Go to file
Tim Starling 8521667df9 Doc review and general cleanup
* Remove notification attributes such as title-message, unused since the
  initial commit since it used the new (2015) formatter system.
* isKnownSystemSlow() is always called with a third parameter, and it
  doesn't seem to be nullable in callers.
* Yes, most of the things make sense.
* Add reason why CheckUser has no cuc_ip_hex index.
* Use foreach
* Too late to truncate the hash now

Change-Id: I310bc53ba881842845b9358309954f89c355f81c
2023-09-04 15:04:36 +10:00
.phan phan: Remove suppression for PhanParamTooMany 2019-10-04 11:42:42 +02:00
i18n Localisation updates from https://translatewiki.net. 2023-08-28 09:30:22 +02:00
includes Doc review and general cleanup 2023-09-04 15:04:36 +10:00
maintenance Fix deprecations and non-static providers 2023-08-25 15:10:07 +10:00
tests/phpunit Fix deprecations and non-static providers 2023-08-25 15:10:07 +10:00
.eslintrc.json build: Updating eslint-config-wikimedia to 0.19.0 2021-03-14 00:53:19 +00:00
.gitignore build: Updating mkdirp to 0.5.3 2020-03-21 02:54:24 +00:00
.gitreview Whoops, track not trace 2016-10-24 17:02:52 -07:00
.phpcs.xml build: Updating dependencies 2021-01-30 03:54:05 +00:00
CODE_OF_CONDUCT.md build: Updating mediawiki/phan-taint-check-plugin to 1.3.0 2018-08-19 14:12:15 +00:00
composer.json build: Updating dependencies 2023-04-29 06:45:20 +00:00
COPYING Initial version of extension to notify people on failed login attempts. 2016-03-28 04:29:04 -04:00
extension.json Fix deprecations and non-static providers 2023-08-25 15:10:07 +10:00
Gruntfile.js build: Updating dependencies 2021-01-30 03:54:05 +00:00
package-lock.json build: Updating grunt-banana-checker to 0.11.0 2023-06-01 19:26:20 +00:00
package.json build: Updating grunt-banana-checker to 0.11.0 2023-06-01 19:26:20 +00:00
README.md Fix some typos 2017-05-13 13:17:41 +02:00
UserAvatar.svg Update 'UserAvatar' to latest WikimediaUI icon 2018-11-27 10:26:09 -08:00

The LoginNotify extension notifies you when someone logs into your account. It can be configured to give warnings after a certain number of failed login attempts (The number is configurable, and can be different between unknown IPs/devices and known IP/devices). It can also give echo/email notices for successful logins from IPs you don't normally use. It can optionally integrate into the CheckUser extension in order to determine if the login is from an IP address you don't normally use. It can also set a cookie to try and determine if the login is from a device you normally use.

Installation

  • This extension requires the Echo extension to be installed. This extension can optionally integrate with the CheckUser extension if it is installed, but does not require it.
  • Download and place the file(s) in a directory called LoginNotify in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php: wfLoadExtension( 'LoginNotify' );
  • Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Configuration parameters

"@doc": "The number of failed login attempts to permit from a known IP before a notification is triggered.",
"LoginNotifyAttemptsKnownIP": 10
"@doc": "The time-to-live of the count of failed login attempts from a known IP (from the time of the first failed attempt).",
"LoginNotifyExpiryKnownIP": 604800,
"@doc": "The number of failed login attempts to permit from a new IP before a notification is triggered.",
"LoginNotifyAttemptsNewIP": 3,
"@doc": "The time-to-live of the count of failed login attempts from a new IP (from the time of the first failed attempt).",
"LoginNotifyExpiryNewIP": 1209600,
"@doc": "Whether to trigger a notification after failed logins from known IPs.",
"LoginNotifyCheckKnownIPs": true,
"@doc": "Whether to trigger a notification after successful logins from unknown IPs.",
"LoginNotifyEnableOnSuccess": true,
"@doc": "Set different default notification preferences for different user groups. For user groups that have any of the user rights listed in this array, the preferences specified in Hooks:getOverriddenOptions() are on by default.",
"LoginNotifyEnableForPriv": [ "editinterface", "userrights" ],
"@doc": "Override this to use a different secret than $wgSecretKey",
"LoginNotifySecretKey": null,
"@doc": "Expiry in seconds. Default is 180 days",
"LoginNotifyCookieExpire": 15552000,
"@doc": "Override to allow sharing login cookies between sites on different subdomains",
"LoginNotifyCookieDomain": null,
"@doc": "Maximum number of users (records) to track as having successfully logged in on a particular device.",
"LoginNotifyMaxCookieRecords": 6,
"@doc": "Set to false to disable caching IPs in memcache. Set to 0 to cache forever. Default 60 days.",
"LoginNotifyCacheLoginIPExpiry": 5184000