1 2014-04-24 17:19:24 (edited by hjet 2014-04-26 13:33:52)

Topic: Protect from direct access to the admin

open file admin/index.php
before that line

    // Display login template
    require 'themes'. DS . Option::get('theme_admin_name') . DS . 'login.template.php';

add this

    // new link to admin area - http://yoursite/admin/?test
    // sha1('test') = a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
    reset($_GET);
    $secretkey = 'test';
    if( !array_key_exists($secretkey, $_GET) && Cookie::get('key') != sha1($secretkey) && sha1(key($_GET)) != sha1($secretkey) ) {
        $end = explode('/',$_SERVER['REQUEST_URI']);
        $end = $end[array_pop(array_keys($end))];
        header('location: '.Option::get('siteurl').'аdmin/'.$end); // redirect to a nonexistent page (the first letter "а" in the word "аdmin" - on cyrillic), preserving all link parameters entered by the user
    }else{
        Cookie::set('key', sha1($secretkey), 600);
    }

Re: Protect from direct access to the admin

In English Please!

Site | GitHub | Create forums / solutions based on PunBB / Monstra / OGMA

Plug-ins are distributed Creative Commons Attribution-NonCommercial 4.0