*Title: Disabling accounts after a few failed login attempts *Description: The system should automatically disable user accounts after a fixed(configurable) number of failed login attempts. *Documentation: New INI settings in site.ini have been added: -[UserSettings].MaxNumberOfFailedLogin=0 (0 by default) Max number of failed login attempts. If the max number is '0' the possibility will be disabled. -[UserSettings].TrustedIPList[] An array with IP addresses or networks which will be always allowed to login after a few failed login attempts. -[UserSettings].ShowMessageIfExceeded=false If true and failed login attempts of current user exceed MaxNumberOfFailedLogin the user will get a message about this. If MaxNumberOfFailedLogin > 0 and user's number of failed login attempts exceed MaxNumberOfFailedLogin the user will not be allowed to login (the user account will be locked). If you want to unlock the user you should go to [admin_siteaccess]/user/setting/[userID] and push the 'reset' button. If you want that an user account has always possibility to login after a few failed login attempts without locking (especially if you are admin) you should add IP address or network of this user to site.ini[UserSettings].TrustedIPList[] for example: [UserSettings] TrustedIPList[] TrustedIPList[]=192.168.0.1 TrustedIPList[]=192.0.0.0/27