My thinkphp version is 3.2.3
The current way to open the background is
Domain name/admin/login and domain name/admin.php/login
And then I was wondering if only one of the addresses would be required to access the backend.
I think it's this address: domain/admin.php/login
Cancel: Domain name/admin/login
Check the manual, block access to the module here
// 设置禁止访问的模块列表 'MODULE_DENY_LIST' => array('Common','Runtime','Admin'),
In this case, I can only use the domain name/admin.php/login to access the backstage
I don't know if my idea is correct, or whether it's superfluous.
I'm still wondering whether to give the admin module a name that nobody else knows (or accidentally) to get into the background ...
Reply content:
My thinkphp version is 3.2.3
The current way to open the background is
Domain name/admin/login and domain name/admin.php/login
And then I was wondering if only one of the addresses would be required to access the backend.
I think it's this address: domain/admin.php/login
Cancel: Domain name/admin/login
Check the manual, block access to the module here
// 设置禁止访问的模块列表 'MODULE_DENY_LIST' => array('Common','Runtime','Admin'),
In this case, I can only use the domain name/admin.php/login to access the backstage
I don't know if my idea is correct, or whether it's superfluous.
I'm still wondering whether to give the admin module a name that nobody else knows (or accidentally) to get into the background ...
Disable access to the module after you need to use Bind_module self-View manual it has instructions
Just tried the next Module_deny_list field, after setting the module can not be accessed in any way, so it is not the effect you want to remove a method that has not yet been found.
Want to give the Admin module a name other people do not know, this you just have to name xxxxx.php inside write define (' Bind_module ', ' Admin ');
I think it doesn't matter, the point is not to call the admin directly, simply take a name that others can never guess
In fact, they are two different applications, you can directly get a domain name to access. More secure
The correct way to block access for others is physical isolation, access control, and so on.
"Change to a name that no one else can guess." This is the wrong way for the pupils to do so.