How to limit access to admin file?

ApeXX · 09-01-2007, 04:58 PM

I'm looking for some sort of code, script or technique, that limits complete access to my admin.php file without a password.

The admin.php file is the backend to one of my sites and does have a secure login before allowing access to website controls, however I would like to add another security measure.

Basically I'm looking for something like cPanel's directory password lock, except for a single file so that it cannot be read, open, or run without a password.

+Rep for all who assist me!

scribby · 09-01-2007, 08:45 PM

PHP Code:

  <?

 
$password = md5("yourpassword");

 
if ($_POST['pass']) {

????: NamePros.com http://www.namepros.com/programming/369107-resolved-how-limit-access-admin-file.html
$pass = md5($_POST['pass']);

setcookie("password", $pass, time()+3600);

}

 
if ($_COOKIE["password"]) {

if ($_COOKIE["password"] !== $password) { exit; }

} else {

echo "

<form method=\"POST\" action=\"admin.php\">

<input type=\"text\" name=\"pass\" size=\"20\">

<input type=\"submit\" value=\"Submit\">

</form>

";

}

 
?>

ApeXX · 09-02-2007, 07:04 AM

I just realized the admin page is encoded with Ioncube... Will the above code still work inserted in an Ioncube encoded page?

sdsinc · 09-02-2007, 07:23 AM

You can use HTTP authentication with .htaccess file to protect one single file
Check this tutorial:
http://www.wise-women.org/tutorials/htaccess/
Scroll to the bottom for details on the <Files> directive

ApeXX · 09-02-2007, 12:33 PM

Originally Posted by sdsinc

You can use HTTP authentication with .htaccess file to protect one single file
Check this tutorial:
http://www.wise-women.org/tutorials/htaccess/
Scroll to the bottom for details on the <Files> directive

Thanks, that worked great!

09-01-2007, 04:58 PM	THREAD STARTER #1 (permalink)
ApeXX Senior Member Join Date: Mar 2005 Location: Massachusetts Posts: 1,999	How to limit access to admin file? I'm looking for some sort of code, script or technique, that limits complete access to my admin.php file without a password. The admin.php file is the backend to one of my sites and does have a secure login before allowing access to website controls, however I would like to add another security measure. Basically I'm looking for something like cPanel's directory password lock, except for a single file so that it cannot be read, open, or run without a password. +Rep for all who assist me! __________________ FREE Xbox Live Gold codes added daily!

09-01-2007, 08:45 PM	#2 (permalink)
scribby Senior Member Join Date: May 2005 Location: Australia Posts: 1,197	PHP Code: <? $password = md5("yourpassword"); if ($_POST['pass']) { ????: NamePros.com http://www.namepros.com/programming/369107-resolved-how-limit-access-admin-file.html $pass = md5($_POST['pass']); setcookie("password", $pass, time()+3600); } if ($_COOKIE["password"]) { if ($_COOKIE["password"] !== $password) { exit; } } else { echo " <form method=\"POST\" action=\"admin.php\"> <input type=\"text\" name=\"pass\" size=\"20\"> <input type=\"submit\" value=\"Submit\"> </form> "; } ?>

09-02-2007, 07:04 AM	THREAD STARTER #3 (permalink)
ApeXX Senior Member Join Date: Mar 2005 Location: Massachusetts Posts: 1,999	I just realized the admin page is encoded with Ioncube... Will the above code still work inserted in an Ioncube encoded page? __________________ FREE Xbox Live Gold codes added daily!

09-02-2007, 07:23 AM	#4 (permalink)
sdsinc Domains my Dominion Join Date: Aug 2005 Location: Web 1.0 Posts: 9,557	You can use HTTP authentication with .htaccess file to protect one single file Check this tutorial: http://www.wise-women.org/tutorials/htaccess/ Scroll to the bottom for details on the <Files> directive __________________ NameNewsletter.com - free lists of available domain names ZoneFiles.net (beta) - ccTLD and gTLD droplists

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)