Author Topic: Secure URI key access  (Read 2370 times)

Ideandro

  • Newbie
  • *
  • Posts: 5
    • View Profile
    • recycle only the best ideas
Secure URI key access
« on: June 10, 2009, 05:19:17 PM »
Hi  :) !

You know jSecure Authentication module for Joomla?

"Joomla has one drawback, any web user can easily know the site is created in Joomla! by typing the URL to access the administration area (i.e. www.sitename.com/administration). This makes hackers hack the site easily once they crack id and password for Joomla!. Information: jSecure Authentication module prevents access to administration (back end) login page without appropriate access key."

I have create a kind of jSecure Authentication module for OpenGoo:
OpenGoo Secure URI Key Access

First of all you must create a new file and put it into OpenGoo root directory (where is the index.php file):
access.php

Code: [Select]
<?php
// ---------------------------------------------------
//  Choose your Access URI Key value
// ---------------------------------------------------

$URIpassword'myaccesskey';

// ---------------------------------------------------
//  Check the Access URI Key value
// ---------------------------------------------------
if((preg_match("/opengoo\/*access.?\.php$/"$_SERVER['SCRIPT_NAME']))) {
if($URIpassword != $_SERVER['QUERY_STRING']) {
print('Access Danied!');
die();
} else {
session_start();
$_SESSION['AccessKey'] = 1;
header('Location: ../index.php'); 
exit;
}
}

?>


Then you must add at row n.3 of
index.php
this code:

Code: [Select]
// Check AccessKey
session_start();
if (!isset($_SESSION['AccessKey'])) {
echo("Access Danied!");
die();
}

Then you must modify at row n.35 of
environment.php
with this:

Code: [Select]
if (!isset($_SESSION)) { session_start(); } // Start the session

Now if you try to enter here:
http://www.yourdomain.com/opengoo/index.php
you recived an error

If you can view the login page you must write at the end of the URL the string "access.php/?" and your "access key", for example:

Code: [Select]
http://www.yourdomain.com/opengoo/access.php/?myaccesskey
That's all. Work for me with OpenGoo 1.4.1 version.
I hope that this is useful for you  ;) .

If you have some question or ideas... email me.

bye :D !
recycle only the best ideas: www.buonaidea.it

4nd3rs

  • Newbie
  • *
  • Posts: 17
    • View Profile
Re: Secure URI key access
« Reply #1 on: July 14, 2009, 07:12:53 AM »
Sounds good to me. And this is more than a idea, it's a feature to ready to build in. Have you post it in "Feature requests"?

Ideandro

  • Newbie
  • *
  • Posts: 5
    • View Profile
    • recycle only the best ideas
Re: Secure URI key access
« Reply #2 on: July 14, 2009, 07:10:13 PM »
Sounds good to me. And this is more than a idea, it's a feature to ready to build in. Have you post it in "Feature requests"?

Ok!

I have post it in "Feature requests"...

Thanks
« Last Edit: July 21, 2009, 09:12:09 AM by Ideandro »
recycle only the best ideas: www.buonaidea.it

 

anything