How to block non-admin direct access to admin.php page

Mourad · Post time: 2015-02-18 18:03

Edited by Mourad at 2015-2-18 16:02

As we know Discuz default configurations allow anyone to access the admin page by directly accesing that url www.example.com/admin.php

So to prevent non-admin to direct access the admin page just open "admin.php" with a text editor and search for:" $discuz->init(); "

Newline, and just add the following code:

if(!$_G['uid'] || !getstatus($_G['member']['allowadmincp'], 1)) {
header('Location: /');
}

then save the file that all.

Now if non-admin try to access the admin page they will be redirected to the home page, and if you would redirect them to any other page (like a external page or a fake admin page) just change the slash " / " by your link.

ps: if anyone know how to apply this toturial to the uc_server admin page :
www.example.com/uc_server/admin.php
don't hesitate to share that with us thanks.

evanhenry · Post time: 2018-06-14 18:41

I usually remove the /yoursite/admin.php and /yoursite/uc_server/admin.php files from my server and upload them only when I need to access.

Your tip for /yoursite/admin.php is also a great idea.

Thank you!

Account		Remember me	Forgot password?
Password			Register

How to block non-admin direct access to admin.php page

This post contains more resources

Rate