[For 1.8] Protect admincp with session
* Create one folder with any name

example: abc

* Create index.php file in that directory with the content:

header("Location: /admin/index.php"); 

* add to .htaccess

RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{HTTP_COOKIE} !mybbvietnamdotcom=1234567890
RewriteRule .* - [L,F]

* Replace 1234567890 with any sequence


* If direct access http://domain/admin will be 403

* Now they just want to run admincp link below to create session: http://domain/abc

sorry, my english is very bad
The random directory and PHP file aren't needed to be honest, you can set the cookie yourself through a browser extension like EditThisCookie for Chrome - this is even more secure I suppose seeing as no-one will know which cookie value the admin requires, whereas with your method a user could potentially find the random directory.

Effective tutorial though! Smile

Forum Jump:

Users browsing this thread: 1 Guest(s)