUrl = 'http://example.com/ckfinder/files/';
60 $baseUrl = '/userfiles/';
61
62 ATTENTION: The trailing slash is required.
63 */
64 $baseUrl = '/thanhvien/'.$_SESSION['log'].'/';
65
66 /*
67 $baseDir : the path to the local directory (in the server) which points to the
68 above $baseUrl URL. This is the path used by CKFinder to handle the files in
69 the server. Full write permissions must be granted to this directory.
70
71 Examples:
72 // You may point it to a directory directly:
73 $baseDir = '/home/login/public_html/ckfinder/files/';
74 $baseDir = 'C:/SiteDir/CKFinder/userfiles/';
75
76 // Or you may let CKFinder discover the path, based on $baseUrl.
77 // WARNING: resolveUrl() *will not work* if $baseUrl does not start with a slash ("/"),
78 // for example if $baseDir is set to http://example.com/ckfinder/files/
79 $baseDir = resolveUrl($baseUrl);
80
81 ATTENTION: The trailing slash is required.
82 */
83 $baseDir = resolveUrl($baseUrl);
84
85 /*
86 * ### Advanced Settings
87 */
88
89 /*
90 Thumbnails : thumbnails settings. All thumbnails will end up in the same
91 directory, no matter the resource type.
92 */
93 $config['Thumbnails'] = Array(
94 'url' => $baseUrl . '_thumbs',
95 'directory' => $baseDir . '_thumbs',
96 'enabled' => true,
97 'directAccess' => false,
98 'maxWidth' => 100,
99 'maxHeight' => 100,
100 'bmpSupported' => false,
101 'quality' => 80);
102
103 /*
104 Set the maximum size of uploaded images. If an uploaded image is larger, it
105 gets scaled down proportionally. Set to 0 to disable this feature.
106 */
107 $config['Images'] = Array(
108 'maxWidth' => 1000,
109 'maxHeight' => 800,
110 'quality' => 80);
111
112 /*
113 RoleSessionVar : the session variable name that CKFinder must use to retrieve
114 the "role" of the current user. The "role", can be used in the "AccessControl"
115 settings (bellow in this page).
116
117 To be able to use this feature, you must initialize the session data by
118 uncommenting the following "session_start()" call.
119 */
120 $config['RoleSessionVar'] = 'CKFinder_UserRole';
121 //session_start();
122
123 /*
124 AccessControl : used to restrict access or features to specific folders.
125
126 Many "AccessControl" entries can be added. All attributes are optional.
127 Subfolders inherit their default settings from their parents' definitions.
128
129 - The "role" attribute accepts the special '*' value, which means
130 "everybody".
131 - The "resourceType" attribute accepts the special value '*', which
132 means "all resource types".
133 */
134
135 $config['AccessControl'][] = Array(
136 'role' => '*',
137 'resourceType' => '*',
138 'folder' => '/',
139
140 'folderView' => true,
141 'folderCreate' => true,
142 'folderRename' => true,
143 'folderDelete' => true,
144
145 'fileView' => true,
146 'fileUpload' => true,
147 'fileRename' => true,
148 'fileDelete' => true);
149
150 /*
151 For example, if you want to restrict the upload, rename or delete of files in
152 the "Logos" folder of the resource type "Images", you may uncomment the
153 following definition, leaving the above one:
154
155 $config['AccessControl'][] = Array(
156 'role' => '*',
157 'resourceType' => 'Images',
158 'folder' => '/Logos',
159
160 'folderView' => true,
161 'folderCreate' => true,
162 'folderRename' => true,
163 'folderDelete' => true,
164
165 'fileView' => true,
166 'fileUpload' => false,
167 'fileRename' => false,
168 'fileDelete' => false);
169 */
170
171 /*
172 ResourceType : defines the "resource types" handled in CKFinder. A resource
173 type is nothing more than a way to group files under different paths, each one
174 having different configuration settings.
175
176 Each resource type name must be unique.
177
178 When loading CKFinder, the "type" querystring parameter can be used to display
179 a specific type only. If "type" is omitted in the URL, the
180 "DefaultResourceTypes" settings is used (may contain the resource type names
181 separated by a comma). If left empty, all types are loaded.
182
183 maxSize is defined in bytes, but shorthand notation may be also used.
184 Available options are: G, M, K (case insensitive).
185 1M equals 1048576 bytes (one Megabyte), 1K equals 1024 bytes (one Kilobyte), 1G equals one Gigabyte.
