how to protect joomla administrator folder? - joomla1.6

index.php
$admin_cookie_code="1234567890";
setcookie("JoomlaAdminSession",$admin_cookie_code,0,"/");
header("Location: /administrator/index.php");
.htaccess file
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/administrator
RewriteCond %{HTTP_COOKIE} !JoomlaAdminSession=1234567890
RewriteRule .* - [L,F]
i used this code but it's not working...
page will be redirect to administrator but www.domain.com/administrator is also accessable

I got tired of searching an answer for this one and just made a PHP code that will redirect if the visitor gets into the /administration folder without the security key or as a registered user:
Just place this code at the end of the index.php file on your administration folder (/administration/index.php) before the 'echo' instruction:
/* Block access to administrator
--------------------------------------------- */
$user =& JFactory::getUser();
$secretkey = 'mysecretkey';
$redirectto = 'location: yourdomainurlhere';
$usertype = 'Registered';
//Check if the user is not logged in or if is not a super user:
if ($user->guest || (!$user->guest && $user->usertype != $usertype) ) {
//Check if the secret key is present on the url:
if (#$_GET['access'] != $secretkey) { header($redirectto); }
}
/* --------------------------------------------- */
After you will be only able of accessing your site using:
mysite.com/administrator/?access=mysecretkey
Tested on Joomla 1.5 and Jooma 2.5, worked well for both.
I explain it a little bit more on my page:
https://www.infoeplus.com/protect-your-joomla-administrator-folder/

Are you trying to hide the administrator URL ? Here is what I'm using :
http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection/15711
You can find more extensions here : http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection

http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection
you can use this protect your admin login.
this is really esay and nice extension.

Related

Why can't I proceed to login page?

This is the only thing that i can see on my computer at the address http://localhost/onlineExam/login/validate_credentials
Object not found!
The requested URL was not found on this server. The link on the referring page seems to be wrong or outdated. Please inform the author of that page about the error.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.7
class Login extends CI_Controller
{
function index()
{
$data['main_content'] = 'login_form';
$this->load->view('includes/templates', $data);
}
function validate_credentials(){
$this->load->model('user_model');
$query = $this->user_model->validate();
if($query)// if the user's credentials validated...
{
$data = array(
'username' => $this->input->post('username'), 'is_logged_in' => true
);
$this->session->set_userdata($data);
redirect('site/users_area');
}
else{
$this->index();
$data['error'] = 'Invalid Username or Password';
$data['main_content'] = 'login_form';
$this->load->view('includes/templates', $data);
}
}
}
Please check .htaccess file is present in the root folder, that is 'onlineExam' as per your URL.
If not present, create/update with this lines:
RewriteEngine On
RewriteBase /onlineExam/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
After that, also check base_url at onlineExam/application/config/config.php
$config['base_url'] = 'http://localhost/onlineExam';
This could be a number of things
1) As Stated above you need to make sure a htaccess file is present in the root of your project folder
2) If your htaccess file isn't removing the index.php part of your URL then your link would not be
http://localhost/onlineExam/login/validate_credentials
but rather
http://localhost/onlineExam/index.php/login/validate_credentials
3) Make sure your filename is the same as your class name. At times too case sensitive operating system may affect your files. Login.php != login.php (This is a rare case and happened to older version of some OS')

Laravel 5 shared hosting issue

please, I am trying to host Laravel 5 on a shared hosting.
When I access www.example.com/my_app_name, the page loaded correctly.
However, subfolders return 404 error. e.g. www.example.com/my_app_name/any_sub_folder or www.example.com/my_app_name/auth/login all return a 404 error.
shared_hosting_root
|--other_folders (not accessible via web domain)
|--applications (not accessible via web domain)
|--my_app_name
|--app
|--GoPublic.php <--I created this
|--bootstrap
|--config
|--database
|--public <--copied content to public_html
|--assets
|--index.php
|--resources
|--storage
|--tests
|--vendor
|--public_html
|--my_app_name
|--assets
|--index.php <-- I pointed here
I created a new file: shared_hosting_root\applications\my_app_name\app\GoPublic.php
<?php namespace App;
class GoPublic extends \Illuminate\Foundation\Application
{
/**
* Get the path to the public / web directory.
*
* #return string
*/
public function publicPath()
{
return $this->basePath.DIRECTORY_SEPARATOR.'../../public_html/my_app_name';
}
}
I edited bootstrap\app.php like so:
<?php
/* -- remove/comment this original code
$app = new Illuminate\Foundation\Application(
realpath(__DIR__.'/../')
);
-- until here */
/* -- add this new code -- */
$app = new App\GoPublic(
realpath(__DIR__.'/../')
);
I edited public\index.php like so:
I changed this:
require __DIR__.'/../bootstrap/autoload.php';
to
require __DIR__.'/../../applications/my_app_name/bootstrap/autoload.php';
and also changed this:
$app = require_once __DIR__.'/../bootstrap/app.php';
to
$app = require_once __DIR__.'/../../applications/my_app_name/bootstrap/app.php';
I then copied the content inside applications\my_app_name\public into public_html\my_app_name.
I followed the steps highlighted in this tutorial: http://blog.kongnir.com/2015/09/25/setting-up-laravel-5-on-shared-hosting-server/
The problem again:
I can access www.example.com/my_app_name.
But I get a 404 error on www.example.com/my_app_name/any_sub_folder or even a login redirect www.example.com/myapp_name/auth/login
What am I doing wrong? Help, please.
Thank you.
Update
www.example.com/my_app_name/sub_folder returns 500 internal server error
My .htaccess file in public_html directory:
# Do not change this line.
RewriteEngine on
# Change example.com to your domain name
# RewriteCond %{HTTP_HOST} ^(www.)?schoolsmart.com.ng$
# Change your_app_name to the subfolder name
# RewriteCond %{REQUEST_URI} !^/wbs/
# Don't change the following two lines.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Change your_app_name to the subfolder name
# Change example.com to your domain name
# RewriteRule ^(.*)$ /wbs/$1
# RewriteCond %{HTTP_HOST} ^(www.)?schoolsmart.com.ng$
# RewriteRule ^(/)?$ wbs/index.php [L]
RewriteCond %{REQUEST_URI} !^wbs
RewriteRule ^(.*)$ wbs/$1 [L]
For me chmoding the bootstrap, storage and yajra folder which is under vendor directory to 775, as suggested in the official laravel documentation, did the trick.

