Easy way to make your background login more secure of php plus session authentication
- 2020-05-19 04:26:34
- OfStack
This article will begin with Joomla! Background links, for example, show you how to "modify" our background links to make them more secure.
Principle: register session for background entry through a specific file, otherwise fail to exit. That is, direct use of the original background address will not be able to log in the background. In this way, the variety and changeability of the entry file name will provide a more secure environment for your background login.
1. Entry file: myadmin.php (file name can be changed at any time)
What it does: register session. The source code is as follows:
Login example: http: / / www youdomain. com/myadmin php
After return will automatically jump to: http: / / www youdomain. com administrator/(the original background login address)
And direct input: http: / / www youdomain. com administrator/will prompt 'refused to illegal access and exit.
Author: Zjmainstay
Reference: http: / / www. cnblogs. com/Zjmainstay /
Principle: register session for background entry through a specific file, otherwise fail to exit. That is, direct use of the original background address will not be able to log in the background. In this way, the variety and changeability of the entry file name will provide a more secure environment for your background login.
1. Entry file: myadmin.php (file name can be changed at any time)
What it does: register session. The source code is as follows:
<?php
session_name( "Zjmainstay" ); //session Name can be changed, note the corresponding
session_start();
$_SESSION['admin_user'] = "Y"; //session Variable names can be changed, note the correspondence
session_write_close();
?>
<meta http-equiv="refresh" content="0;url=http://www.youdomain.com/administrator/">
[html]
2. Modify background entry file: /administrator/index.php It could be anything CMS At the beginning of the entry file)
Role: make use of session Control entry. The source code is as follows:
[code]
define('_JEXEC', 1); // The original file Line 9
define('DS', DIRECTORY_SEPARATOR); // The original file Line 10
// Add
session_name( "Zjmainstay" );
session_start();
$ok_to_browse = ( $_SESSION['admin_user'] == "Y" );
if (!$ok_to_browse ) {
header("Content-type: text/html; charset=utf-8");
exit(' No illegal access! ');
}else{
$_SESSION['admin_user'] = "Y"; // continue session The use of
session_write_close();
}
// Add End
Login example: http: / / www youdomain. com/myadmin php
After return will automatically jump to: http: / / www youdomain. com administrator/(the original background login address)
And direct input: http: / / www youdomain. com administrator/will prompt 'refused to illegal access and exit.
Author: Zjmainstay
Reference: http: / / www. cnblogs. com/Zjmainstay /