[Sommaire] [Imprimer]

   1  *Title: Disabling accounts after a few failed login attempts
   2  
   3  *Description:
   4  The system should automatically disable user accounts after a 
   5  fixed(configurable) number of failed login attempts.
   6  
   7  *Documentation:
   8  
   9  New INI settings in site.ini have been added:
  10  
  11  -[UserSettings].MaxNumberOfFailedLogin=0 (0 by default)
  12  Max number of failed login attempts. 
  13  If the max number is '0' the possibility will be disabled.
  14  
  15  -[UserSettings].TrustedIPList[]
  16  An array with IP addresses or networks which will be always 
  17  allowed to login after a few failed login attempts.
  18  
  19  -[UserSettings].ShowMessageIfExceeded=false
  20  If true and failed login attempts of current user exceed MaxNumberOfFailedLogin
  21  the user will get a message about this.
  22  
  23  If MaxNumberOfFailedLogin > 0 and user's number of failed login attempts exceed MaxNumberOfFailedLogin
  24  the user will not be allowed to login (the user account will be locked).
  25  
  26  If you want to unlock the user you should go to [admin_siteaccess]/user/setting/[userID] and push the 'reset' button. 
  27  
  28  If you want that an user account has always possibility to login after a few failed login attempts
  29  without locking (especially if you are admin)
  30  you should add IP address or network of this user to site.ini[UserSettings].TrustedIPList[]
  31  
  32  for example:
  33  
  34  [UserSettings]
  35  TrustedIPList[]
  36  TrustedIPList[]=192.168.0.1
  37  TrustedIPList[]=192.0.0.0/27