Image upload with Codeigniter, Redux and SWFUpload. "Not Authenticated" when browser uploads.

Question

I have an image upload form in a secured (with Redux) admin area of my website. When SWFAddress uploads it's not seen as logged in.

I created a multiple image upload form with SWFUpload and a back-end script with CodeIgniter. To cut a long painful story short - it all worked fine and dandy with the security turned off for testing purposes.

But when I turn the authentication back on, the uploader is getting my response "Not Authenticated" from the server? How can I make the form be authenticated?

He is my CI script:

<?php

class Api extends Controller {

 function Api() {
  parent::Controller();

  // Check authentication by turning the security on
  if ($this->redux_auth->logged_in()) 

  else {
   $this->_returnError('Not Authenticated');
   exit;
  }
 }

    function upload() {

        // ... i've shortened this bit ...
  if ( ! $this->upload->do_upload('Myfile'))
  {
   //echo "fail";
  } 
  else
  {
   //echo "success";
  }
 }

I'm really out of my depth here, as I don't really much about how communication is actually handled by the browser and the server. Any help will be appreciated?!

I tried adding to post_params: {"PHPSESSID" : "session->userdata('session_id'); ?>"}, To my instance os SWFObject. This didn't make and difference.

Answer 1

I can't get it to login by comparing the session ids. I've set up limited access to the upload script by comparing the upload IP with the users IP contained in the session. I am unsure of how safe this is.

• btw, for anyone reading. in research I found out doing the necessary edits to the mimes.php files for swfupload allows for the upload of .php files. see here: http://codeigniter.com/forums/viewthread/97399/P30/