All available configuration options are listed below with their default values.
If this option is set to true, module will show flash messages using
integrated widget. Otherwise you will need to handle it using your own widget,
like provided in yii advanced template.
The keys for those messages are success, info, danger, warning.
If this option is set to false, users will not be able to register an account.
Registration page will throw HttpNotFoundException. However confirmation will
continue working and you as an administrator will be able to create an account
for user from admin interface.
If this option is set to true, password field on registration page will be
hidden and password for user will be generated automatically. Generated password
will be 8 characters long and will be sent to user via email.
If this option is set to true, module sends email that contains a confirmation
link that user must click to complete registration.
If this option is to true, users will be able to log in even though they
didn't confirm his account.
If this option is to true, users will be able to recovery their forgotten
passwords.
If this option is to true, users will be able to completely delete their accounts.
When user tries change his password, there are three ways how this change will happen:
STRATEGY_DEFAULTThis is default strategy. Confirmation message will be sent to new user's email and user must click confirmation link.STRATEGY_INSECUREEmail will be changed without any confirmation.STRATEGY_SECUREConfirmation messages will be sent to both new and old user's email addresses and user must click both confirmation links.
The time in seconds before a confirmation token becomes invalid. After expiring this time user have to request new confirmation token on special page.
The time in seconds you want the user will be remembered without asking for credentials.
The time in seconds before a recovery token becomes invalid. After expiring this time user have to request new recovery message.
Yii2-user has special admin pages where you can manager registered users or
create new user accounts. You can specify the username of users that will be
able to access those pages. The most permissive of admins and adminPermission
will determine access.
Yii2-user has special admin pages where you can manager registered users or
create new user accounts. You can specify the existing RBAC permission that will
allow a user to be able to access those pages. The most permissive of admins
and adminPermission will determine access.
Cost parameter used by the Blowfish hash algorithm. The higher the value of cost,
the longer it takes to generate the hash and to verify a password against it.
Higher cost therefore slows down a brute-force attack. For best protection
against brute for attacks, set it to the highest value that is tolerable on
production servers. The time taken to compute the hash doubles for every
increment by one of cost.
The prefix for user module URL. By changing this value you will be able to chage
url prefix used by module. For example if you set it to auth, then all urls
will loke like auth/login, auth/admin, auth/register, etc.
The rules to be used in URL management.
The configuration should be applied in your main configuration file:
...
'modules' => [
...
'user' => [
'class' => 'dektrium\user\Module',
'enableUnconfirmedLogin' => true,
'confirmWithin' => 21600,
'cost' => 12,
'admins' => ['admin']
],
...
],
...