Please select To the mobile version | Continue to access the desktop computer version
| |
| | |

CodersClub

 Forgot password?
 Register
Search
View: 325|Reply: 2
Collapse the left

Modify admin.php to prevent direct malicious access

[Copy link]
Post time: 2019-3-30 08:10
| Show all posts |Read mode
Open the admin.php file
find
  1. $discuz->init();
Copy the Code

Add the code below:
  1. if(!$_G['uid'] || !getstatus($_G['member']['allowadmincp'], 1)) {
  2.         header('Location: '.$_G['siteurl']);
  3. }
Copy the Code
After modification, those who do not have access to the back end, access to admin.php will automatically jump to the home page of the website, if the administrator wants to log in the back end, must first login in the front end, and then click the link to enter the back end!

 Russia

Post time: 2019-3-31 17:46
| Show all posts
This hack was already published here 4 years before:
Post time: 2015-02-18 18:03

How to block non-admin direct access to admin.php page
Post time: 2019-5-17 04:46
| Show all posts
Very useful. Will try this solution. These malicious access is very annoying.
You have to log in before you can reply Login | Register

Points Rules

Archive|Mobile|Dark room|CodersClub  

2019-6-19 14:49 GMT+3 , Processed in 0.084457 sec., 10 queries .

Powered by Discuz! X3.4

Release 20170801, © 2001-2019 Comsenz Inc.

MultiLingual version, Rev. 710, © 2009-2019 codersclub.org

Quick Reply To Top Return to the list