186 Example: 'maxSize' => "8M",
187
188 ==============================================================================
189 ATTENTION: Flash files with `swf' extension, just like HTML files, can be used
190 to execute JavaScript code and to e.g. perform an XSS attack. Grant permission
191 to upload `.swf` files only if you understand and can accept this risk.
192 ==============================================================================
193 */
194 $config['DefaultResourceTypes'] = '';
195
196 //$config['ResourceType'][] = Array(
197 //'name' => 'Files', // Single quotes not allowed
198 //'url' => $baseUrl . 'files',
199 //'directory' => $baseDir . 'files',
200 //'maxSize' => 0,
201 //'allowedExtensions' => '7z,aiff,asf,avi,bmp,csv,doc,docx,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png,ppt,pptx,pxd,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,sitd,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xlsx,zip',
202 //'deniedExtensions' => '');
203
204 $config['ResourceType'][] = Array(
205 'name' => 'Images',
206 'url' => $baseUrl . 'images',
207 'directory' => $baseDir . 'images',
208 'maxSize' => 0,
209 'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
210 'deniedExtensions' => '');
211 //$config['ResourceType'][] = Array(
212 //'name' => '_thumbs',
213 //'url' => $baseUrl . '_thumbs',
214 //'directory' => $baseDir . '_thumbs',
215 //'maxSize' => 0,
216 //'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
217 //'deniedExtensions' => '');
218 //$config['ResourceType'][] = Array(
219 //'name' => 'banner',
220 //'url' => $baseUrl . 'banner',
221 //'directory' => $baseDir . 'banner',///
222 // 'maxSize' => 0,
223 //'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
224 //'deniedExtensions' => '');
225 //$config['ResourceType'][] = Array(
226 //'name' => 'link',
227 //'url' => $baseUrl . 'link',
228 //'directory' => $baseDir . 'link',
229 //'maxSize' => 0,
230 //'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
231 //'deniedExtensions' => '');
232 //$config['ResourceType'][] = Array(
233 //'name' => 'news',
234 //'url' => $baseUrl . 'news',
235 //'directory' => $baseDir . 'news',
236 //'maxSize' => 0,
237 //'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
238 //'deniedExtensions' => '');
239 //$config['ResourceType'][] = Array(
240 //'name' => 'slider',
241 //'url' => $baseUrl . 'slider',
242 //'directory' => $baseDir . 'slider',
243 //'maxSize' => 0,
244 //'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
245 //'deniedExtensions' => '');
246 $config['ResourceType'][] = Array(
247 'name' => 'products',
248 'url' => $baseUrl . 'products',
249 'directory' => $baseDir . 'products',
250 'maxSize' => 0,
251 'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
252 'deniedExtensions' => '');
253
254 //$config['ResourceType'][] = Array(
255 // 'name' => 'Flash',
256 // 'url' => $baseUrl . 'flash',
257 // 'directory' => $baseDir . 'flash',
258 //'maxSize' => 0,
259 //'allowedExtensions' => 'swf,flv',
260 //'deniedExtensions' => '');
261
262 /*
263 Due to security issues with Apache modules, it is recommended to leave the
264 following setting enabled.
265
266 How does it work? Suppose the following:
267
268 - If "php" is on the denied extensions list, a file named foo.php cannot be
269 uploaded.
270 - If "rar" (or any other) extension is allowed, one can upload a file named
271 foo.rar.
272 - The file foo.php.rar has "rar" extension so, in theory, it can be also
273 uploaded.
274
275 In some conditions Apache can treat the foo.php.rar file just like any PHP
276 script and execute it.
277
278 If CheckDoubleExtension is enabled, each part of the file name after a dot is
279 checked, not only the last part. In this way, uploading foo.php.rar would be
280 denied, because "php" is on the denied extensions list.
281 */
282 $config['CheckDoubleExtension'] = true;
283
284 /*
285 Increases the security on an IIS web server.
286 If enabled, CKFinder will disallow creating folders and uploading files whose names contain characters
287 that are not safe under an IIS web server.
