Add PhpMyAdmin access middleware and session check for user authentication

- Updated settings.py to include PhpMyAdminAccessMiddleware for enhanced access control.
- Modified phpmyadminsignin.php to check user session and redirect to the login page if not authenticated.
This commit is contained in:
Master3395
2025-09-15 01:39:21 +02:00
parent 47c40da0a9
commit 9d50175978
8 changed files with 191 additions and 193 deletions

25
phpmyadmin_htaccess Normal file
View File

@@ -0,0 +1,25 @@
# CyberPanel phpMyAdmin Access Control
# Place this file as /usr/local/CyberCP/public/phpmyadmin/.htaccess
# Enable rewrite engine
RewriteEngine On
# Check if user is not authenticated and redirect to login
RewriteCond %{HTTP_COOKIE} !sessionid=
RewriteRule ^(.*)$ /base/ [R=302,L]
# Additional security headers
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
# Prevent direct access to sensitive files
<Files "config.inc.php">
Order Allow,Deny
Deny from all
</Files>
<Files "*.log">
Order Allow,Deny
Deny from all
</Files>