Please select To the mobile version | Continue to access the desktop computer version
| |
| | |


 Forgot password?
View: 1433|Reply: 2
Collapse the left

Modify admin.php to prevent direct malicious access

[Copy link]
Post time: 2019-3-30 08:10
| Show all posts |Read mode
Open the admin.php file
  1. $discuz->init();
Copy the Code

Add the code below:
  1. if(!$_G['uid'] || !getstatus($_G['member']['allowadmincp'], 1)) {
  2.         header('Location: '.$_G['siteurl']);
  3. }
Copy the Code
After modification, those who do not have access to the back end, access to admin.php will automatically jump to the home page of the website, if the administrator wants to log in the back end, must first login in the front end, and then click the link to enter the back end!


Post time: 2019-3-31 17:46
| Show all posts
This hack was already published here 4 years before:
Post time: 2015-02-18 18:03

How to block non-admin direct access to admin.php page
Post time: 2019-5-17 04:46
| Show all posts
Very useful. Will try this solution. These malicious access is very annoying.
You have to log in before you can reply Login | Register

Points Rules

Archive|Mobile|Dark room|CodersClub  


2020-5-27 00:06 GMT+3 , Processed in 0.088884 sec., 9 queries .

Powered by Discuz! X3.4

Release 20170801, © 2001-2020 Comsenz Inc.

MultiLingual version, Rev. 710, © 2009-2020

Quick Reply To Top Return to the list