In the security settings you control the rights and settings for the registration and use of the eCard page.
To access the security settings, select Administration > Settings in the menu and click on the Users & Security tab in the opening window.
Configuration of the allowed email addresses
When new users are registered, the user’s email address gets checked. Only email addresses whose domains are explicitly permitted are accepted. The list of authorized domains is stored in the following file: /application/config/domains.php
The allowed domains must be entered in the comma-separated array here.
Use the checkbox to specify if you want to allow self-registration of users. If this option is active, users can set up their own access to the Power eCard system.
There are three possibilities for the release of new registered users:
- None – Direct account creation without approval:
All users with a corresponding mail address can log in directly to the system after registration.
This activation method is the most unsafe option and should only be used for internal use with an IP block.
- E-Mail – Release by Double-Opt-In:
The user must confirm his email address via double opt-in by confirming an activation in an email, then the account will be activated.
Flexible method to allow new users direct access to the system.
- Admin – Release by administrators:
The user must be activated by the administrator after registration and can only log in to the system after approval.
With this activation method, you have full control over all user accesses, but must unlock them all manually, which means an increased administrative effort.
The login type defines how the user can log in. The options E-mail only, Username only or E-mail or Username are available here.
User display in Power eCard
Here you specify whether the users are displayed and identified in the system using your e-mail address or the user name.
You can use the Display name option to specify whether the user can change his or her visible user name after registration and within what period of time this change should be possible.
Here you can also activate the option Remember me and also set a time period (1 week to 30 days) for it.
Under Password settings you can define the requirements for the passwords of the users.
The password strength defines the minimum length of the password. You can use the password options to specify that the password should contain numbers, special characters, upper and lower case letters, and so on.
Password stretching allows you to additionally secure passwords against attacks and data theft. Larger values increase the security and the time it takes to hash a password. For more information visit the phpass page.
The default value is 8. If you have any doubts, leave this value as it is.
Reset now forces all users to reset their passwords the next time they log on. It also immediately logs you out without saving any settings.
Confirm the settings with Save.