I noticed something while correcting the English in en_us.lang.php … there is a line for “lang_user_blocked”, that implies that my SC8 project has the ability to lock out a hacker for %s minutes after ? many bad login attempts. Where can I set the number of bad login attempts minutes and the number of minutes to lock out the hacker? If I can adjust these settings, then there is no reason to use CAPTCHA (which kind of punishes everyone trying to keep out the bad actors).
It is in the security module; choose “Logged Users” when setting up your security module; set these values on the “Configuration / Logged Users” screen. As far as I know - you can’t change these outside of the security module configuration. The other choice, I guess, is to write your own.
um…
I went into Settings (under Options).
There is a Security section which has Users. But I don’t see where you can change no of incorrect logins allowed.
On the first screen check the box to include “logged users” … if you don’t check this box you will not see the “Configuration/Logged Users” screen.
It is under Modules > Security …not Options > Settings
It is more involved than that if you go all the way.
The ScriptCase supplied module can be modified to track unsuccessful login attempt count and last time BUT that is only effective if a valid username is specified.
The fulsome solution is also to log the IP of the login attempt and similarly count the number of unsuccessful attempts and the datetime of the last unsuccessful attempt. This allows a timed block of that IP even if a nonexistent username is specified
Hi Sean. How do I log the IP address of the incoming connection? I need to know how to capture the IP. Is it something like this:
$ipaddress = $_SERVER[‘REMOTE_ADDR’];
If so, which even should I put it in, in the Login app?
Then I can make $ipaddress global, so I can us it in other places?
Next, how do I properly log this?
you don’t need to make $ipaddress global. $_SERVER[] it’s a PHP superglobal, and you can use it everywhere in your app.
Hey Giu - can you give an example of reading IP var
I’m interested in the same feature, but cannot seem to get _$SERVER[] to work but this code works fine:
{Server}= $_SERVER['REMOTE_ADDR'];