-
Notifications
You must be signed in to change notification settings - Fork 4
USERS Module
USERS module requires both HTTPS and MYSQL. To enable them, add these to npp_app.h:
#define NPP_HTTPS
#define NPP_MYSQL
#define NPP_USERSSSL version scripts are called m_ssl (Linux) and m_ssl.bat (Windows). They also need a MySQL library.
g++ npp_app.cpp \
../lib/npp_eng_app.c ../lib/npp_lib.c ../lib/npp_mysql.cpp ../lib/npp_usr.c \
-D NPP_APP \
-I. -I../lib \
-I/usr/include/mysql \
-L/usr/lib64/mysql \
-lrt -lz -lcrypto -lssl -lmysqlclient \
-s -O3 \
-o ../bin/npp_appFor Windows it'll look similar, however I'd recommend to take a look at Windows setup as there are less standard ways to place SSL and MySQL libs.
To create tables use lib/users.sql:
mysql -u user --password=password database < users.sqlAdd database connection details to bin/npp.conf:
dbName=database
dbUser=user
dbPassword=password
And optionally host and port addresses if your database is on different host.
You may want to learn about sessions in Node++ first.
By default, users are authenticated by login. login form field can contain login or email and npp_usr_login() will try both. Alternatively, you can use NPP_USERS_BY_EMAIL switch to use exclusively email.
Successful npp_usr_login() call does the following:
- Sets the G_sessions[si] record values (accessible via SESSION macro),
- Adds record to users_logins table,
- Adds ls cookie to the response,
- Updates
users.visitsandusers.last_login.
Adding keep=on to the login request will set ls cookie expiration time to now + NPP_USER_KEEP_LOGGED_DAYS days. Therefore – until you call npp_usr_logout() – every subsequent request with valid ls cookie and the same User Agent as in the initial request, will automatically mark session as logged in.
Without keep=on cookie does not have expiration time, so by default it will expire by the end of the current browser session.
Logged in sessions are cached for NPP_AUTH_SESSION_TIMEOUT seconds after last activity.
Unsuccessful login count and time is stored in users.ula_cnt and users.ula_time. Then there are 4 tresholds affecting the next attempts:
| Macro | Description | Default |
|---|---|---|
| MAX_ULA_BEFORE_FIRST_SLOW | Maximum unsuccessful login attempts before first slowing down (1 attempt per minute will be allowed) | 10 |
| MAX_ULA_BEFORE_SECOND_SLOW | Maximum unsuccessful login attempts before second slowing down (1 attempt per hour will be allowed) | 25 |
| MAX_ULA_BEFORE_THIRD_SLOW | Maximum unsuccessful login attempts before third slowing down (1 attempt per 23 hours will be allowed) | 100 |
| MAX_ULA_BEFORE_LOCK | Maximum unsuccessful login attempts before locking user out | 1000 |