Site name: This is the descriptive name of the site, which is shown in page headers by default.
Path: Enter the server path of the new site, relative to the web server document folder. If this path includes a full url, including a protocol, anyone navigating to this site will be redirected to this url. Note that it is more efficient to have this kind of redirection done either via the .htaccess file or by changing your DNS records appropriately.
If blank, the template site files are copied to the EWE root folder and suffixed with a number to distinguish it from other sites. For example: index2.php. This allows multiple sites to be served from the same folder.
If a path is specified, it is assumed to be unique for this site and the template files are copied to that path (index.php, login.php, etc). This is the recommended option.
Alias site: If you specify another site here, this site is simply an alias for that site.
Make this the default site: Pressing this button will make this site the default site. The default site is where users are sent if the site cannot be determined.
Refresh site files: Pressing this button will copy the template files to the appropriate location based on the current Path value. If you want to change the path and refresh the files, you must first change the path, press the "Save Changes" button, and then press the "Refresh site files" button.
Delete this site: Pressing this button will delete the site from the server. Note that this will delete all users for the site, including all of their data. You will be asked to confirm this operation.
Force SSL: Checking this box will enforce HTTPS:// for all pages on this site. This should only be set after SSL is set up for the web site.
Allow unsolicited users: Checking this box will allow visitors to the site to create their own accounts. If not checked, the site admin must create accounts.
Allow users besides admin: Checking this box will allow login/logout for users. If not checked, no login link is provided in the default header.
Require login: If this box is checked, only logged-in users can see the pages (other than the login page) on this site.
Allow password recovery: If checked, the user can ask for a password recovery. This requires email to be installed on the server. If unchecked, only site admins can change the user's password.
Two-stage registration: If checked, a newly registered user must confirm his registration cia a link sent via email (this requires email to be installed on the server). If not checked, the user is registered without confirmation.
Allow cookies: If checked, the user can choose to have the site "remember" him by saving a cookie on his computer and logging him in automatically when he accesses the site. For high-security sites, this should be disabled since it can be a security risk for anyone using a public computer (such as those at librarues) to access the site.
Maximum allowed consecutive login failures: This indicates the number of consecutive login failures that are allowed for a user on this site, before action is taken. The failure count is reset once the user successfully logs in.
Login failure limit exceeded behavior: This option defines what happens when the number of consecutive login failures exceeds the maximum allowed above. The options are:
| Option | Description |
|---|---|
| Do nothing | The failure limit is ignored. |
| Disable user account | The user's account will be disabled and the site admin must re-enable it before the user can access it again. |
| Blacklist originating IP | This changes the interpretation of the maximum failure limit. The limit is exceeded only when there are the number of login failures from a specific remote IP address (which may be less than the total consecutive login failures from all IPs). When the limit is exceeded, the IP will be added to the IP blacklist table. |
Minimum password size (between 1 and 1024): This defines the minimum password length, in characters. The longer the password, the more secure it is. 6 is the recommended minimum length. 8 is recommended for most site. 16, or more, is recommended for highly secure sites.
Minimum number of uppercase letters required: Passwords must contain at least this many uppercase letters (A-Z) to be considered valid. It is recommended that this be at least 1.
Minimum number of lowercase letters required: Passwords must contain at least this many lowercase letters (a-z) to be considered valid. It is recommended that this be at least 1.
Minimum number of digits required: Passwords must contain at least this many digits (0-9) to be considered valid It is recommended that this be at least 1.
Minimum number of symbols required: Passwords must contain at least this many special symbols to be considered valid. Special characters are characters that are not letters (A-Z, a-z) or digits (0-9). It is recommended that this be at least 1. Examples of symbols include: !,@,#,$,%,&,*,/
Suggest password for new users: If checked, a suggested password will be shown for new users on the registration page. The suggested password will meet, or exceed, the minimum criteria specified above.
Check password against exposed password list: If checked, the password will be compared with known exposed passwords and the user will be warned about this. Note that the default set of exposed passwords provided in the standard EWE installation contains only the most common exposed passwords - it is not a complete list. The characters will be de-leetified so that passwords that are similar to exposed password will also match and result in a warning.
Do not allow passwords matching exposed passwords: If checked, any passwords matching the known exposed password list are disallowed and the user must choose a new one. If not checked, the user is merely warned if the password matches a known exposed password.
Check password against dictionary of words: If checked, the password will be compare against a dictionary of English words and, if there is a match, the user will be warned about this. The characters will be de-leetified so that passwords that are similar to dictionary words will also match and result in a warning.
Do not allow passwords matching dictionary words: If checked, any password matching any words in the dictionary are disallowed and the user must choose a new one. If not checked, the user is merely warned if the password matches a dictionary word.
This section allows you to modify the additional information that can be gathered and saved for each user. These fields are prompted for during registration and the information can be updated by the user as he desires. Details of each item are listed and they can be individually modified.
Add new item: Pressing this button will allow you to specify a new item which will be added to the end of the list.
Delete: Pressing this button will delete the item.
Move item up: Pressing this button will move this item up in the list, such that this item and the one above it swap positions.
Item: This is the name of the item and what is shown when the user is prompted for it.
Table: This is the name of the EWE table that the value is validated against.
Type: This indicates the type of this data item.
Save changes: Pressing this button will update the site with the specified options. Note that the "Add new item", "Delete", and "Move item up" buttons operate immediately without any other changes being made. Other changes should be saved before pressing one of those buttons.