Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[For 1.8] Protect admincp with session
#1
* Create one folder with any name

example: abc

* Create index.php file in that directory with the content:

<?php
$mybbvietnamdotcom_cookie_code="1234567890";
setcookie("mybbvietnamdotcom",$mybbvietnamdotcom_cookie_code,0,"/");
header("Location: /admin/index.php"); 
?>


* add to .htaccess


RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{HTTP_COOKIE} !mybbvietnamdotcom=1234567890
RewriteRule .* - [L,F]


* Replace 1234567890 with any sequence

Note:

* If direct access http://domain/admin will be 403

* Now they just want to run admincp link below to create session: http://domain/abc


sorry, my english is very bad
Reply
#2
The random directory and PHP file aren't needed to be honest, you can set the cookie yourself through a browser extension like EditThisCookie for Chrome - this is even more secure I suppose seeing as no-one will know which cookie value the admin requires, whereas with your method a user could potentially find the random directory.

Effective tutorial though! Smile
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)