Security settings

network restrictions to control flooding and brute force attacks
    hasRight($userId, 'superuser') || $userObject->hasRight($userId, 'edit whitelist')) { ?>
  • IP whitelist
    • hasRight($userId, 'superuser') || $userObject->hasRight($userId, 'edit blacklist')) { ?>
  • IP blacklist
    • hasRight($userId, 'superuser') || $userObject->hasRight($userId, 'edit ratelimiting')) { ?>
  • Rate limiting
hasRight($userId, 'superuser') || $userObject->hasRight($userId, 'edit whitelist'))) { ?>

IP whitelist

IP addresses and networks that will always bypass the ratelimiting login checks.
IP address Network Description Added by Added on Actions
hasRight($userId, 'superuser') || $userObject->hasRight($userId, 'edit blacklist'))) { ?>

IP blacklist

IP addresses and networks that will always get blocked at login.
IP address Network Reason Added by Added on Expires Actions
hasRight($userId, 'superuser') || $userObject->hasRight($userId, 'edit ratelimiting'))) { ?>

Rate limiting settings

Rate limiting settings control how many failed login attempts are allowed before blocking an IP address.

Current settings

  • Maximum login attempts: maxAttempts ?>
  • Time window: decayMinutes ?> minutes
  • Auto-blacklist threshold: autoBlacklistThreshold ?> attempts
  • Auto-blacklist duration: autoBlacklistDuration ?> hours

Note: These settings can be modified in the RateLimiter class configuration.

Recent failed login attempts

db->prepare(" SELECT ip_address, username, attempted_at FROM {$rateLimiter->authRatelimitTable} ORDER BY attempted_at DESC LIMIT 10 "); $stmt->execute(); $attempts = $stmt->fetchAll(PDO::FETCH_ASSOC); foreach ($attempts as $attempt) { ?>
IP sddress Username Attempted at