Need to dev the login/security of this admin console!!! done! :D

√ Spent all weekend (literally 24 hours straight) writing the code for this!
√ Created a browswer/OS detection for user at the server-side.
√ Now storing more metrics about users to be used for future site designs.
√ Wrote new userManage{} PHP class to handle remote login calls and detection.
√ Created new site logo for use with login page.
√ Wrote new login page completely from scratch using XDS.
√ Integrated CAPTCHA system inside the EXTjs form.

  • Use the login system from!Admin!!!! done
  • Login window\\''s clear button should say: reset since it reloads a new captcha. done
  • On user login, update user dateTime field in DB! done
  • Add confirmation to LOGOFF in case of accidental click/tap... done
  • Fix issue with is_member_logged_in() method. Currently returning false when user credentials are correct. done!
  • Integrate security checks into all PHP scripts for user status! Done
  • Need to detect hack/crack attempts on the login.html page. If say, 10 failed logins occur in a sequence within a 10 minute time period from the same IP temporarily block them from visiting the website for a period of 4 hours.
    • This feature will require a separate DB.table to track failed attempts
  • Need to track DOS/flood attempts in the blogAntiFlood table (IP , time)
    • Create webpage to display server busy due to flood attempt.
  • For users with a banned IP, need webpage explaining that the server is refusing to serve data due to their IP violating site policy.
    • default IP ban period will be set to 3 months.
  • Make sure users are logging back in from the same IP, otherwise delete old session and force new session with login. (applies to special cases)
  • Consider forcing a logout after 7 days... set
  • Login.html -> reset button should also recenter the dialog box. done
  • console should force user to logout when session ends/expired!