Helpful Information
 
 
Category: vB3 General Discussions
htaccess in place, now how to... ?

i will have htaccess in place for my admin folder and i want to remove the username/password login box since it will not be needed anymore.

what do i edit? thanks for your help.

i could be wrong TECK but i believe that the code is included in admin/global.php

find this code:

<?php maketableheader("Please Log in:","login",0,1); ?>
<tr class="firstalt" id="submitrow"><td align="center" nowrap><p>You are either not a valid administrator or have not logged in.</p>
<form action="../admin/index.php" method="post" id="submitrow">
<input type="hidden" name="s" value="<?php echo $session[sessionhash]; ?>">
<input type="hidden" name="action" value="login">
<!-- <input type="hidden" name="explain" value="1"> -->

im not positive though... regards...

g-force2k2

i think is a little more complicated, it involves the cookie checkup and bypass it. :)

whoops TECK i meant admin/global.php :p and for the cookie check and stuff wouldn't that just include any normal login? using the admin/sessions.php? regards

Edit:

Also included in the admin/global.php is this:

$getperms=$DB_site->query_first("SELECT cancontrolpanel FROM user,usergroup WHERE user.usergroupid=usergroup.usergroupid AND user.userid='$bbuserinfo[userid]'");
if ($getperms[cancontrolpanel]!=1) {
$bbuserinfo[userid]=0;
}

which checks to see if the user can access the controlpanel and then if they don't bypass that...

if ($bbuserinfo[userid]==0 and $checkpwd) {

that triggers the login code as listed above... hope that helps :) regards...


g-force2k2

i found out a much easier way, using the mod_auth_mysql module.
there is no more need to modify nothing anymore... :)

Be careful with that. :) If you happen to accidentally delete your .htaccess file, anyone can access your Admin CP.

not if you use the module. it automatically grabs all your info directly from the database to request the htaccess user perms.
and you dont have to edit nothing in the global file.

can you share some instructions as to how you went about doing this Teck :D?

- miSt

yes please do. I would love to have my htaccess work off of my database but I dont have a clue as to how to use that module stuff your talking about. :)

Mark

Isn't the point of .htaccess to add a second layer of security to the admin folder? It should thus be a different username and password, and should be independent from the database, in case the database or your forum password is somehow compromised.

yes... i want to add a second layer of protection to my admin folder...

- miSt

Come guys, cant someone put this in simple language for me to understand. :P Thanks.

Mark










privacy (GDPR)