Please select To the mobile version | Continue to access the desktop computer version
| |
| | |

CodersClub

 Forgot password?
 Register
Search
View: 3698|Reply: 1
Collapse the left

How to block non-admin direct access to admin.php page

  [Copy link]

 Switzerland

Post time: 2015-2-18 18:03
| Show all posts |Read mode
Edited by Mourad at 2015-2-18 16:02

As we know Discuz default configurations allow anyone to access the admin page by directly accesing that url www.example.com/admin.php

So to prevent non-admin to direct access the admin page just open "admin.php" with a text editor and search for:" $discuz->init(); "

Newline, and just add the following code:

if(!$_G['uid'] || !getstatus($_G['member']['allowadmincp'], 1)) {
header('Location: /');
}



then save the file that all.

Now if non-admin try to access the admin page they will be redirected to the home page, and if you would redirect them to any other page (like a  external page or a fake admin page) just change the slash " / " by your link.


ps: if anyone know how to apply this toturial to the uc_server admin page :
www.example.com/uc_server/admin.php
don't hesitate to share that with us thanks.

This post contains more resources

You have to Login for download or view attachment(s). No Account? Register

x

Rate

Number of participants 1Rating +1 Collapse Reason
vot + 1 Usefull

View Rating Log

 United States

Post time: 2018-6-14 18:41
| Show all posts
I usually remove the /yoursite/admin.php and /yoursite/uc_server/admin.php files from my server and upload them only when I need to access.


Your tip for /yoursite/admin.php is also a great idea.


Thank you!


You have to log in before you can reply Login | Register

Points Rules

Archive|Mobile|Dark room|CodersClub  

2018-8-15 08:14 GMT+3 , Processed in 0.094409 sec., 13 queries .

Powered by Discuz! X3.4

Release 20170801, © 2001-2018 Comsenz Inc.

MultiLingual version, Rev. 710, © 2009-2018 codersclub.org

Quick Reply To Top Return to the list