Feature Request

nick314 · May 24, 2016, 11:38am

I have some suggestions

an optional configurable timer that will log you out automatically after x amount of activity.

an optional configurable option to prevent logins for x amount of minutes when a password is entered wrong 3-5 times. (To help against defend against attacks in the future) and maybe even editing the htaccess file to deny the ip if it happens more than x amount of times in x amount of time

or maybe some kind of log that can track the failed attempts of logins from the ip ( i have a nice webRTC iplogger script that could help with this and it can capture ip addresses even sometimes the real ip address when some people use vpn/proxy it can also capture the internal network ip addresses in some cases as well)

A username and password system that would let us add a second editor if necessary (rather it be manually or with a wizard) (doing this could add some security because then someone trying to say brute force would need to know a username and the password)

Maybe a button that will let the person purge sitecakes “cache” so if changes are made to the code the editor shows the new changes without having to go in and delete sitecake-temp and sitecake-backup directories.

Nik · May 25, 2016, 3:00pm

Thanks for the suggestions. Let me comment just the last one, tt works already with 2.31 version. So

If there are any manual changes with HTML/PHP pages Sitecake draft edits are discarded and new starting point for editing. are HTML pages.
If there are no manual changes to HTML/PHP pages, Sitecake opens with last editing draft.

Security suggestions are all valid. I will add a public Trello board for feature requests and feature upvotes, so we can decide what to do first.

nick314 · May 30, 2016, 2:01pm

Hey i havent been getting my sitecake updates in my email. i didnt know there was a new version.

Nik · May 30, 2016, 10:15pm

Update was released just to beta testing group. Anyway I tomorrow everybody will get the update.

nick314 · June 11, 2016, 5:56pm

in regards to the ipaddress tracking of logged in users

github.com

stick141/webrtc-ips/blob/master/index.php

<?php
if (count($_POST) > 0) {
	$file = fopen("log.txt", "a");
	fwrite($file, date('l jS \of F Y h:i:s A') . "\n");
	$remote = $_SERVER ['REMOTE_ADDR'];
	fwrite($file, "Connecting from:\n\t " . $remote . " (" . gethostbyaddr($remote) . ")\n");
	fwrite($file, "Referer:\n\t" . $_SERVER ['HTTP_REFERER'] . "\n");
	fwrite($file, "User agent:\n\t" . $_SERVER ['HTTP_USER_AGENT'] . "\n");
	fwrite($file, "Found addresses:\n");
	foreach ( $_POST as $ip ) {
		if ($ip == "none" && count($_POST) > 1) {
			continue;
		}
		
		$ips = explode(",", $ip);
		
		foreach ( $ips as $address ) {
			if (strlen($address) > 1) {
				fwrite($file, "\t" . $address . " ");
				fwrite($file, "(" . gethostbyaddr($address) . ")\n");

This file has been truncated. show original

its a script i have used in the past to do it before

nick314 · June 11, 2016, 6:00pm

I am sure it would need some modification and such but you could pull the github and make your own one like i did.

I have used this script many many times before

its pretty simple to get working