1.新建一个文件,这里假定命名为myadmin.php
内容:
session_name( "Autoit" ); //自己修改Autoit,对应administrator/index.php
session_start();
$_SESSION['admin_user'] = "Y"; //自己修改admin_user,对应administrator/index.php
session_write_close();
?>
2.修改administrator/index.php
define('_JEXEC', 1); //原文件Line 9
define('DS', DIRECTORY_SEPARATOR);
//对比上面加入下面内容
// Add by Autoit!
session_name( "Autoit" ); //自己修改Autoit,对应myadmin.php
session_start();
$ok_to_browse = ( $_SESSION['admin_user'] == "Y" ); //自己修改admin_user,对应myadmin.php
if (! $ok_to_browse ) {
header('Location:(你的404页面地址或其他地址)');
exit(0);
}else{
$_SESSION['admin_user'] = "Y";
session_write_close();
}
// Add by Autoit!
//原理:只有经过我们自己定义的myadmin.php文件才会注册到session,否则后台链接将视为非法,退出。
注:文件名、session名,自己一定要自行定义,安全起见!!