aboutsummaryrefslogtreecommitdiff
path: root/h-source/Config/Restricted.php
blob: d8baffa4fe35920e9c8b6ab54b56323d222602f9 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<?php 

// EasyGiant is a PHP framework for creating and managing dynamic content
//
// Copyright (C) 2009 - 2011  Antonio Gallo
// See COPYRIGHT.txt and LICENSE.txt.
//
// This file is part of EasyGiant
//
// EasyGiant is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// EasyGiant is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with EasyGiant.  If not, see <http://www.gnu.org/licenses/>.

if (!defined('EG')) die('Direct access not allowed!');



//RESRICTED ACCESS PARAMETERS

//define the hash algoritm to be used in order to protect your password
//only md5 and sha1 are supported
define('PASSWORD_HASH','sha1');



//ADMINISTRATOR USERS LOGIN DIRECTIVES:

//time that has to pass after a login failure before the user is allowed to try to login another time (in seconds)
define('ADMIN_TIME_AFTER_FAILURE','5');

//redirect to panel when successfully logged in:
define('ADMIN_PANEL_CONTROLLER', 'panel');
define('ADMIN_PANEL_MAIN_ACTION', 'main');

//redirect to login form if access not allowed:
define('ADMIN_USERS_CONTROLLER', 'adminusers');
define('ADMIN_USERS_LOGIN_ACTION', 'login');

//admin cookie:
define('ADMIN_COOKIE_NAME','uid');
define('ADMIN_SESSION_EXPIRE', '3600');
define('ADMIN_COOKIE_PATH', '/');
define('ADMIN_COOKIE_DOMAIN', '');
define('ADMIN_COOKIE_SECURE', false);

//tables:
define('ADMIN_USERS_TABLE','adminusers');
define('ADMIN_GROUPS_TABLE','admingroups');
define('ADMIN_SESSIONS_TABLE','adminsessions');
define('ADMIN_MANYTOMANY_TABLE','adminusers_groups');
define('ADMIN_ACCESSES_TABLE','accesses');

//hijacking checks
define('ADMIN_HIJACKING_CHECK',true); //can be true or false
//session hijacking
//set ADMIN_ON_HIJACKING_EVENT equal to 'forceout' if you want to cause the logout of the user if there is the suspect of a session hijacking
//set ADMIN_ON_HIJACKING_EVENT equal to 'redirect' if you want to redirect the user to the ADMIN_HIJACKING_ACTION (see later) if there is the suspect of a session hijacking
define('ADMIN_ON_HIJACKING_EVENT','forceout');  //it can be 'forceout' or 'redirect'
//only if ADMIN_ON_HIJACKING_EVENT = 'redirect'
//redirect the user to ADMIN_USERS_CONTROLLER/ADMIN_HIJACKING_ACTION if there is the suspect of a session hijacking
define('ADMIN_HIJACKING_ACTION','retype');




//REGISTERED USERS LOGIN DIRECTIVES:

//time that has to pass after a login failure before the user is allowed to try to login another time (in seconds)
define('REG_TIME_AFTER_FAILURE','5');

//redirect to home when successfully logged in:
define('REG_PANEL_CONTROLLER', 'home');
define('REG_PANEL_MAIN_ACTION', 'index');

//redirect to login form if access not allowed:
define('REG_USERS_CONTROLLER', 'users');
define('REG_USERS_LOGIN_ACTION', 'login');

//registered cookie:
//NB: REG_COOKIE_NAME must be different from ADMIN_COOKIE_NAME!!!
define('REG_COOKIE_NAME','uidr');
define('REG_SESSION_EXPIRE', '3600');
define('REG_COOKIE_PATH', '/');
define('REG_COOKIE_DOMAIN', '');
define('REG_COOKIE_SECURE', false);

//tables:
define('REG_USERS_TABLE','regusers');
define('REG_GROUPS_TABLE','reggroups');
define('REG_SESSIONS_TABLE','regsessions');
define('REG_MANYTOMANY_TABLE','regusers_groups');
define('REG_ACCESSES_TABLE','regaccesses');

//hijacking checks
define('REG_HIJACKING_CHECK',true); //can be true or false
//session hijacking
//set ADMIN_ON_HIJACKING_EVENT equal to 'forceout' if you want to cause the logout of the user if there is the suspect of a session hijacking
//set ADMIN_ON_HIJACKING_EVENT equal to 'redirect' if you want to redirect the user to the ADMIN_HIJACKING_ACTION (see later) if there is the suspect of a session hijacking
define('REG_ON_HIJACKING_EVENT','forceout');  //it can be 'forceout' or 'redirect'
//only if ADMIN_ON_HIJACKING_EVENT = 'redirect'
//redirect the user to ADMIN_USERS_CONTROLLER/ADMIN_HIJACKING_ACTION if there is the suspect of a session hijacking
define('REG_HIJACKING_ACTION','retype');