MyBB Community Forums
[For 1.8] Protect admincp with session - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Resources (https://community.mybb.com/forum-8.html)
+--- Forum: Tutorials (https://community.mybb.com/forum-38.html)
+--- Thread: [For 1.8] Protect admincp with session (/thread-169717.html)



Protect admincp with session - sanvu88 - 2015-04-15

* Create one folder with any name

example: abc

* Create index.php file in that directory with the content:

<?php
$mybbvietnamdotcom_cookie_code="1234567890";
setcookie("mybbvietnamdotcom",$mybbvietnamdotcom_cookie_code,0,"/");
header("Location: /admin/index.php"); 
?>


* add to .htaccess


RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{HTTP_COOKIE} !mybbvietnamdotcom=1234567890
RewriteRule .* - [L,F]


* Replace 1234567890 with any sequence

Note:

* If direct access http://domain/admin will be 403

* Now they just want to run admincp link below to create session: http://domain/abc


sorry, my english is very bad



RE: Protect admincp with session - Jordan F. - 2015-06-08

The random directory and PHP file aren't needed to be honest, you can set the cookie yourself through a browser extension like EditThisCookie for Chrome - this is even more secure I suppose seeing as no-one will know which cookie value the admin requires, whereas with your method a user could potentially find the random directory.

Effective tutorial though! Smile