288 */
289 $config['DisallowUnsafeCharacters'] = false;
290
291 /*
292 If you have iconv enabled (visit http://php.net/iconv for more information),
293 you can use this directive to specify the encoding of file names in your
294 system. Acceptable values can be found at:
295 http://www.gnu.org/software/libiconv/
296
297 Examples:
298 $config['FilesystemEncoding'] = 'CP1250';
299 $config['FilesystemEncoding'] = 'ISO-8859-2';
300 */
301 $config['FilesystemEncoding'] = 'UTF-8';
302
303 /*
304 Perform additional checks for image files
305 if set to true, validate image size
306 */
307 $config['SecureImageUploads'] = true;
308
309 /*
310 Indicates that the file size (maxSize) for images must be checked only
311 after scaling them. Otherwise, it is checked right after uploading.
312 */
313 $config['CheckSizeAfterScaling'] = true;
314
315 /*
316 For security, HTML is allowed in the first Kb of data for files having the
317 following extensions only.
318 */
319 $config['HtmlExtensions'] = array('html', 'htm', 'xml', 'js');
320
321 /*
322 Folders to not display in CKFinder, no matter their location.
323 No paths are accepted, only the folder name.
324 The * and ? wildcards are accepted.
325 ".*" disallows the creation of folders starting with a dot character.
326 */
327 $config['HideFolders'] = Array(".*", "CVS");
328
329 /*
330 Files to not display in CKFinder, no matter their location.
331 No paths are accepted, only the file name, including extension.
332 The * and ? wildcards are accepted.
333 */
334 $config['HideFiles'] = Array(".*");
335
336 /*
337 After file is uploaded, sometimes it is required to change its permissions
338 so that it was possible to access it at the later time.
339 If possible, it is recommended to set more restrictive permissions, like 0755.
340 Set to 0 to disable this feature.
341 Note: not needed on Windows-based servers.
342 */
343 $config['ChmodFiles'] = 0777 ;
344
345 /*
346 See comments above.
347 Used when creating folders that does not exist.
348 */
349 $config['ChmodFolders'] = 0755 ;
350
351 /*
352 Force ASCII names for files and folders.
353 If enabled, characters with diactric marks, like å, ä, ö, ć, č, đ, š
354 will be automatically converted to ASCII letters.
355 */
356 $config['ForceAscii'] = false;
357
358 /*
359 Send files using X-Sendfile module
360 Mod X-Sendfile (or similar) is avalible on Apache2, Nginx, Cherokee, Lighttpd
361
362 Enabling X-Sendfile option can potentially cause security issue.
363 - server path to the file may be send to the browser with X-Sendfile header
364 - if server is not configured properly files will be send with 0 length
365
366 For more complex configuration options visit our Developer's Guide
367 http://docs.cksource.com/CKFinder_2.x/Developers_Guide/PHP
368 */
369 $config['XSendfile'] = false;
370
371 /*
372 Enables protection in the connector.
373 The default CSRF protection mechanism is based on double submit cookies, where
374 connector checks if the request contains a valid token that matches the token
375 sent in the cookie
376
377 https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies
378 */
379 $config['EnableCsrfProtection'] = true;
380
381
382 include_once "plugins/imageresize/plugin.php";
383 include_once "plugins/fileeditor/plugin.php";
384 //include_once "plugins/zip/plugin.php";
385
386 $config['plugin_imageresize']['smallThumb'] = '90x90';
387 $config['plugin_imageresize']['mediumThumb'] = '120x120';
388 $config['plugin_imageresize']['largeThumb'] = '180x180';
2 session_start();
3 /*
4 * ### CKFinder : Configuration File - Basic Instructions
5 *
6 * In a generic usage case, the following tasks must be done to configure
7 * CKFinder:
8 * 1. Check the $baseUrl and $baseDir variables;
9 * 2. If available, paste your license key in the "LicenseKey" setting;
10 * 3. Create the CheckAuthentication() function that enables CKFinder for authenticated users;
11 *
12 * Other settings may be left with their default values, or used to control
13 * advanced features of CKFinder.
14 */
15
16 /**
17 * This function must check the user session to be sure that he/she is
18 * authorized to upload and access files in the File Browser.
19 *
20 * @return boolean
21 */
22 function CheckAuthentication()
23 {if(isset($_SESSION['log']))// v?i $_SESSION['admin_id'] dc luu sau khi login
24 // WARNING : DO NOT simply return "true". By doing so, you are allowing
25 // "anyone" to upload and list the files in your server. You must implement
26 // some kind of session validation here. Even something very simple as...
