Login & Registration


Let us know by posting here.

The Login & Registration section in Concrete CMS's System and Settings is designed to manage user access, authentication, and account settings. This section is crucial for ensuring a secure and user-friendly login process.

Account Options

Account Options involve settings related to user account management and registration.

Account Management

  • Allow visitors to signup as site members?

    • Off - only admins can create accounts from Dashboard
    • On - anyone can create an account from Login page
    • Validate - anyone can create an account from Login page, once validated by email
  • Notification: Send admin an email when new user registers.
  • Login form
    • Ask for username & password
    • Ask for email & password
  • Registration form
    • Username required
    • Confirm Password required
    • CAPTCHA required
  • Edit Profile form: Username required

Login Destination

This feature sets where users are directed after logging in.

  • After login:
    • Redirect to Home
    • Redirect to user's Desktop
    • Redirect to a specific page

Public Profiles

Public Profiles settings manage the visibility and content of user profiles.

  • Profile Options: Enable public profiles.
  • Account Menu: Show the account menu when logged in.
  • Fall Back To Gravatar: Use image from gravatar.com if the user has not uploaded one.

Authentication Types

Authentication Types control the methods through which users can authenticate. Click on an authentication type to edit its configuration. Drag to reorder precedence.

Choose from:

  1. concrete
  2. community
  3. facebook
  4. google
  5. external_concrete

Global Password Reset

Global Password Reset forces all users to reset their passwords.

  • Edit message: This message will be shown to users the next time they log in.
  • Confirmation: Type "RESET" in the above box to proceed

User Deactivation Settings

Manage the conditions under which user accounts are automatically deactivated.

  • Inactive User Error Message: This message will be shown to inactive users when they attempt to login.
  • Automatic User Deactivation:
    • Automatically deactivate users when they have not logged in for awhile. Users will need to be manually reactivated.
    • Automatically deactivate users after failed login attempts.

Automated Logout

Automated Logout deals with automatically logging out users after a period of inactivity.

  • Session Security:
    • Log users out if their IP changes
    • Enable user-specific IP addresses to be ignored
    • Log users out if their browser's user agent changes
    • Automatically log out users who are inactive for x seconds or more.
  • Prevent logout if changed IP addresses are in the following ranges: Separate IP addresses with spaces or new lines.
  • Invalidate Active Sessions:  Type invalidate in the above box to proceed.

Password Requirements

Password Requirements define the complexity and strength required for user passwords.

Password Policies

  • Complexity Settings: Specify requirements for password length, characters, and strength.
  •  Prevent password reuse
  • Password Expiration: Option to require users to change their passwords regularly
  • Password Change Message: These messages will be shown to users the next time they log in.
    • When their password has been reset
    • When their password has expired

Session Options

Session Options manage how user sessions are handled on the site. Changing these values can break your site.

  • Enable secure
  • Enable httponly
  • Enable raw
  • Domain: leave empty to use the current domain
  • Same Site: lax, strict, none