Modify admin.php to prevent direct malicious access

roxmake · Post time: 2019-03-30 08:10

Open the admin.php file
find

$discuz->init();

Copy the Code

Add the code below:

if(!$_G['uid'] || !getstatus($_G['member']['allowadmincp'], 1)) {
header('Location: '.$_G['siteurl']);
}

Copy the Code

After modification, those who do not have access to the back end, access to admin.php will automatically jump to the home page of the website, if the administrator wants to log in the back end, must first login in the front end, and then click the link to enter the back end!

vot · Post time: 2019-03-31 17:46

This hack was already published here 4 years before:
Post time: 2015-02-18 18:03

How to block non-admin direct access to admin.php page

chrispeddler · Post time: 2019-05-17 04:46

Very useful. Will try this solution. These malicious access is very annoying.

Account		Remember me	Forgot password?
Password			Register