27
28 // return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized'];
29
30 // ... where $_SESSION['IsAuthorized'] is set to "true" as soon as the
31 // user logs in your system. To be able to use session variables don't
32 // forget to add session_start() at the top of this file.
33
34 return true;
35 }
36
37 // LicenseKey : Paste your license key here. If left blank, CKFinder will be
38 // fully functional, in demo mode.
39 $config['LicenseName'] = '';
40 $config['LicenseKey'] = '';
41
42 /*
43 Uncomment lines below to enable PHP error reporting and displaying PHP errors.
44 Do not do this on a production server. Might be helpful when debugging why CKFinder does not work as expected.
45 */
46 // error_reporting(E_ALL);
47 // ini_set('display_errors', 1);
48
49 /*
50 To make it easy to configure CKFinder, the $baseUrl and $baseDir can be used.
51 Those are helper variables used later in this config file.
52 */
53
54 /*
55 $baseUrl : the base path used to build the final URL for the resources handled
56 in CKFinder. If empty, the default value (/userfiles/) is used.
57
58 Examples:
59 $baseUrl = 'http://example.com/ckfinder/files/';
60 $baseUrl = '/userfiles/';
61
62 ATTENTION: The trailing slash is required.
63 */
64 $baseUrl = '/thanhvien/'.$_SESSION['log'].'/';
65
66 /*
67 $baseDir : the path to the local directory (in the server) which points to the
68 above $baseUrl URL. This is the path used by CKFinder to handle the files in
69 the server. Full write permissions must be granted to this directory.
70
71 Examples:
72 // You may point it to a directory directly:
73 $baseDir = '/home/login/public_html/ckfinder/files/';
74 $baseDir = 'C:/SiteDir/CKFinder/userfiles/';
75
76 // Or you may let CKFinder discover the path, based on $baseUrl.
77 // WARNING: resolveUrl() *will not work* if $baseUrl does not start with a slash ("/"),
78 // for example if $baseDir is set to http://example.com/ckfinder/files/
79 $baseDir = resolveUrl($baseUrl);
80
81 ATTENTION: The trailing slash is required.
82 */
83 $baseDir = resolveUrl($baseUrl);
84
85 /*
86 * ### Advanced Settings
87 */
88
89 /*
90 Thumbnails : thumbnails settings. All thumbnails will end up in the same
91 directory, no matter the resource type.
92 */
93 $config['Thumbnails'] = Array(
94 'url' => $baseUrl . '_thumbs',
95 'directory' => $baseDir . '_thumbs',
96 'enabled' => true,
97 'directAccess' => false,
98 'maxWidth' => 100,
99 'maxHeight' => 100,
100 'bmpSupported' => false,
101 'quality' => 80);
102
103 /*
104 Set the maximum size of uploaded images. If an uploaded image is larger, it
105 gets scaled down proportionally. Set to 0 to disable this feature.
106 */
107 $config['Images'] = Array(
108 'maxWidth' => 1000,
109 'maxHeight' => 800,
110 'quality' => 80);
111
112 /*
113 RoleSessionVar : the session variable name that CKFinder must use to retrieve
114 the "role" of the current user. The "role", can be used in the "AccessControl"
115 settings (bellow in this page).
116
117 To be able to use this feature, you must initialize the session data by
118 uncommenting the following "session_start()" call.
119 */
120 $config['RoleSessionVar'] = 'CKFinder_UserRole';
121 //session_start();
122
123 /*
124 AccessControl : used to restrict access or features to specific folders.
125
126 Many "AccessControl" entries can be added. All attributes are optional.
127 Subfolders inherit their default settings from their parents' definitions.
128
129 - The "role" attribute accepts the special '*' value, which means
130 "everybody".
131 - The "resourceType" attribute accepts the special value '*', which
132 means "all resource types".
133 */
134
135 $config['AccessControl'][] = Array(
136 'role' => '*',
137 'resourceType' => '*',
138 'folder' => '/',
139
140 'folderView' => true,
141 'folderCreate' => true,
142 'folderRename' => true,
143 'folderDelete' => true,
144
145 'fileView' => true,
146 'fileUpload' => true,
147 'fileRename' => true,
148 'fileDelete' => true);
149
150 /*
151 For example, if you want to restrict the upload, rename or delete of files in
152 the "Logos" folder of the resource type "Images", you may uncomment the
153 following definition, leaving the above one:
154
155 $config['AccessControl'][] = Array(
156 'role' => '*',
157 'resourceType' => 'Images',
158 'folder' => '/Logos',
159
160 'folderView' => true,
161 'folderCreate' => true,
162 'folderRename' => true,
163 'folderDelete' => true,
164
165 'fileView' => true,
166 'fileUpload' => false,
167 'fileRename' => false,
168 'fileDelete' => false);
169 */
170
171 /*
172 ResourceType : defines the "resource types" handled in CKFinder. A resource
173 type is nothing more than a way to group files under different paths, each one
174 having different configuration settings.
