Skip to content

USERS Module

Jurek Muszyński edited this page Dec 20, 2021 · 76 revisions

Requirements

npp_app.h

USERS module requires both HTTPS and MYSQL. To enable them, add these to npp_app.h:

#define NPP_HTTPS
#define NPP_MYSQL
#define NPP_USERS

Compilation script

SSL version scripts are called m_ssl (Linux) and m_ssl.bat (Windows). They also need a MySQL library.

Linux

g++ npp_app.cpp \
../lib/npp_eng_app.c ../lib/npp_lib.c ../lib/npp_mysql.cpp ../lib/npp_usr.c \
-D NPP_APP \
-I. -I../lib \
-I/usr/include/mysql \
-L/usr/lib64/mysql \
-lrt -lz -lcrypto -lssl -lmysqlclient \
-s -O3 \
-o ../bin/npp_app

Windows

For Windows it'll look similar, however I'd recommend to take a look at Windows setup as there are less standard ways to place SSL and MySQL libs.

Database

To create tables use lib/users.sql:

mysql -u user --password=password database < users.sql

Configuration

Add database connection details to bin/npp.conf:

dbName=database
dbUser=user
dbPassword=password

And optionally host and port addresses if your database is on a different host.

Logged in user sessions in Node++

You may want to learn about sessions in Node++ first.

By default, users are authenticated by login. login form field can contain login or email and npp_usr_login() will try both. Alternatively, you can use NPP_USERS_BY_EMAIL switch to use exclusively email.

Successful npp_usr_login() call does the following:

  • Sets the G_sessions[si] record values (accessible via SESSION macro),
  • Adds record to users_logins table,
  • Adds ls cookie to the response,
  • Updates users.visits and users.last_login.

Keep Me Logged In

Adding keep=on to the login request will set ls cookie expiration time to now + NPP_USER_KEEP_LOGGED_DAYS days. Therefore – until you call npp_usr_logout() – every subsequent request with valid ls cookie and the same User Agent as in the initial request, will automatically mark session as logged in.

Otherwise

Without keep=on cookie does not have expiration time, so by default it will expire by the end of the current browser session.

Caching

Logged in sessions are cached for NPP_AUTH_SESSION_TIMEOUT seconds after last activity.

Unsuccessful logins

Unsuccessful login count and time is stored in users.ula_cnt and users.ula_time. Then there are 4 tresholds affecting the next attempts:

Macro Description Default
MAX_ULA_BEFORE_FIRST_SLOW Maximum unsuccessful login attempts before first slowing down (1 attempt per minute will be allowed) 10
MAX_ULA_BEFORE_SECOND_SLOW Maximum unsuccessful login attempts before second slowing down (1 attempt per hour will be allowed) 25
MAX_ULA_BEFORE_THIRD_SLOW Maximum unsuccessful login attempts before third slowing down (1 attempt per 23 hours will be allowed) 100
MAX_ULA_BEFORE_LOCK Maximum unsuccessful login attempts before locking user out 1000

Clone this wiki locally