Enano CMS (1.1.x): comparison plugins/SpecialAdmin.php

equal deleted inserted replaced

-:4c19952406db
+:36b287f1d85c
 {
 $strength = strval($strength);
 setConfig('pw_strength_minimum', $strength);
 }
+// Account lockout policy
+if ( preg_match('/^[0-9]+$/', $_POST['lockout_threshold']) )
+setConfig('lockout_threshold', $_POST['lockout_threshold']);
+if ( preg_match('/^[0-9]+$/', $_POST['lockout_duration']) )
+setConfig('lockout_duration', $_POST['lockout_duration']);
+if ( in_array($_POST['lockout_policy'], array('disable', 'captcha', 'lockout')) )
+setConfig('lockout_policy', $_POST['lockout_policy']);
 echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
 }
 else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
 {
 echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
 echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
 ?>
 </td>
 </tr>
+<!-- Account lockout -->
+<tr><th colspan="2">Account lockouts</th></tr>
+<tr><td class="row3" colspan="2">Configure Enano to prevent or restrict logins for a specified period of time if a user enters an incorrect password a specific number of times.</td></tr>
+<tr>
+<td class="row2">Lockout threshold:<br />
+<small>How many times can a user enter wrong credentials before a lockout goes into effect?</small>
+</td>
+<td class="row2">
+<input type="text" name="lockout_threshold" value="<?php echo ( $_ = getConfig('lockout_threshold') ) ? $_ : '5' ?>" />
+</td>
+</tr>
+<tr>
+<td class="row1">Lockout duration:<br />
+<small>This is how long an account lockout should last, in minutes.</small>
+</td>
+<td class="row1">
+<input type="text" name="lockout_duration" value="<?php echo ( $_ = getConfig('lockout_duration') ) ? $_ : '15' ?>" />
+</td>
+</tr>
+<tr>
+<td class="row2">Lockout policy:<br />
+<small>What should be done when a lockout goes into effect?</small>
+</td>
+<td class="row2">
+<label><input type="radio" name="lockout_policy" value="disable" <?php if ( getConfig('lockout_policy') == 'disable' ) echo 'checked="checked"'; ?> /> Don't do anything</label><br />
+<label><input type="radio" name="lockout_policy" value="captcha" <?php if ( getConfig('lockout_policy') == 'captcha' ) echo 'checked="checked"'; ?> /> Require visual confirmation</label><br />
+<label><input type="radio" name="lockout_policy" value="lockout" <?php if ( getConfig('lockout_policy') == 'lockout' || !getConfig('lockout_policy') ) echo 'checked="checked"'; ?> /> Prevent all login attempts</label>
+</td>
+</tr>
+<!-- Password strength -->
 <tr><th colspan="2">Password strength</th></tr>
 <tr>
 <td class="row2">
 eval($fname.'();');
 }
 }
 else
 {
-echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>';
+echo '<script type="text/javascript">document.write(\'<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>\');</script><noscript><div class="error-box">It looks like Javascript isn\'t enabled in your browser. Please enable Javascript or use a different browser to continue.</div></noscript>';
 }
 ?>
 </div>
 <script type="text/javascript">
 if ( KILL_SWITCH )

changeset 179	36b287f1d85c
parent 166	d53cc29308f4
child 187	9dbbec5e6096