[Resolved] How to limit access to admin file?

[ApeXX]

How to limit access to admin file?

I'm looking for some sort of code, script or technique, that limits complete access to my admin.php file without a password.

The admin.php file is the backend to one of my sites and does have a secure login before allowing access to website controls, however I would like to add another security measure.

Basically I'm looking for something like cPanel's directory password lock, except for a single file so that it cannot be read, open, or run without a password.

+Rep for all who assist me! :tu:

 

[scribby]

<?

$password = md5("yourpassword");

if ($_POST['pass']) {
$pass = md5($_POST['pass']);
setcookie("password", $pass, time()+3600);
}

if ($_COOKIE["password"]) {
if ($_COOKIE["password"] !== $password) { exit; }
} else {
echo "
<form method=\"POST\" action=\"admin.php\">
<input type=\"text\" name=\"pass\" size=\"20\">
<input type=\"submit\" value=\"Submit\">
</form>
";
}

?>

 

[ApeXX]

I just realized the admin page is encoded with Ioncube... Will the above code still work inserted in an Ioncube encoded page?

 

[Kate]

You can use HTTP authentication with .htaccess file to protect one single file
Check this tutorial:
http://www.wise-women.org/tutorials/htaccess/
Scroll to the bottom for details on the <Files> directive

 

[ApeXX]

You can use HTTP authentication with .htaccess file to protect one single file
Check this tutorial:
http://www.wise-women.org/tutorials/htaccess/
Scroll to the bottom for details on the <Files> directive

Thanks, that worked great! :tu: