CKFinder 3 - The file browser is disabled for security reasons

Question

I am quite new to CKFInder, and I received the error

The file browser is disabled for security reasons. Please contact your system administrator and check the CKFinder configuration file.

I had a look on site like the following:

http://ckeditor.com/forums/Support/file-browser-disabled-for-security-reasons.

http://ckeditor.com/forums/Support/File-browser-disabled

http://ckeditor.com/forums/Support/file-browser-disabled-for-security-reasons.

They all mention a function in the config.php file called checkAuthentication(), but I did a search through all the files and cannot fine the function.

All the other people with the same error on the forums use CKFinder 2, and I cannot find another person with the error using v3

I do believe its just something small that I am overlooking.

Thanx in advance

Answer 1

if you are using CKFinder 2.x for Asp.Net, the method you are looking for is CheckAuthentication which is in the config.ascx file located in the ckfinder root folder. Verify that the user is an authenticated user and then return true.

/**
 * This function must check the user session to be sure that he/she is
 * authorized to upload and access files using CKFinder.
 */
public override bool CheckAuthentication()
{
    // WARNING : DO NOT simply return "true". By doing so, you are allowing
    // "anyone" to upload and list the files in your server. You must implement
    // some kind of session validation here. Even something very simple as...
    //
    //      return ( Session[ "IsAuthorized" ] != null && (bool)Session[ "IsAuthorized" ] == true );
    //
    // ... where Session[ "IsAuthorized" ] is set to "true" as soon as the
    // user logs on your system.
    
    return ( Session[ "IsAdmin" ] != null && (bool)Session[ "IsAdmin" ] == true );
}

Answer 2

go to ckfinder/config.php

find the following line

$config['authentication'] = function () {
return false;

};

turn false to true here.

$config['authentication'] = function () {
return true;

};

Answer 3

Go to ckfinder folder, find config.php file, go to the below line,

$config['authentication'] = function () {
    return true;
};

And make sure it is return true not false.

Hope this helps you.

Answer 4

Since it's about PHP, nobody said anything about CKFinder for ASP.Net although it's almost the same as CKFinder for PHP, anyway if you are using CKFinder for ASP.Net, and you just downloaded it, you should look up for IsAuthenticated() method, in sample package offered in here, go to App_Code folder then open RoleBasedAuthenticator.cs file, make it return true instead of false temporarily:

private bool IsAuthenticated(string[] roles)
        {
            // Should always fail if matcher is empty.
            if (_allowedRoleMatcherTemplate == string.Empty)
            {
                return true;
            }
...

Answer 5

Returning true for authentication is obviously not secure. Please have a look here to see a few examples presenting how this option can be used.

Answer 6

After looking through the config.php file, I saw a config item $config['authentication']

After I set this to return true, I don't get the error anymore. But not sure if this is the safest/best way to resolve the matter