search

Home  >  Article  >  Backend Development  >  Simple method to make your background login more secure (add session verification in php)_PHP tutorial

Simple method to make your background login more secure (add session verification in php)_PHP tutorial

WBOY
WBOYOriginal
2016-07-21 15:16:19794browse

This article will take Joomla! backend link as an example to explain how to "modify" our backend link to make it more secure.

Principle: Register a session for the background entrance through a specific file, otherwise it will fail and exit. That is, you will not be able to log in to the backend if you directly use the original backend address. In this way, the diversity and changeability of the entry file name will provide a more secure environment for your background login.

1. Entry file: myadmin.php (the file name can be changed at any time)

Function: Register session. The source code is as follows:

Copy code The code is as follows:

session_name( "Zjmainstay" ); //session name can be changed, please note that it corresponds to
session_start();
$_SESSION['admin_user'] = "Y"; //session variable name can be changed, please note that it corresponds to
session_write_close();
?>
 
[html]
2. Modify the background entry file: /administrator/index.php (can be the beginning of the entry file of any CMS)

Function: Use session to control entry. The source code is as follows:

[code]
define('_JEXEC', 1); //Original file Line 9
define('DS', DIRECTORY_SEPARATOR); //Original file Line 10

// Add
session_name( "Zjmainstay" );
session_start();
$ok_to_browse = ( $_SESSION['admin_user'] == "Y" );
if ( !$ok_to_browse ) {
header("Content-type: text/html; charset=utf-8");
exit('Illegal access is denied!');
}else{
$ _SESSION['admin_user'] = "Y"; //Continue the use of session
session_write_close();
}
// Add End

Login example: http:// /www.youdomain.com/myadmin.php

After pressing Enter, it will automatically jump to: http://www.youdomain.com/administrator/ (original backend login address)

And Directly entering: http://www.youdomain.com/administrator/ will prompt 'Illegal access denied' and exit.

Author: Zjmainstay  
Source: http://www.cnblogs.com/Zjmainstay/

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/325927.htmlTechArticleThis article will use Joomla! background link as an example to explain how to "modify" our background link to make it more secure . Principle: Register a session for the backend entrance through a specific file, otherwise it will exit if it fails...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Introduction to the differences between the three attributes of php to obtain IP (HTTP_X_FORWARDED_FOR, HTTP_VIA, REMOTE_ADDR)_PHP tutorialNext article:Introduction to the differences between the three attributes of php to obtain IP (HTTP_X_FORWARDED_FOR, HTTP_VIA, REMOTE_ADDR)_PHP tutorial

Related articles

See more