MyBB Community Forums
[For 1.8] Protect admincp with session - Printable Version

+- MyBB Community Forums (
+-- Forum: Resources (
+--- Forum: Tutorials (
+--- Thread: [For 1.8] Protect admincp with session (/thread-169717.html)

Protect admincp with session - sanvu88 - 2015-04-15

* Create one folder with any name

example: abc

* Create index.php file in that directory with the content:

header("Location: /admin/index.php"); 

* add to .htaccess

RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{HTTP_COOKIE} !mybbvietnamdotcom=1234567890
RewriteRule .* - [L,F]

* Replace 1234567890 with any sequence


* If direct access http://domain/admin will be 403

* Now they just want to run admincp link below to create session: http://domain/abc

sorry, my english is very bad

RE: Protect admincp with session - Jordan F. - 2015-06-08

The random directory and PHP file aren't needed to be honest, you can set the cookie yourself through a browser extension like EditThisCookie for Chrome - this is even more secure I suppose seeing as no-one will know which cookie value the admin requires, whereas with your method a user could potentially find the random directory.

Effective tutorial though! Smile