$actionOnHack =
[line 176]
currently emails the admin (webmaster) on the 3rd hack attempt.
ideas are: blockIP blockCnet blockUsername alertWebmaster ...
Tags:
$bsSession =
[line 74]
reference to global session object.
$checkCaseSensitive = 0
[line 209]
how should username and password be compared? case sensitive or not?
- = yes (all case sensitive) = BS_CUG_CASE_SENSITIVE_YES
- = only username = BS_CUG_CASE_SENSITIVE_ONLY_USERNAME
- = only password = BS_CUG_CASE_SENSITIVE_ONLY_PASSWORD
- = no (all case insensitive) = BS_CUG_CASE_SENSITIVE_NO
Tags:
$checkForHack = TRUE
[line 160]
if we should check for hack attempts or not.
logins like root/root, guest/guest, letmein etc are considered hacks. the 3rd such login attempt will result in some action.
Tags:
$errorMsg =
[line 249]
the error msg of the last error that occured.
$form =
[line 60]
an instance of bs_form.
$formAction =
[line 116]
the <form action=""> part. will be set to the form if set here.
i currently recommend doing it.
Tags:
$formTarget = '_top'
[line 125]
the target the login form submits to.
default is '_top'. i think that's a good thing for most forms. if you want no target, unset() this var. empty is not enough.
Tags:
$language = 'en'
[line 132]
the language used
Tags:
$logAttempts = 1
[line 196]
should we log login attempts?
!!! important !!!: due to the current setup, to be able to determine the number of failed logins in a row or hack attempts, we need to log *all* login attempts, also the good ones. otherwise that "in a row" thing won't work. it could be done differently by saving a counter in the user table, but it's not. recode it if you feel like doing it, i don't.
- = no
- = yes, all (=default)
- = failed only
- = successful only
Tags:
$maxNumAttempts = 0
[line 141]
how many login attempts does the user have?
- means 'no limit'.
Tags:
$recoverPasswordByUsernameForm =
[line 68]
the form object to use when displaying the "recover password by username" form.
Tags:
$redirectPage = 'frameset.php'
[line 107]
!!!deprecated!!! the page (maybe with directory) to which the user will be redirected once the login was successful.
Tags:
$unixLikeDoubleTimeout = TRUE
[line 149]
whether to use the unix-like double timeout after each wrong login attempt in a row. by default this is on.
Tags:
$userFieldNames = array(
'user' => 'user',
'pass' => 'pass',
'isActive' => 'isActive',
'startDatetime' => 'startDatetime',
'endDatetime' => 'endDatetime',
'email' => 'email'
)
[line 235]
the captions of the keys.
these are the defaults and recommended, you may need to change them based on your data structure (array or db or file implementation or whatever).
var $userFieldNames = array( 'user' => 'user', 'pass' => 'pass', 'isActive' => 'isActive', 'startDatetime' => 'startDatetime', 'endDatetime' => 'endDatetime', 'email' => 'email' );
user and pass are for authentication, isActive startDatetime and endDatetime for the lifecycle, email is to automatically send the password to the user. if something is not there, that feature cannot be used (lifecycle/email).
note: take care that you don't choose reserved names, eg 'password' for mysql.
Tags:
$_APP =
[line 53]
reference to the global settings hash.
$_postVars =
[line 85]
reference to the HTTP_POST_VARS array.
gets set in the constructor.
we could just use $_POST, but this way we have the option to use something different. may be needed.