I've added a custom PHP page which does not use any Joomla component. I made changes inside .htaccess so the page is now accessible.
the link will be like http://www.example.com/administrator/mypage.php
But the page is accessible by everyone without logging in to admin panel. How can I make it only view-able by Admin?
My Joomla version is 3.
Thanks a lot.
First of all your php page must include the joomla framework or you will not able to use any of the joomla functions.
I usually use this snippet of code at beginning of the php file (the php file is in the root directory):
define( '_JEXEC', 1 );
define('JPATH_BASE', './' ); //config this as you need
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
JDEBUG ? $_PROFILER->mark( 'afterLoad' ) : null;
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
JPluginHelper::importPlugin('system');
JDEBUG ? $_PROFILER->mark('afterInitialise') : null;
$mainframe->triggerEvent('onAfterInitialise');
// Get user
$user = JFactory::getUser();
if ($user->authorise('core.admin')) {
//your code here
}
Remember that this is not a correct solution, you should create a component for joomla to extend it. Custom php pages can create security issues.
Hope it helps, Marco
