In the article we'll overview one of the options to protect admin panel of your property website, based on Open Real Estate software. Specifically, we'll see how to restrict authorization in the admin panel to specific IP addresses.
To do that, go to the file protected\config\main.php (since you're owner of a paid version), or to the file protected\config\main-free.php where after the line:
'module_rss_itemsPerFeed' => 20,
you should insert:
'allowAdminAuthIP' => array('192.168.1.1', '192.168.1.2'),
Then in the file protected\components\UserIdentity.php untill the line:
$this->_id = $user->id;
insert the following code block:
if ($user->role == User::ROLE_ADMIN && param('allowAdminAuthIP')) { $userIP = Yii::app()->request->userHostAddress; if (is_array(param('allowAdminAuthIP'))) { if (!in_array($userIP, param('allowAdminAuthIP'))) { $this->errorCode = self::ERROR_PASSWORD_INVALID; return 0; } } }
and in the file protected\components\UserIdentitySocial.php untill the line:
$this->_id = $user->id;
insert the same code block as in the file protected\components\UserIdentity.php
Now admin authorization is restricted to IP addresses 192.168.1.1 and 192.168.1.2.
If you would like to allow authorization from any IP addresses, then change:
'allowAdminAuthIP' => array('192.168.1.1', '192.168.1.2'),
on:
'allowAdminAuthIP' => '',
You can learn your current IP address with such services as http://whatismyipaddress.com, https://2ip.ru, http://www.whatsmyip.org.
Note: if your IP address is dynamic (it means that it changes every time you connect to the Internet or reboot/switch off PC), then you should perform the above-described steps every time you get a new IP address.