Password token url removal

General questions relating to Joomla! 1.5 There are other boards for more specific help on Joomla! features and extensions.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
Locked
user11
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Tue Jul 19, 2016 4:58 pm

Password token url removal

Post by user11 » Tue Jul 19, 2016 5:07 pm

Is there any possiblity to disable accessing the following url from frontend?

index.php?option=com_user&view=reset&layout=confirm

I`ve tried with htaccess and sef but to no avail. Also commented the code in component/com_user/controller.php and in admin/component/com_user/controller.php but nothing has changed. Anyone can still access this url from the frontend.

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4026
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Password token url removal

Post by itoctopus » Wed Jul 20, 2016 1:18 pm

Have you tried the following rule in your .htaccess? (must be added after "Rewrite Engine" on):

Code: Select all

RewriteCond %{THE_REQUEST} ^.*(index.php\?option=com_user&view=reset&layout=confirm).* [NC]
RewriteRule ^(.*)$ - [F,L]
I haven't tested it but it should work (please post back here if it doesn't).
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

user11
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Tue Jul 19, 2016 4:58 pm

Re: Password token url removal

Post by user11 » Mon Aug 01, 2016 1:15 pm

It actually works, It prints out 403 forbidden access which is fine with me though I was wondering if there is a possibility to redirect it to SEF component? So instead of getting white screen with 403, it will redirect it to designed 404 SEF page...needless to say, it would make it look more professional.

Even if there is no such option, you have my utmost gratitude.

Cheers.

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4026
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Password token url removal

Post by itoctopus » Mon Aug 01, 2016 3:31 pm

If you want you can add the following to your .htaccess file:

Code: Select all

ErrorDocument 403 my-403.html
The my-403.html file will be under the main directory of your Joomla website, and you can format it the way you want. I suggest you don't have Joomla handle 403 pages because you don't want to run the whole Joomla environment (and potentially cause load issues) for a forbidden error.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter


Locked

Return to “General Questions/New to Joomla! 1.5”