Hello/Hi/Greetings,
I googled and found some complicated settings to hide the login prompt.
Today, I just renamed the identification.php to something I know (e.g. xyz.php), then inside the actual file, you need to rename it too
Line 103:
'F_LOGIN_ACTION' => get_root_url().'xyz.php',
now the login link is still there but it will give an error.
To actually log in, you type: 'yourpage.com/xyz.php' and it will work fine!
someone please tell me if this is a bad idea or not. I am new to piwigo.
Zack
Piwigo 11.5.0
Operating system: Linux
PHP: 7.3.30
MySQL: 5.7.23-23
Graphics Library: ImageMagick 6.9.10-68
Offline
beepro wrote:
'F_LOGIN_ACTION' => get_root_url().'xyz.php',
now the login link is still there but it will give an error.
To actually log in, you type: 'yourpage.com/xyz.php' and it will work fine!
someone please tell me if this is a bad idea or not. I am new to piwigo.
It's a bit strange. How can your users can login now ?
Offline
They probably don't have users.
Anyway, security by obscurity theater is a circus and why would one even want to rename the login. If you don't want the login credential fields to be displayed then configure the menu to not display it, under Admin -> Configuration -> Menus, on Identification (mbIdentification) check Hide.
Offline
presumably, even if you hide it. anyone who uses piwigo (or a robot) will know the url for the login prompt and attempt to break in. renaming it will simply give them error with nothing.
Offline
Or protect:
admin.php
password.php
identification.php
with the .htaccess file:
<Files identification.php>
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /path/to/password/file
Require valid-user
</Files>
Place the password file outside your webroot folder and it is pretty save.
Renaming or changing something inside the files has one draw back:
After each update you have to rename the files again.
.htaccess file will not be overwritten by an update.
Cheers
Ralf
Offline