How to correctly upload Laravel 5 application to server?

I am new to Laravel 5 and have realized that a lot has changed, I am more familiar with Laravel 4. I just tried uploading my site to a live VPS, I managed to change the URLs in index.php and server.php but I keep getting these errors:
Which makes me believe there was something else I was supposed to change that I did not because these files are indeed there and my application works just fine on my localhost.
Also with the exception of my home page, the rest of the pages say not found when I click on their links.
This is my document structure:
index.php
<?php
require __DIR__.'/../*********/bootstrap/autoload.php';
$app = require_once __DIR__.'/../*********/bootstrap/app.php';
$kernel = $app->make('Illuminate\Contracts\Http\Kernel');
$response = $kernel->handle(
$request = Illuminate\Http\Request::capture()
);
$response->send();
$kernel->terminate($request, $response);
server.php
<?php
/**
* Laravel - A PHP Framework For Web Artisans
*
* #package Laravel
* #author Taylor Otwell <taylorotwell#gmail.com>
*/
$uri = urldecode(
parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)
);
// This file allows us to emulate Apache's "mod_rewrite" functionality from the
// built-in PHP web server. This provides a convenient way to test a Laravel
// application without having installed a "real" web server software here.
if ($uri !== '/' and file_exists(__DIR__.'/../public_html'.$uri))
{
return false;
}
require_once __DIR__.'/../public_html/index.php';
Following step you have must followed to move local to live server in Laravel.
Move all public folder data into root directory
In index.php change path to
require DIR.'/../bootstrap/autoload.php'; to require DIR.'/bootstrap/autoload.php';
AND
$app = require_once DIR.'/../bootstrap/app.php'; to $app = require_once DIR.'/bootstrap/app.php';
and set file permission to 744
In .htaccess file add following code after RewriteEngine On.
RewriteBase /
Change parameter in .env file.

how to forced https instead of http after user login in zend framework2

I want user redirect to https insetad of http just after login in my new website made in zend framework2. please help.
I there any method available in zend freamework2 to get current used protocol(http or https).
You can redirect the user to the https version of a page inside the application. Above solution simply redirects all requests to it's http variant, and only for Apache. I would rather do it inside the application (then you're more in control) and make it server agnostic (what happens when you switch to nginx?)
An example is based on an answer I gave earlier here: ZF2 and force HTTPS for specific routes
The solution: create a controller plugin which you can call every time you need it.
Specify the pages you need to force a redirect (i.e. the page you show the login form):
use Zend\Http\Response;
public function loginAction()
{
// If return value is response, this means the user will be redirected
$result = $this->forceHttps();
if ($result instanceof Response) {
return $result;
}
// code here
}
And then you could create a controller plugin (call it ForceHttps) to return a response when the user should be redirected:
use Zend\Uri\Http as HttpUri;
class ForceHttps extends AbstractPlugin
{
public function __invoke()
{
$request = $this->getController()->getRequest();
if ('https' === $request->getUri()->getScheme()) {
return;
}
// Not secure, create full url
$plugin = $this->getController()->url();
$string = $plugin->fromRoute(null, array(), array(
'force_canonical' => true,
), true);
$url = new HttpUri($string);
$url->setScheme('https');
return $this->getController()->redirect()->toUrl($url);
}
}
What happens is
Check if the current scheme is https. If not, continue
Grab the current used url from the url() plugin, use the current route name (hence the first parameter is null), force the canonical version (i.e. with a full scheme and domain name) and reuse the current route match parameters (the true as last parameter).
Import the url (as a string) in the Zend\Url\Http object
Reset the scheme to the https version
Pass the url to the redirect plugin to grab a response which will perform the redirect
on your .htaccess write these rules
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ public/index.php [NC,L]
note that public/index.php is the root so you have to modify it and www.yoursite.com too
for logged-in user you have to do with php
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity()) {//redirection should be here//}

Dynamic CMS pages and static pages CodeIgniter

I'm using Codeigniter 2, and i have some dynamic pages (CMS) which are created from the back office and have the page name as ID . And some pages are static , there is a example :
Dynamic pages :
www.domain.com/privacy
www.domain.com/about
and static page :
www.domain.com/invitation
So the question is how can route this pages : i tried to use :
$route['([a-z0-9\-]+)'] = 'home/cms/$1';
But it gives me 404 for static pages ( www.domain.com/invitation )
Any help and thank you in advance
You can either explicitly remove the static files from the redirection in your .htaccess file:
RewriteEngine on
RewriteCond $1 !^(invitation\.php|index\.php|images|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]
or, you can use the _remap function. Inside the _remap function, you would check for existence of a physical file for your "method" - if there, load it - if not, route to the controller method:
public function _remap($method, $params = array())
{
$filepath = BASEPATH.$method.".php";
if (file_exists($filepath))
{
include($filepath);
return;
}
else if (method_exists($this, $method))
{
return call_user_func_array(array($this, $method), $params);
}
else
{
show_404();
}
}

Resources