175
176 Each resource type name must be unique.
177
178 When loading CKFinder, the "type" querystring parameter can be used to display
179 a specific type only. If "type" is omitted in the URL, the
180 "DefaultResourceTypes" settings is used (may contain the resource type names
181 separated by a comma). If left empty, all types are loaded.
182
183 maxSize is defined in bytes, but shorthand notation may be also used.
184 Available options are: G, M, K (case insensitive).
185 1M equals 1048576 bytes (one Megabyte), 1K equals 1024 bytes (one Kilobyte), 1G equals one Gigabyte.
186 Example: 'maxSize' => "8M",
187
188 ==============================================================================
189 ATTENTION: Flash files with `swf' extension, just like HTML files, can be used
190 to execute JavaScript code and to e.g. perform an XSS attack. Grant permission
191 to upload `.swf` files only if you understand and can accept this risk.
192 ==============================================================================
193 */
194 $config['DefaultResourceTypes'] = '';
195
196 //$config['ResourceType'][] = Array(
197 //'name' => 'Files', // Single quotes not allowed
198 //'url' => $baseUrl . 'files',
199 //'directory' => $baseDir . 'files',
200 //'maxSize' => 0,
201 //'allowedExtensions' => '7z,aiff,asf,avi,bmp,csv,doc,docx,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png,ppt,pptx,pxd,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,sitd,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xlsx,zip',
202 //'deniedExtensions' => '');
203
204 $config['ResourceType'][] = Array(
205 'name' => 'Images',
206 'url' => $baseUrl . 'images',
207 'directory' => $baseDir . 'images',
208 'maxSize' => 0,
209 'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
210 'deniedExtensions' => '');
211 //$config['ResourceType'][] = Array(
212 //'name' => '_thumbs',
213 //'url' => $baseUrl . '_thumbs',
214 //'directory' => $baseDir . '_thumbs',
215 //'maxSize' => 0,
216 //'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
217 //'deniedExtensions' => '');
218 //$config['ResourceType'][] = Array(
219 //'name' => 'banner',
220 //'url' => $baseUrl . 'banner',
221 //'directory' => $baseDir . 'banner',///
222 // 'maxSize' => 0,
223 //'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
224 //'deniedExtensions' => '');
225 //$config['ResourceType'][] = Array(
226 //'name' => 'link',
227 //'url' => $baseUrl . 'link',
228 //'directory' => $baseDir . 'link',
229 //'maxSize' => 0,
230 //'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
231 //'deniedExtensions' => '');
232 //$config['ResourceType'][] = Array(
233 //'name' => 'news',
234 //'url' => $baseUrl . 'news',
235 //'directory' => $baseDir . 'news',
236 //'maxSize' => 0,
237 //'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
238 //'deniedExtensions' => '');
239 //$config['ResourceType'][] = Array(
240 //'name' => 'slider',
241 //'url' => $baseUrl . 'slider',
242 //'directory' => $baseDir . 'slider',
243 //'maxSize' => 0,
244 //'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
245 //'deniedExtensions' => '');
246 $config['ResourceType'][] = Array(
247 'name' => 'products',
248 'url' => $baseUrl . 'products',
249 'directory' => $baseDir . 'products',
250 'maxSize' => 0,
251 'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
252 'deniedExtensions' => '');
253
254 //$config['ResourceType'][] = Array(
255 // 'name' => 'Flash',
256 // 'url' => $baseUrl . 'flash',
257 // 'directory' => $baseDir . 'flash',
258 //'maxSize' => 0,
259 //'allowedExtensions' => 'swf,flv',
260 //'deniedExtensions' => '');
261
262 /*
263 Due to security issues with Apache modules, it is recommended to leave the
264 following setting enabled.
265
266 How does it work? Suppose the following:
267
268 - If "php" is on the denied extensions list, a file named foo.php cannot be
269 uploaded.
