vilda
Dears developers,
Id like to write new plugin (mabye new feature) to make dokuwiki more secure. My goal is to ban user IP address for X minutes when user try to login with wrong username and password more than Y times in Z minutes. And to be able to enable/disable this feature with ability to set X,Y,Z values in administration panel.
Idea is:
- to have a store (formated TXT or CSV file) with user login IP and time, when user login was unsuccessful
- before login get user IP
- check last Y attempts in Z minutes from store and if both parameters are correct do normal login process, else (for X minutes since last wrong login) display standard error message ("Sorry, username or password was wrong") and write user IP and attempt time to store.
- if normal login process passed ok, than go to wiki pages
- if normal login process failed, write IP and time to store and display standard error message.
I have developed some simple plugins for phorum, i know php coding, but dokuwiki plugin structure is less understandable for me. I dont know where and how to start. I have read some info about events (AUTH_LOGIN_CHECK looks good), bud dont know how to use it.
Can someone to help me? (eg. show simple example, snow basic plugin structure for this situation, write some words...)
Thanks
Vilda
PS: Im not native speaker, i hope this is clear.