[1] | 1 | <?php |
---|
| 2 | /* defaults.inc.php |
---|
| 3 | * code by strangecode :: www.strangecode.com :: this document contains copyrighted information. */ |
---|
| 4 | |
---|
| 5 | |
---|
| 6 | /* |
---|
[566] | 7 | * This file contains global configration variables that apply to the underlying |
---|
[1] | 8 | * codebase framework. These values can be overwritten in a site-specific config |
---|
| 9 | * file to customize values for a specific site. |
---|
| 10 | */ |
---|
| 11 | |
---|
| 12 | |
---|
| 13 | // $CFG is the object we store all global codebase configuration variables in. |
---|
| 14 | if (!isset($CFG)) { |
---|
| 15 | $CFG = new stdClass; |
---|
| 16 | } |
---|
| 17 | |
---|
| 18 | |
---|
| 19 | /****************************************************************************** |
---|
| 20 | * DEBUGGERY SETTINGS |
---|
| 21 | *****************************************************************************/ |
---|
| 22 | |
---|
| 23 | // The level of error reporting. Don't set this to 0 to suppress messages, use display_errors to control display. |
---|
[566] | 24 | setDefault($CFG->error_reporting, E_ALL & ~E_NOTICE & ~E_STRICT); |
---|
| 25 | error_reporting($CFG->error_reporting); |
---|
[1] | 26 | |
---|
| 27 | // Location to store log files. |
---|
| 28 | setDefault($CFG->log_directory, realpath(SITE_BASE . '/../log')); |
---|
| 29 | |
---|
| 30 | // Don't display errors, but do log them to a file. |
---|
| 31 | setDefault($CFG->display_errors, false); |
---|
| 32 | |
---|
| 33 | // Database debugging. |
---|
| 34 | setDefault($CFG->db_debug, false); // TRUE = display db errors. |
---|
| 35 | setDefault($CFG->db_die_on_failure, true); // TRUE = script stops on db error. |
---|
| 36 | setDefault($CFG->db_always_debug, false); // TRUE = display all SQL queries. |
---|
| 37 | |
---|
| 38 | // Logging priority can be any of the following, or null to deactivate: |
---|
| 39 | // LOG_EMERG system is unusable |
---|
| 40 | // LOG_ALERT action must be taken immediately |
---|
| 41 | // LOG_CRIT critical conditions |
---|
| 42 | // LOG_ERR error conditions |
---|
| 43 | // LOG_WARNING warning conditions |
---|
| 44 | // LOG_NOTICE normal, but significant, condition |
---|
| 45 | // LOG_INFO informational message |
---|
| 46 | // LOG_DEBUG debug-level message |
---|
| 47 | setDefault($CFG->log_file_priority, LOG_DEBUG); |
---|
| 48 | setDefault($CFG->log_email_priority, LOG_WARNING); |
---|
| 49 | setDefault($CFG->log_sms_priority, false); |
---|
| 50 | setDefault($CFG->log_screen_priority, false); |
---|
| 51 | |
---|
| 52 | // Email address to receive log event emails. |
---|
| 53 | setDefault($CFG->log_to_email, 'log@strangecode.com'); |
---|
| 54 | |
---|
| 55 | // SMS Email address to receive log event SMS messages |
---|
| 56 | setDefault($CFG->log_to_sms, 'sms@strangecode.com'); |
---|
| 57 | |
---|
| 58 | // General error log for the applications. |
---|
| 59 | setDefault($CFG->log_filename, 'app_error_log'); |
---|
| 60 | |
---|
| 61 | /****************************************************************************** |
---|
| 62 | * CODEBASE FEATURES |
---|
| 63 | *****************************************************************************/ |
---|
| 64 | |
---|
| 65 | // Use mysql database? |
---|
| 66 | setDefault($CFG->enable_mysql, true); |
---|
| 67 | |
---|
| 68 | // Use php sessions? |
---|
| 69 | setDefault($CFG->enable_session, true); |
---|
| 70 | |
---|
[633] | 71 | // Pass the session-id through URLs if cookies are not enabled? |
---|
| 72 | // Disable this to prevent session ID theft. |
---|
| 73 | setDefault($CFG->session_use_trans_sid, false); |
---|
| 74 | |
---|
[1] | 75 | // Use mysql-based sessions? |
---|
[187] | 76 | setDefault($CFG->enable_mysql_session_handler, false); |
---|
[1] | 77 | |
---|
| 78 | /****************************************************************************** |
---|
| 79 | * USER LOGIN SETTINGS |
---|
| 80 | *****************************************************************************/ |
---|
| 81 | |
---|
| 82 | // The maximum amount of time a user is allowed to be logged in. |
---|
| 83 | // They will be forced to login again if they expire. |
---|
| 84 | // This applies to admins and users. In seconds. |
---|
| 85 | // 21600 seconds = 6 hours. |
---|
| 86 | setDefault($CFG->login_timeout, 21600); |
---|
| 87 | |
---|
[566] | 88 | // The maximum amount of time a user is allowed to be idle before |
---|
[1] | 89 | // their session expires. They will be forced to login again if they expire. |
---|
| 90 | // This applies to admins and users. In seconds. |
---|
| 91 | // 3600 seconds = 1 hour. |
---|
| 92 | setDefault($CFG->idle_timeout, 3600); |
---|
| 93 | |
---|
| 94 | /****************************************************************************** |
