TinyMCE Image Manager authentication

For those that faced the same problem and didn’t find any docs here it is my solution.

Edit the login_session_auth.php (has described in their docs) and enter the following:


$yii = dirname(__FILE__).'/../../your/relative/path/to/framework/yii.php';

$config = dirname(__FILE__).'/../your/relative/path/to/protected/config/main.php';



if(!Yii::app()->user->isGuest) {

	$_SESSION['isLoggedIn'] = true;

	$_SESSION['imagemanager.filesystem.rootpath'] = '/your/path/to/images';



throw new CHttpException(401, 'Access denied');

That worked for me.

Good luck!

I’ve just had to do the same and your post was very helpful. Unfortunately, I had to do a bit more work because I’m using database sessions, so loading Yii was preventing me from setting a session variable that the image manager could read. The changes I made are below:

I updated the config to keep my TinyMCE related keys separate from the main application data.


	// SessionAuthenticator

	$mcImageManagerConfig['SessionAuthenticator.logged_in_key'] = "tinymce.isLoggedIn";

	$mcImageManagerConfig['SessionAuthenticator.groups_key'] = "tinymce.groups";

	$mcImageManagerConfig['SessionAuthenticator.user_key'] = "tinymce.user";

	$mcImageManagerConfig['SessionAuthenticator.path_key'] = "tinymce.path";

	$mcImageManagerConfig['SessionAuthenticator.rootpath_key'] = "tinymce.rootpath";

	$mcImageManagerConfig['SessionAuthenticator.config_prefix'] = "tinymce.imagemanager";

I replaced the full content of login_session_auth.php.



require_once(dirname(__FILE__) . '/../../../../../../loadYii.php');

if (!Yii::app()->user->isGuest)


	$_SESSION['tinymce.isLoggedIn'] = true;





	echo 'Your session has expired, please log in again.';


I updated the session authenticator class to start the session through Yii.


// The following code replaces the @session_start; line

require_once(dirname(__FILE__) . '/../../../../../../../../loadYii.php');


I created the loadYii.php file because the defines and paths are different on the live and test servers and I didn’t want to duplicate the logic each time I loaded the framework. It sets up the relevant defines and creates the web application, but doesn’t run it. It’s called in two places in the image manager, two places in the file manager and by the Yii site’s index file.