How can I protect the admin.php ?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Read the docs on

$myIP = "*";
$lock_admin_to_myIP = false;

Change the * to your ip and the FALSE to TRUE. However, as long as you have changed the default id/password you're safe, but that's how you do the ultimate, paranoid protection Smile

Posted: Thu Jun 05, 2003 4:53 am

docs/config-explain.html
docs/QUICK-START-GUIDE.html

Posted: Thu Jun 05, 2003 5:18 am

I am so sorry Embarassed

. I was thinking you were asking about the admin.php for my KISGB Laughing

Now, the admin.php is already proteded by userid and password. What kind of protection are you searching for over and beyond that?

Posted: Thu Jun 05, 2003 3:19 pm

Your english is fine Smile

. KISGB is the leading guestbook for PHPNuke, which I wrote. Get it in the download section. It's the one used here (of course!).

No, there isn't any control in phpnuke that locks admin.php to an IP. I would be willing to discuss with you what I would charge to customize the system for you, though. If you are interested, then contact me via email at ==> raven at gaylenandmargie dot com.

New Member Joined: Sep 21, 2003 Posts: 2

This might be well, a little late on a reply but this issue can be resolved at the server level. IF your running Apache 1.3 or 2.0 you can place an .htaccess file inside the directory and limit the get function to a particular file, particular file extension and so on using .HTACCESS. You can also limit the get to your particualr IP or subnet of ip's. .htaccess in apache is very flexible. This is by far the strongest protection level you could ever do, because it is at the http webserver level.

Here is some good articles to read:
http://www.apacheweek.com/features/userauth

http://httpd.apache.org/docs/misc/FAQ.html#user-authentication

MAIN APACHE WEBSITE:
http://httpd.apache.org/docs-2.0/howto/htaccess.html