---|
| 95 | * ACCOUNT ABUSE SETTINGS |
---|
| 96 | *****************************************************************************/ |
---|
[566] | 97 | |
---|
[1] | 98 | // The period of time to compare login abuse attempts. If a threshold of |
---|
| 99 | // logins is reached in this amount of time the account is blocked. |
---|
| 100 | // Days and hours, like this: 'DD:HH' |
---|
| 101 | $CFG->login_abuse_timeframe = '04:00'; // 4 days |
---|
| 102 | |
---|
| 103 | // The number of warnings a user will receive (and their password reset each |
---|
| 104 | // time) before their account is completely blocked. |
---|
| 105 | $CFG->login_abuse_warnings = 3; |
---|
| 106 | |
---|
[566] | 107 | // The maximum number of IP addresses a user can login with over the |
---|
[1] | 108 | // timeout period before their account is blocked. |
---|
| 109 | $CFG->login_abuse_max_ips = 5; |
---|
| 110 | |
---|
[566] | 111 | // The IP address subnet size threshold. Uses a CIDR notation |
---|
[1] | 112 | // network mask. Any integar between 0 and 32 is permitted. Setting this |
---|
| 113 | // to '24' permits any address in a class C network (255.255.255.0) |
---|
| 114 | // to be considered the same. Setting to '32' compares each IP absolutely. |
---|
| 115 | // Setting to '0' ignores all IPs. |
---|
| 116 | $CFG->login_abuse_ip_bitmask = 32; |
---|
| 117 | |
---|
| 118 | // Array of IP addresses or hostnames that are to be granted relaxed auth access. |
---|
| 119 | // Specifically, these will be networks that fall behind shifting proxy server |
---|
| 120 | // and because the client IP would change between requests auth would fail. |
---|
| 121 | setDefault($CFG->trusted_networks, array()); |
---|
| 122 | |
---|
[206] | 123 | // Array of usernames which are exempt from abuse detection. |
---|
| 124 | setDefault($CFG->login_abuse_exempt_usernames, array()); |
---|
| 125 | |
---|
[204] | 126 | // Array of usernames which are exempt from remote_ip matching. Users behind |
---|
| 127 | // proxy servers should be appended to this array so their shifting remote IP |
---|
| 128 | // will not log them out. |
---|
[206] | 129 | setDefault($CFG->match_remote_ip_exempt_usernames, array()); |
---|
[1] | 130 | |
---|
| 131 | /****************************************************************************** |
---|
| 132 | * SESSION CONFIGURATION |
---|
| 133 | *****************************************************************************/ |
---|
| 134 | |
---|
| 135 | // Session name. |
---|
[348] | 136 | setDefault($CFG->session_name, '_session'); |
---|
[1] | 137 | |
---|
| 138 | // If not using cookies, will pass session ID by URL. |
---|
| 139 | setDefault($CFG->session_use_cookies, true); |
---|
| 140 | |
---|
| 141 | // Skip session for some user agents. |
---|
| 142 | if (preg_match('/Atomz|ApacheBench|Wget/i', getenv('HTTP_USER_AGENT'))) { |
---|
| 143 | $CFG->enable_session = false; |
---|
| 144 | } |
---|
| 145 | |
---|
[566] | 146 | // The maximum byte size that the session cache will hold. |
---|
[1] | 147 | // Used in SessionCache.inc.php |
---|
| 148 | define('SESSION_CACHE_SIZE_BYTES', 204800); // 200 Kilobytes. |
---|
| 149 | |
---|
| 150 | |
---|
| 151 | /****************************************************************************** |
---|
| 152 | * ET CETERA |
---|
| 153 | *****************************************************************************/ |
---|
| 154 | |
---|
[570] | 155 | setDefault($CFG->site_email, ''); |
---|
| 156 | |
---|
| 157 | setDefault($CFG->site_url, sprintf('%s://%s', ('on' == getenv('HTTPS') ? 'https' : 'http'), getenv('HTTP_HOST'))); |
---|
| 158 | setDefault($CFG->admin_url, sprintf('%s/admin/', $CFG->site_url)); |
---|
| 159 | |
---|
[1] | 160 | // Used as the fifth parameter to mail() to set the return address for sent messages. Requires safe_mode off. |
---|
| 161 | setDefault($CFG->envelope_sender_address, "-f $CFG->site_email"); |
---|
| 162 | |
---|
| 163 | // Character set for page output. Used by App::oTxt(), boot.inc.php sends a Content-Type header, and header.ihtml should have <meta content-type> tag. |
---|
| 164 | setDefault($CFG->character_set, 'ISO-8859-1'); |
---|
| 165 | |
---|
| 166 | // A key for calculating simple cryptographic signatures. |
---|
| 167 | if (!empty($_SERVER['SIGNING_KEY'])) { |
---|
| 168 | $CFG->signing_key = $_SERVER['SIGNING_KEY']; |
---|
| 169 | } else { |
---|
| 170 | $CFG->signing_key = 'change me please'; |
---|
| 171 | } |
---|
| 172 | |
---|
| 173 | // The human-readable format used to display dates. |
---|
| 174 | setDefault($CFG->date_format, 'd M Y'); |
---|
[307] | 175 | setDefault($CFG->time_format, 'h:i:s A'); |
---|
[1] | 176 | setDefault($CFG->mysql_date_format, '%e %b %Y'); |
---|
| 177 | setDefault($CFG->mysql_time_format, '%k:%i'); |
---|