Need to dev the login/security of this admin console!!! done! :D
√ Spent all weekend (literally 24 hours straight) writing the code for this!
√ Created a browswer/OS detection for user at the server-side.
√ Now storing more metrics about users to be used for future site designs.
√ Wrote new userManage{} PHP class to handle remote login calls and detection.
√ Created new site logo for use with login page.
√ Wrote new login page completely from scratch using XDS.
√ Integrated CAPTCHA system inside the EXTjs form.
- Use the login system from LoreZyra.com/!Admin!!!! done
- Login window\\''s clear button should say: reset since it reloads a new captcha. done
- On user login, update user dateTime field in DB! done
- Add confirmation to LOGOFF in case of accidental click/tap... done
- Fix issue with is_member_logged_in() method. Currently returning false when user credentials are correct. done!
- Integrate security checks into all PHP scripts for user status! Done
- Need to detect hack/crack attempts on the login.html page. If say, 10 failed logins occur in a sequence within a 10 minute time period from the same IP temporarily block them from visiting the website for a period of 4 hours.
- This feature will require a separate DB.table to track failed attempts
- Need to track DOS/flood attempts in the blogAntiFlood table (IP , time)
- Create webpage to display server busy due to flood attempt.
- For users with a banned IP, need webpage explaining that the server is refusing to serve data due to their IP violating site policy.
- default IP ban period will be set to 3 months.
- Make sure users are logging back in from the same IP, otherwise delete old session and force new session with login. (applies to special cases)
- Consider forcing a logout after 7 days... set
- Login.html -> reset button should also recenter the dialog box. done
- console should force user to logout when session ends/expired!