Disable setup after installation

matt · November 26, 2015, 5:55am

I have installed the script and I have added the redirect line to the .htaccess file as suggested. However it still doesn’t prevent someone from running the setup again. Any Ideas? My .htaccess file looks like this.

# Remove index.php

Redirect /setup http://mydomainhere.com/

RewriteEngine on
RewriteBase /invoice
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]

But I can still access the link: http://mydomainhere.com/invoice/setup/ and the setup resets the installation like it never happened. Huge security hole in my humble opinion if we can’t figure this out gang. Please and thanks ahead of time for a solution that will fix this.

Kovah · November 26, 2015, 9:33am

You have to add your subdirectory to the rewrite rule too.

Redirect /setup http://mydomainhere.com/

must be

Redirect /invoice/setup http://mydomainhere.com/invoice

matt · November 27, 2015, 12:16am

I didn’t know that! Wow you’ve done an excellent job fixing my problem. Thank you so much for explaining that to me!

a2zcomputing · February 19, 2016, 9:04pm

HI Kovah

I’ve done the above, but set still runs… only thing I see is mine is a subdomain

RewriteEngine On

Redirect /setup http://www.subdomain.domain/

RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Remove the hash in front of the following two lines if you want to force HTTPS

#RewriteCond %{HTTPS} off
#RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]