Skip to content

USERS Module

Jump to bottom
Jurek Muszyński edited this page Apr 25, 2022 · 76 revisions

Requirements

npp_app.h

USERS module requires both HTTPS and MYSQL. To enable them, add these to npp_app.h:

#define NPP_HTTPS
#define NPP_MYSQL
#define NPP_USERS

Compilation script

You may need to update include and library paths in src/m script, depending on your development environment.

For Windows you may want to have a look at Windows setup as there are less standard ways to place SSL and MySQL libs.

Database

To create tables use lib/users.sql:

mysql -u user --password=password database < users.sql

Configuration

Add database connection details to bin/npp.conf:

dbName=database
dbUser=user
dbPassword=password

And optionally host and port addresses if your database is on a different host.

Logged in user sessions in Node++

You may want to learn about sessions in Node++ first.

By default, users are authenticated by login. login form field can contain login or email and npp_usr_login() will try both. Alternatively, you can use NPP_USERS_BY_EMAIL switch to use exclusively email.

Successful npp_usr_login() call does the following:

  • Sets the G_sessions[si] record values (accessible via SESSION macro),
  • Adds record to users_logins table,
  • Adds ls cookie to the response,
  • Updates users.visits and users.last_login.

Keep Me Logged In

Adding keep=on to the login request will set ls cookie expiration time to now + NPP_USER_KEEP_LOGGED_DAYS days. Therefore – until you call npp_usr_logout() – every subsequent request with valid ls cookie and the same User Agent as in the initial request, will automatically mark session as logged in.

Otherwise

Without keep=on cookie does not have expiration time, so by default it will expire by the end of the current browser session.

Caching

Logged in sessions are cached for NPP_AUTH_SESSION_TIMEOUT seconds after last activity.

Unsuccessful logins

Unsuccessful login count and time is stored in users.ula_cnt and users.ula_time. Then there are 4 tresholds affecting the next attempts:

Macro Description Default
MAX_ULA_BEFORE_FIRST_SLOW Maximum unsuccessful login attempts before first slowing down (1 attempt per minute will be allowed) 10
MAX_ULA_BEFORE_SECOND_SLOW Maximum unsuccessful login attempts before second slowing down (1 attempt per hour will be allowed) 25
MAX_ULA_BEFORE_THIRD_SLOW Maximum unsuccessful login attempts before third slowing down (1 attempt per 23 hours will be allowed) 100
MAX_ULA_BEFORE_LOCK Maximum unsuccessful login attempts before locking user out 1000

Tutorial

Complete step-by-step tutorial is available here:

Putting your web application online – Part 5 – Database and USERS

Clone this wiki locally