How to protect the admin site? Used htaccess and .htpasswd .

Here is what I wrote in .htaccess :

 AuthType Basic AuthName "Enter your login and password" AuthUserFile htpasswd/.htpasswd Require admin

In .htpasswd special program encrypts the password. But there is a problem. Either hits the 500 error, or simply does not allow to display a white screen on the site.

Hence the question, how to protect the admin site? Using .htaccess and .htpasswd or tell me if someone has other ways to protect them.

I heard that you can somehow protect through mysql databases - but as I do not know for sure, unfortunately.

  • one
    with a successful login and admin login, create a session, on other admins. pages redirect those without Session - johniek_comp

1 answer 1

Yes. It is possible through base and Mysql . I can send a ready script

The database has a table with administrators:

id | login | pass

php :

 <?php function if_admin($login, $pass){ // проверяет пользователя, является ли он администратором if(!mysql_connect("localhost","user","pass")) // подключение в БД die('Ошибка при подключении к базе данных #1'); //ошибка 1 - ошибка подключения elseif(!mysql_select_db("database")) die('Ошибка при подключении к базе данных #2'); //ошибка 2 - ошибка выбора базы данных $result = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE login='".$login."'")); if($result){ if($result['pass'] == md5($pass)){ return true; } } else{ return false; } } if(if_admin($_GET['login'], $_GET['pass'])){ echo "Вы вошли"; } else{ echo "попробйте ещё раз"; } ?>

mysql :

 CREATE TABLE IF NOT EXISTS `admins` ( `id` int(3) NOT NULL AUTO_INCREMENT, `login` varchar(255) NOT NULL, `pass` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

To enter, you need to make the following request by URL :

 page.php?login=LOGIN&pass=PASSWORD

Words written in uppercase need to be replaced. In the database, the password must be recorded in md5.

  • I will be very grateful! Please send. Isn’t this a softtime security_mod? - anj1817 pm
  • Not. On php and mysql. It will be somewhere in an hour - atnartur
  • one
    To answer added pieces of code. All tested on a local server. - atnartur
  • hmm, interesting approach. Such protection excludes the possibility of falling into the admin area for a direct link? ie having a link like simole-site.com/admin/ setting this authorization to the admin folder will not be accessible? - anj1817
  • 2
    ... do not store passwords in the database. Keep the password hash, compare and compare them - neoascetic