Home > PHP Framework > ThinkPHP > How to configure routing in ThinkPHP to hide the background!

How to configure routing in ThinkPHP to hide the background!

青灯夜游
Release: 2021-09-08 20:04:20
forward
3635 people have browsed it

ThinkPHPHow to hide the background? The following article will introduce to you how ThinkPHP cleverly uses routing rules to hide the background, making your website more secure!

How to configure routing in ThinkPHP to hide the background!

As we all know, if the backend module of the thinkphp framework is named admin, you can directly use http://domain name/admin This access method is very convenient, but it also has great security risks. Hackers can easily guess your backend and then brute force the backend. So is there any way to solve this hidden danger? Let's discuss how to use routing rules to modify the backend path to prevent hackers from knowing our backend entrance. There are many tutorials on hiding the background admin on the Internet, but the really useful one is this routing rule method.

How to configure routing in ThinkPHP to hide the background!

The first step is to add setting parameters in the background that can modify the name of the background module

1,

How to configure routing in ThinkPHP to hide the background!

2. The key code to save the settings is as follows:

if(request()->isPost()) {
	$data=input('post.');
	//获取系统全部模块名
	$system_module = [];
	foreach (scandir(APP_PATH) as $dir) {
		if($dir == '.' || $dir == '..') {
			continue;
		}
		if(is_dir(APP_PATH.$dir)) {
			array_push($system_module, $dir);
		}
	}
	foreach ($data as $key => $vo) {
		if($key == 'admin_module' && $vo != 'admin' && in_array($vo, $system_module)) {
			$this->error('后台地址不能与现有系统模块名同名');
		}
	}
}
Copy after login

Notes:

  • admin_module is my database The key
  • APP_PATH that saves the background module name is a constant of thinkphp5.0 version. If it is other versions, please modify it yourself.

The second step is to read the configuration information of the website in application/common.php

1. The main structure of the config data table is as follows:

DROP TABLE IF EXISTS `config`;
CREATE TABLE `config` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `key` varchar(255) DEFAULT NULL,
  `val` text,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
Copy after login

2. sysconfig($name) method: Get the corresponding value based on the key name

<?php
use think\Cache;
use app\common\model\Config;

/**
 * 获取或配置系统参数
 * @param string $name  参数名称
 * @return string
 */
function sysconfig($name) {
	$config = Cache::get(&#39;config&#39;);
    if (empty($config)) {
        $config = Config::column(&#39;key,val&#39;);
		Cache::set(&#39;config&#39;,$config,1800);//缓存30分钟 
    }
    return isset($config[$name]) ? $config[$name] : &#39;&#39;;
}
Copy after login

Supplement:

1. If it is only a system for personal use, If you don’t want to be so troublesome, you can also add the following configuration directly to config.php:

return [
    // +----------------------------------------------------------------------
    // | 应用设置
    // +----------------------------------------------------------------------
	// 后台模块名
    &#39;admin_module&#39;           => &#39;myadmin&#39;,
]
Copy after login

2, and then call it directly in the project:

$admin_module = Config(&#39;admin_module&#39;);
Copy after login

The third step, route setting application/route.php

<?php
use think\route;

$route_config = [
	&#39;index&#39;=>&#39;index/index&#39;,
];
//1.获取后台模块
$admin_module = sysconfig(&#39;admin_module&#39;);
if ($admin_module == &#39;&#39;) {
    $admin_module = &#39;admin&#39;;
}
//2.设置后台路由
if ($admin_module != &#39;admin&#39;) {
    $admin_route_config = [
		//路由禁止:原理是把它指到非登陆地址,在没有登陆情况下,跳转到404页面;
		&#39;admin/$&#39; => &#39;admin/login/jump&#39;,
		&#39;admin/login$&#39; => &#39;admin/login/jump&#39;,
		&#39;admin/login/index&#39; => &#39;admin/login/jump&#39;,
		$admin_module . &#39;/$&#39; => &#39;admin/login/index&#39;,	
    ];
    $route_config = array_merge($route_config, $admin_route_config);
}
return $route_config;
Copy after login

The fourth step, add the jump() method for jump verification in the login controller Login.php

1. This jump() method is actually the designated method for prohibiting routing in our third step

public function jump() {
	if(!Session::has(&#39;uid&#39;)) {
		$request = Request::instance();
		if(sysconfig(&#39;admin_module&#39;) == &#39;admin&#39; || sysconfig(&#39;admin_module&#39;) == &#39;&#39;) {
			$this->redirect(&#39;@admin/login/index&#39;);
		} else {
			header("HTTP/1.1 404 Not Found");
			return $this->fetch(APP_PATH.&#39;/404.html&#39;);
		}
	} else {
		$this->redirect(&#39;@admin/index/index&#39;);
	}
}
Copy after login

2. The code in jump() above has only one function, that is If you are not logged in, accessing a prohibited route will jump to the 404 page, as follows:

How to configure routing in ThinkPHP to hide the background!

3. The 404.html page is placed in the application directory, and the code is as follows :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>很抱歉,此页面暂时找不到!</title>

<style type="text/css">
body {margin: 0px; padding:0px; font-family:"微软雅黑", Arial, "Trebuchet MS", Verdana, Georgia,Baskerville,Palatino,Times; font-size:16px;}
div{margin-left:auto; margin-right:auto;}
a {text-decoration: none; color: #1064A0;}
a:hover {color: #0078D2;}
img { border:none; }
h1,h2,h3,h4 {
/*	display:block;*/
	margin:0;
	font-weight:normal; 
	font-family: "微软雅黑", Arial, "Trebuchet MS", Helvetica, Verdana ; 
}
h1{font-size:44px; color:#0188DE; padding:20px 0px 10px 0px;}
h2{color:#0188DE; font-size:16px; padding:10px 0px 40px 0px;}

#page{width:910px; padding:20px 20px 40px 20px; margin-top:80px;}
.button{width:180px; height:28px; margin-left:0px; margin-top:10px; background:#009CFF; border-bottom:4px solid #0188DE; text-align:center;}
.button a{width:180px; height:28px; display:block; font-size:14px; color:#fff; }
.button a:hover{ background:#5BBFFF;}
</style>

</head>
<body>

<div id="page" style="border-style:dashed;border-color:#e4e4e4;line-height:30px;">
	<h1>抱歉,找不到此页面~</h1>
	<h2>Sorry, the page you&#39;re trying to find has moved. </h2>
	<font color="#666666">你请求访问的页面,暂时找不到!</font><br /><br />
	<div class="button">
		<a href="javascript:;" onClick="javascript :history.back(-1);" title="返回上一页">返回上一页</a>
	</div>
</div>

</body>
</html>
Copy after login

4. How to log out

public function logout() {
	if(Session::has(&#39;adminid&#39;)) {
		Session::delete(&#39;adminid&#39;);
	}
	$this->redirect(url(&#39;@&#39;.sysconfig(&#39;admin_module&#39;)));
}
Copy after login

Original address: https://juejin.cn/post/6981428649765371940

More programming For related knowledge, please visit: Introduction to Programming! !

The above is the detailed content of How to configure routing in ThinkPHP to hide the background!. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:juejin.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template