Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

SWFUpload in restricted area


Go to End


3 Posts   2165 Views

Avatar
chluebke

Community Member, 2 Posts

14 July 2009 at 8:02am

Hi,

I'd like to use the SWFUpload module to upload multiple files for a limited group of users. I've set up a page type following the tutorial on http://doc.silverstripe.org/doku.php?id=modules:swfuploadfield. It works as long as the page is available for public. But if my upload page is in a restricted area (login required) the following message is displayed:

"Log in. That page is secured. Enter your credentials below and we will send you right along."

I tried to add the session id as a parameter ('upload_url' => 'handleswfupload?PHPSESSID=' . session_id()) - same error. Using a hidden form field (new HiddenField('PHPSESSID', '', session_id()) in the FieldSet) also fails.

Btw: I'm using Firefox 3.0.11, just tested in IE and it works (!) even w/o any tricks.

What can I do? Please don't ask me to use IE ;-)

Greetings from Germany,
Christian

Avatar
UncleCheese

Forum Moderator, 4102 Posts

14 July 2009 at 8:17am

Tricky. I'm not sure passing PHPSESSID in the url is enough to set the session. Is it? You may have to delete your session and create a new one based on that parameter. I'm not sure. You're on the right track, though.

Avatar
netminds

Community Member, 3 Posts

21 July 2009 at 9:38pm

Edited: 21/07/2009 9:38pm

Hello,

I am having the very same problem here with SeaMonkey and Safari (both on Windows Vista x64). Maybe the reason why it works in IE is a security hole in IE ;-)

So far I only found a dirty workaround for this problem. Duplicate your upload page. Change the URL so that it is hard to guess. Make it accessible to everyone and hide it from the menus and search. Then change the upload_url like this: SWFUploadConfig::set_var('upload_url', '/app/copy-of-my-upload-page/handleswfupload');

Hope this helps until we find a real solution :-)