Protect the manager with a plugin

on 07-Nov-2012 | Comments ( 0 ) Tags: Evolution

Create the redirect page

1. Create the secure folder in the root of your site. The name of the folder will be the secure page you need to access e.g. mysecuremanger

2. Create an index.php file and paste the following code.

<!DOCTYPE HTML>
<html lang="en-US">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="refresh" content="0;url=http://YOUR_SITE.com/manager/?secure"> 
	<title></title>
</head>
<body>
	
</body>
</html>

Note: Don't forget to replace YOUR_SITE with the correct value

Install and configure the ProtectManager plugin

Plugin code:

$e = &$modx->event;

//if no error page redirect to the first page. could be improved by using the global seetings
$errorPage = isset($errorPage)?intval($errorPage):1;

switch ($e->name ) {

    case 'OnManagerLoginFormPrerender':

		if(isset($_GET['secure'])){
			return; //correct access
		}else{
			$modx->sendRedirect($modx->makeUrl($errorPage));//redirect to the error page
		}

        break ;
    
    //redirects the logout to the secure manager login url
    case 'OnManagerLogout':
        
        header('Location: ' . MODX_BASE_URL . 'manager/?secure');
        exit();//force exit so no other redirect works
        
        break ;
    default:
        return ;
}

return ;

Configure the error page in the Configuration tab

&errorPage=Error page;int;39

And that's about it. Initially I tried to implement a htaccess solution or a detect header solution but it seems you can't rely on the headers; they are not always being sent.

This is only a simple solution to the MODX Evolution limitation that the "manager" can't be easily configured. And this doesn't really protect you against poorly written modules but it'a simple way to hide the login page.

Write a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.
 

Quick modx Evolution Tags

  • cached [[snippet]] or uncached [!snippet!]
  • {{chunk}}
  • [+placeholder+]
  • [*resourceField/TV*]
  • [^timing^]
  • [~link~]

Quick modx Revolution Tags

  • [[snippet]]
  • [[$chunk]]
  • [[+placeholder]]
  • [[*resourceField/TV]]
  • [[~link]]
  • [^timing^]
  • [[++systemSetting]]
  • [[%languageStringKey]]
  • all tags can be called un-cached like: [[! snippet]]

Timing Tags (Evo and Revo)

  • [^qt^] - Query time
  • [^q^] - Query count
  • [^p^] - Parse time
  • [^t^] - Total time
  • [^s^] - Source
© modxRULES! 2009-2014