270 - If "rar" (or any other) extension is allowed, one can upload a file named
271 foo.rar.
272 - The file foo.php.rar has "rar" extension so, in theory, it can be also
273 uploaded.
274
275 In some conditions Apache can treat the foo.php.rar file just like any PHP
276 script and execute it.
277
278 If CheckDoubleExtension is enabled, each part of the file name after a dot is
279 checked, not only the last part. In this way, uploading foo.php.rar would be
280 denied, because "php" is on the denied extensions list.
281 */
282 $config['CheckDoubleExtension'] = true;
283
284 /*
285 Increases the security on an IIS web server.
286 If enabled, CKFinder will disallow creating folders and uploading files whose names contain characters
287 that are not safe under an IIS web server.
288 */
289 $config['DisallowUnsafeCharacters'] = false;
290
291 /*
292 If you have iconv enabled (visit http://php.net/iconv for more information),
293 you can use this directive to specify the encoding of file names in your
294 system. Acceptable values can be found at:
295 http://www.gnu.org/software/libiconv/
296
297 Examples:
298 $config['FilesystemEncoding'] = 'CP1250';
299 $config['FilesystemEncoding'] = 'ISO-8859-2';
300 */
301 $config['FilesystemEncoding'] = 'UTF-8';
302
303 /*
304 Perform additional checks for image files
305 if set to true, validate image size
306 */
307 $config['SecureImageUploads'] = true;
308
309 /*
310 Indicates that the file size (maxSize) for images must be checked only
311 after scaling them. Otherwise, it is checked right after uploading.
312 */
313 $config['CheckSizeAfterScaling'] = true;
314
315 /*
316 For security, HTML is allowed in the first Kb of data for files having the
317 following extensions only.
318 */
319 $config['HtmlExtensions'] = array('html', 'htm', 'xml', 'js');
320
321 /*
322 Folders to not display in CKFinder, no matter their location.
323 No paths are accepted, only the folder name.
324 The * and ? wildcards are accepted.
325 ".*" disallows the creation of folders starting with a dot character.
326 */
327 $config['HideFolders'] = Array(".*", "CVS");
328
329 /*
330 Files to not display in CKFinder, no matter their location.
331 No paths are accepted, only the file name, including extension.
332 The * and ? wildcards are accepted.
333 */
334 $config['HideFiles'] = Array(".*");
335
336 /*
337 After file is uploaded, sometimes it is required to change its permissions
338 so that it was possible to access it at the later time.
339 If possible, it is recommended to set more restrictive permissions, like 0755.
340 Set to 0 to disable this feature.
341 Note: not needed on Windows-based servers.
342 */
343 $config['ChmodFiles'] = 0777 ;
344
345 /*
346 See comments above.
347 Used when creating folders that does not exist.
348 */
349 $config['ChmodFolders'] = 0755 ;
350
351 /*
352 Force ASCII names for files and folders.
353 If enabled, characters with diactric marks, like å, ä, ö, ć, č, đ, š
354 will be automatically converted to ASCII letters.
355 */
356 $config['ForceAscii'] = false;
357
358 /*
359 Send files using X-Sendfile module
360 Mod X-Sendfile (or similar) is avalible on Apache2, Nginx, Cherokee, Lighttpd
361
362 Enabling X-Sendfile option can potentially cause security issue.
363 - server path to the file may be send to the browser with X-Sendfile header
364 - if server is not configured properly files will be send with 0 length
365
366 For more complex configuration options visit our Developer's Guide
367 http://docs.cksource.com/CKFinder_2.x/Developers_Guide/PHP
368 */
369 $config['XSendfile'] = false;
370
371 /*
372 Enables protection in the connector.
373 The default CSRF protection mechanism is based on double submit cookies, where
374 connector checks if the request contains a valid token that matches the token
375 sent in the cookie
376
377 https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies
378 */
379 $config['EnableCsrfProtection'] = true;
380
381
382 include_once "plugins/imageresize/plugin.php";
383 include_once "plugins/fileeditor/plugin.php";
384 //include_once "plugins/zip/plugin.php";
385
386 $config['plugin_imageresize']['smallThumb'] = '90x90';
387 $config['plugin_imageresize']['mediumThumb'] = '120x120';
388 $config['plugin_imageresize']['largeThumb'] = '180x180';
