MyBB Community Forums

MyBB Community Forums > Resources > Tutorials > Protect admincp with session
Full Version: Protect admincp with session
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

sanvu88

2015-04-15, 03:05 PM
* Create one folder with any name

example: abc

* Create index.php file in that directory with the content:

<?php
$mybbvietnamdotcom_cookie_code="1234567890";
setcookie("mybbvietnamdotcom",$mybbvietnamdotcom_cookie_code,0,"/");
header("Location: /admin/index.php"); 
?>


* add to .htaccess


RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{HTTP_COOKIE} !mybbvietnamdotcom=1234567890
RewriteRule .* - [L,F]


* Replace 1234567890 with any sequence

Note:

* If direct access http://domain/admin will be 403

* Now they just want to run admincp link below to create session: http://domain/abc


sorry, my english is very bad

Jordan F.

2015-06-08, 02:50 PM
The random directory and PHP file aren't needed to be honest, you can set the cookie yourself through a browser extension like EditThisCookie for Chrome - this is even more secure I suppose seeing as no-one will know which cookie value the admin requires, whereas with your method a user could potentially find the random directory.

Effective tutorial though! Smile
MyBB Community Forums > Resources > Tutorials > Protect admincp with session