Skip to content

1

Security settings

Here you are able to define session and login related settings.

Security settings

Determines whether users are given "Remember Me" option when they visit the board.

Determines whether or not users are able to use the "I forgot my password" link on the login page to recover their account. If you use an external authentication mechanism you may wish to disable this feature.

Number of days after which "Remember Me" login keys are removed or zero to disable.
Days

Determines how much of the users IP is used to validate a session; All compares the complete address, A.B.C the first x.x.x, A.B the first x.x, None disables checking. On IPv6 addresses A.B.C compares the first 4 blocks and A.B the first 3 blocks.

Enables browser validation for each session improving security.

Sessions will only be continued if the sent X_FORWARDED_FOR header equals the one sent with the previous request. Bans will be checked against IPs in X_FORWARDED_FOR too.

If enabled, the referrer of POST requests will be checked against the host/script path settings. This may cause issues with boards using several domains and or external logins.

If enabled, certificates of remote uploads will be validated. This requires the CA bundle to be defined by the openssl.cafile or curl.cainfo setting in your php.ini.

If enabled the user’s IP address is checked against the following DNSBL services on registration and posting: spamcop.net and www.spamhaus.org. This lookup may take a while, depending on the server’s configuration. If slowdowns are experienced or too many false positives reported it is recommended to disable this check.

If enabled, the email domain provided on registration and profile changes is checked for a valid MX record.

Minimum number of characters in passwords. Note that the maximum number is not limited.
Min

Determines how complex a password needs to be when set or altered, subsequent options include the previous ones.

Require user to change their password after a set number of days. Setting this value to 0 disables this behaviour.
Days

The number of login attempts allowed for a single account before the anti-spambot task is triggered. Enter 0 to prevent the anti-spambot task from being triggered for distinct user accounts.

The threshold of login attempts allowed from a single IP address before an anti-spambot task is triggered. Enter 0 to prevent the anti-spambot task from being triggered by IP addresses.

Login attempts expire after this period.
Seconds

Instead of limiting login attempts by IP address they are limited by X_FORWARDED_FOR values.
Warning: Only enable this if you are operating a proxy server that sets X_FORWARDED_FOR to trustworthy values.

If this option is enabled, PHP and INCLUDEPHP statements will be recognised and parsed in templates.

The time a user has to submit a form. Use -1 to disable. Note that a form might become invalid if the session expires, regardless of this setting.
Seconds

If enabled, the form token issued to guests will be session-exclusive. This can cause problems with some ISPs.
Submit changes

 

Powered by phpBB® Forum Software © phpBB Limited
Designed by Leenoz
Theme Layout:
Tabs Layout Sidebar Layout
Theme Color:
Buy Now