DEPRECATION WARNING
This documentation is not using the current rendering mechanism and is probably outdated. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.
EXT: Secure Backend Login¶
Author: | Kasper Skårhøj |
---|---|
Created: | 2002-11-01T00:32:00 |
Changed: | 2013-09-09T09:07:22.170000000 |
Author: | Thomas Paul |
Email: | thomas@vianova.cc |
Info 3: | |
Info 4: |
EXT: Secure Backend Login¶
Extension Key: aba_bruteforceblocker
Copyright 2000-2002, Thomas Paul, <thomas@vianova.cc>
Copyright 2013, Robert Puntigam <robert.puntigam@abaton.at>
This document is published under the Open Content License
available from http://www.opencontent.org/opl.shtml
The content of this document is related to TYPO3
- a GNU/GPL CMS/Framework available from www.typo3.com
Table of Contents¶
EXT: Secure Backend Login 1
Introduction 1
What does it do?1
Administration 1
Configuration 1
Redirect to Frontend or somewhere else after login2
Known problems 2
Changelog 3
Introduction¶
What does it do?¶
This extension extends the original backend login form and adds a lot of new features, also security features, like
- forgotten password link (after failed login, always, only for a specified ip-address, ...)
- ip blacklist (datarecords, autoblacklist after a number of failed logins)
- disable user after a number of failed logins
- enable mail notifications for admin
- go to frontend, page id or link after login (for user or usergroup)
Administration¶
Install from Extension Repository …
Configuration¶
After installing the extension change to the Extension Manager and click the extension name in Loaded Extensions
Now read the configuration descriptions and set the parameters you need
ForgotPasswordLink¶
Property
ForgotPasswordLink
Data type
boolean
Description
Enables the "forgot your password" link
Default
0
ForgotPasswordLinkAlways¶
Property
ForgotPasswordLinkAlways
Data type
boolean
Description
shows the "forgot your password" link always, not only after a failed login
Default
0
NoResetPasswordForAdmins¶
Property
NoResetPasswordForAdmins
Data type
boolean
Description
Disables the possibility for admins to reset their password
Default
1
SendAdminResetNotification¶
Property
SendAdminResetNotification
Data type
boolean
Description
send notification to the admin on every password reset
Default
1
SendAdminFailedLoginAttempt¶
Property
SendAdminFailedLoginAttempt
Data type
boolean
Description
send every failed login attempt to the admin
Default
0
SendAdminIPBlacklist¶
Property
SendAdminIPBlacklist
Data type
boolean
Description
send notification to admin if ip gets blacklisted
Default
1
SendAdminDisableUser¶
Property
SendAdminDisableUser
Data type
boolean
Description
send notification to admin if user gets disabled
Default
1
adminUID¶
Property
adminUID
Data type
int
Description
UID from the admin account who gets the notifications
Default
1
passwordLenght¶
Property
passwordLenght
Data type
int
Description
the lenghts of the generated password
Default
16
ViewAfterReset¶
Property
ViewAfterReset
Data type
options
Description
defines the page which is shown after the password reset
Default
login
ForgotPasswordLinkForIP¶
Property
ForgotPasswordLinkForIP
Data type
string
Description
show "forgot your password" link for ip address (for webhoster/webdeveloper/webmaster)
Default
127.0.0.1
EnableBlacklist¶
Property
EnableBlacklist
Data type
boolean
Description
enables a ip-blacklist to deactivate the login process
Default
1
AutoBlacklist¶
Property
AutoBlacklist
Data type
boolean
Description
enables the automatic blacklisting after "AutoBlacklistAfter" failed login attemps within the "BlacklistTime"
Default
1
AutoBlacklistAfter¶
Property
AutoBlacklistAfter
Data type
int
Description
the number of failed login attempts an ip address gets auto blacklisted
Default
3
PIDBlacklist¶
Property
PIDBlacklist
Data type
int
Description
PID for the blacklist records
Default
0
DisableUser¶
Property
DisableUser
Data type
boolean
Description
disables the user after "DisableUserAfter" failed login attemps within the "BlacklistTime"
Default
0
DisableUserAfter¶
Property
DisableUserAfter
Data type
int
Description
the number of failed login attempts a user gets disabled
Default
3
BlacklistTime¶
Property
BlacklistTime
Data type
int
Description
set the time of failed login attempts are on blacklist
Default
3600
AllowIPmaskList¶
Property
AllowIPmaskList
Data type
boolean
Description
take into account IPs from "IPmaskList" and "devIPmask" from install tool
Default
1
WhiteListIPs¶
Property
WhiteListIPs
Data type
string
Description
take into account IPs from this list ( comma seperated )
Default
Redirect to Frontend or somewhere else after login¶
If you want to redirect a user
- Change to the “User Admin” module in the Admin tools
- Click on the pencil to edit the user
- Change to the tap “extended” and set “go to frontend after login” or “go to ... after login”
If you want to redirect a usergroup
- Change to the list module
- Click on the top page with the id 0
- Search for the Backend usergroup you want to redirect and click on the pencil to edit
Change to the tap “extended” and set “go to frontend after login” or “go to ... after login”
Known problems¶
None at this time
Changelog¶
0.0.1 – initial release by Thomas Paul
0.0.2 – some security fixes by Thomas Paul
0.0.3 – manual added by Thomas Paul
0.0.4 – go to frontend, page id or link after login (for user or usergroup) by Thomas Paul1.0.0 – completely rewritten for TYPO3 4.5.x by Robert Puntigam
EXT: Secure Backend Login - 3