Authority

This group of settings deal with user authorization and session handling.

[Main]

Settings: Authority-Main

  • Plugin
    The plugin that will be your domain's authority. Zoglair comes with “gerard” as default and only option, so, you might not have a choice.
  • Domain Hash
    A unique id, generated automatically during domain creation. It is used for identifying your domain. You should leave this setting as is.
  • Cookie Name
    A mask used for the cookie name(s) created by your domain. You can change it if you wish and know what you are doing.
  • Cookie Life
    The period (in days) used in specifying cookie expiration. The same period is used when deleting old sessions.
  • Session Timeout
    The timeout (in minutes) of a visit. A session is created the first time one visits your site. From that time, and up to ones next request - or - the session timeout elapses, the visit is considered active and the visitor (guest or user) online. When the timeout elapses, and there is no activity in between, the session expires, the visit becomes inactive and the visitor is considered offline.
  • HTTP Sevel
    This setting and the following ones control an optional and additional user authentication mechanism, called HTTP Authentication. If enabled in your domain, the visitor will be prompted with a login dialog before access to your site is allowed. This is different than the native login dialog of zoglair, and you can use it in 2 scenarios:
    a) have your site completely hidden from all visitors, unless they HTTP authenticate, or
    b) have users of your site, with a certain security level and above, authenticate twice (first with zoglair, then with HTTP)
    If you want scenario (a), leave this setting empty and fill “Http User” and “Http Pass”, below.
    If you want scenario (b), choose a security level from the drop down list. All users, from the specified level and above, will be forced to HTTP authenticate.
  • HTTP User
    In scenario (a), you must enter a username. In scenario (b), if you leave it empty, the user's registered username will be used.
  • HTTP Pass
    In scenario (a), you must enter a password. In scenario (b), if you leave it empty, the user's registered email will be used.
  • HTTP Type
    Choose between basic and digest authentication. Digest authentication is recommended, unless it is not supported by your browser.
  • HTTP Realm
    This is the prompt displayed in the login dialog.
  • Max Login Attempts
    The maximum attempts for a successful login. After this limit is reached, the user is no longer able to login, until the following specified time limit expires.
  • Lock Mins Per Sevel
    The time period (in minutes) where an account is locked after max login attempts have failed. This period is multiplied by the account's security level. So, if you enter 3 here, it will mean 3 minutes for registered users (sevel=1), but 21 minutes for the webmaster (sevel=7)!

The system keeps track of failed logins in a virtual “strike” table, which is incorporated into the Session one.

[Captcha]

Settings: Authority-Captcha

  • Captcha Mode
    Choose the CAPTCHA mode used in various dialogs, such as the registration one. It can be an image, a question or a random alternation of them.
  • Captcha Image Ext
    In case of an image based CAPTCHA is used, choose which extension will generate them. Zoglair comes with “captcha” as default and only option, so, you might not have a choice.
  • Captcha Images
    This is a text box in which you can program the generation of your CAPTCHA images. Each program spans 2 lines: the first one is used as a prompt of the CAPTCHA form field, and the second one is used as an input to the CAPTCHA generation extension choosed above. You can have as many line-pairs as you wish. If there is only one pair, that will be always used. If you have more than one pair, one will be choosed randomly on each CAPTCHA instance.
    In the case of zoglair's default captcha, the second line can be either a static text you want to be displayed as is (not a good idea), or a random text. To make text random use the syntax shown in the screenshot: Start with “auto: ”, then a digit which denotes the number of symbols displayed, a comma, and finally the character set from which symbols will be (randomly) selected.
  • Captcha Questions
    This is a text box in which you can program the generation of your CAPTCHA questions. Each program spans 2 lines: the first one is used as a prompt of the CAPTCHA form field (that will be the question), and the second one is the correct answer(s). You can (and you should) have as many line-pairs as you wish. If there is only one pair, that will be always used. If you have more than one pair, one will be choosed randomly on each CAPTCHA instance.
    The second line can be either a static text you want to be answered as is (not a good idea, unless it is a number), or a regular expression (~pattern) evaluated with preg_match. To denote a pattern, surround your answer with / (slash) or ~ (tilde). For example, in a hypothetical question “Which animal barks?”, you could have as an answer: “~(dog|puppy|wolf|quoll)~i”.

[Blacklist]

This is a text box where you can list IP addresses (one per line) that you want them banned from your site. Each line must have the following format:
    .a.b.c.d. YYYY-MM-DD Notes or
    .a.b.c.*. YYYY-MM-DD Notes
For example:
    .127.0.0.1. 2013-02-01 I ban myself!

The IP is banned while the current date is less than the one defined here. If you want to ban an IP forever, then it is not recommended that you enter a date greater than 2038-01-19.

The system responds to blacklisted requests with the following header:
    HTTP/1.1 450 Blocked

(C) Nick B. Cassos - All Rights Reserved
powered by zoglair
page generated in 43ms (11 queries, 6ms)