Security

Built-in User/Pass Authentication

KFM has a very simple user/pass built-in authentication (in versions>0.8.2).

To activate this security, you need to edit configuration.php and create two variables, $kfm_username and $kfm_password. If those variables are given values (say, "admin", and "adminpass"), then KFM will request the user/pass combination before allowing a user to access the main window.

Using Your CMS's Authentication

If you are using a CMS, then you may not want to have to log in twice. In this case, you can use the api/ directory to override the KFM authentication. Here is an example of how I did it for my own CMS (overwriting api/config.php):

<?
include_once($_SERVER['DOCUMENT_ROOT'].'/common/config.php');
if(($_SERVER['PHP_SELF']!='/j/fckeditor/editor/plugins/kfm/get.php') && (!isset($_SESSION['admin'])||$_SESSION['admin']=='')){
    echo 'access denied!';
    exit;
}
$kfm_db_name=$GLOBALS['db_name'];
$kfm_db_username=$GLOBALS['db_username'];
$kfm_db_password=$GLOBALS['db_password'];
$kfm_userfiles='/f/';
$kfm_userfiles_output='get.php';
$kfm_theme='webworks';
?>

In the above, it is assumed that $_SERVER['DOCUMENT_ROOT'].'/common/config.php' carries out the authentication necessary, and all that is needed then is to check that the session variable $_SESSION['admin'] has been set by that authentication procedure.

this project maintained by
Kae Verens
net applications developer for
webworks.ie