<?php
/* defaults.inc.php
 * code by strangecode :: www.strangecode.com :: this document contains copyrighted information. */


/*
 * This file contains global configration variables that apply to the underlying
 * codebase framework. These values can be overwritten in a site-specific config
 * file to customize values for a specific site.
 */


// $CFG is the object we store all global codebase configuration variables in.
if (!isset($CFG)) {
    $CFG = new stdClass;
}


/******************************************************************************
 * DEBUGGERY SETTINGS
 *****************************************************************************/

// The level of error reporting. Don't set this to 0 to suppress messages, use display_errors to control display.
setDefault($CFG->error_reporting, E_ALL & ~E_NOTICE & ~E_STRICT);
error_reporting($CFG->error_reporting);

// Location to store log files.
setDefault($CFG->log_directory, realpath(SITE_BASE . '/../log'));

// Don't display errors, but do log them to a file.
setDefault($CFG->display_errors, false);

// Database debugging.
setDefault($CFG->db_debug, false); // TRUE = display db errors.
setDefault($CFG->db_die_on_failure, true); // TRUE = script stops on db error.
setDefault($CFG->db_always_debug, false); // TRUE = display all SQL queries.

// Logging priority can be any of the following, or null to deactivate:
// LOG_EMERG     system is unusable
// LOG_ALERT     action must be taken immediately
// LOG_CRIT      critical conditions
// LOG_ERR       error conditions
// LOG_WARNING   warning conditions
// LOG_NOTICE    normal, but significant, condition
// LOG_INFO      informational message
// LOG_DEBUG     debug-level message
setDefault($CFG->log_file_priority, LOG_DEBUG);
setDefault($CFG->log_email_priority, LOG_WARNING);
setDefault($CFG->log_sms_priority, false);
setDefault($CFG->log_screen_priority, false);

// Email address to receive log event emails.
setDefault($CFG->log_to_email, 'log@strangecode.com');

// SMS Email address to receive log event SMS messages
setDefault($CFG->log_to_sms, 'sms@strangecode.com');

// General error log for the applications.
setDefault($CFG->log_filename, 'app_error_log');

/******************************************************************************
 * CODEBASE FEATURES
 *****************************************************************************/

// Use mysql database?
setDefault($CFG->enable_mysql, true);

// Use php sessions?
setDefault($CFG->enable_session, true);

// Pass the session-id through URLs if cookies are not enabled?
// Disable this to prevent session ID theft.
setDefault($CFG->session_use_trans_sid, false);

// Use mysql-based sessions?
setDefault($CFG->enable_mysql_session_handler, false);

/******************************************************************************
 * USER LOGIN SETTINGS
 *****************************************************************************/

// The maximum amount of time a user is allowed to be logged in.
// They will be forced to login again if they expire.
// This applies to admins and users. In seconds.
// 21600 seconds = 6 hours.
setDefault($CFG->login_timeout, 21600);

// The maximum amount of time a user is allowed to be idle before
// their session expires. They will be forced to login again if they expire.
// This applies to admins and users. In seconds.
// 3600 seconds = 1 hour.
setDefault($CFG->idle_timeout, 3600);

/******************************************************************************
 * ACCOUNT ABUSE SETTINGS
 *****************************************************************************/

// The period of time to compare login abuse attempts. If a threshold of
// logins is reached in this amount of time the account is blocked.
// Days and hours, like this: 'DD:HH'
$CFG->login_abuse_timeframe = '04:00'; // 4 days

// The number of warnings a user will receive (and their password reset each
// time) before their account is completely blocked.
$CFG->login_abuse_warnings = 3;

// The maximum number of IP addresses a user can login with over the
// timeout period before their account is blocked.
$CFG->login_abuse_max_ips = 5;

// The IP address subnet size threshold. Uses a CIDR notation
// network mask. Any integar between 0 and 32 is permitted. Setting this
// to '24' permits any address in a class C network (255.255.255.0)
// to be considered the same. Setting to '32' compares each IP absolutely.
// Setting to '0' ignores all IPs.
$CFG->login_abuse_ip_bitmask = 32;

// Array of IP addresses or hostnames that are to be granted relaxed auth access.
// Specifically, these will be networks that fall behind shifting proxy server
// and because the client IP would change between requests auth would fail.
setDefault($CFG->trusted_networks, array());

// Array of usernames which are exempt from abuse detection.
setDefault($CFG->login_abuse_exempt_usernames, array());

// Array of usernames which are exempt from remote_ip matching. Users behind
// proxy servers should be appended to this array so their shifting remote IP
// will not log them out.
setDefault($CFG->match_remote_ip_exempt_usernames, array());

/******************************************************************************
 * SESSION CONFIGURATION
 *****************************************************************************/

// Session name.
setDefault($CFG->session_name, '_session');

// If not using cookies, will pass session ID by URL.
setDefault($CFG->session_use_cookies, true);

// Skip session for some user agents.
if (preg_match('/Atomz|ApacheBench|Wget/i', getenv('HTTP_USER_AGENT'))) {
    $CFG->enable_session = false;
}

// The maximum byte size that the session cache will hold.
// Used in SessionCache.inc.php
define('SESSION_CACHE_SIZE_BYTES', 204800); // 200 Kilobytes.


/******************************************************************************
 * ET CETERA
 *****************************************************************************/

setDefault($CFG->site_email, '');

setDefault($CFG->site_url, sprintf('%s://%s', ('on' == getenv('HTTPS') ? 'https' : 'http'), getenv('HTTP_HOST')));
setDefault($CFG->admin_url, sprintf('%s/admin/', $CFG->site_url));

// Used as the fifth parameter to mail() to set the return address for sent messages. Requires safe_mode off.
setDefault($CFG->envelope_sender_address, "-f $CFG->site_email");

// Character set for page output. Used by App::oTxt(), boot.inc.php sends a Content-Type header, and header.ihtml should have <meta content-type> tag.
setDefault($CFG->character_set, 'ISO-8859-1');

// A key for calculating simple cryptographic signatures.
if (!empty($_SERVER['SIGNING_KEY'])) {
    $CFG->signing_key = $_SERVER['SIGNING_KEY'];
} else {
    $CFG->signing_key = 'change me please';
}

// The human-readable format used to display dates.
setDefault($CFG->date_format, 'd M Y');
setDefault($CFG->time_format, 'h:i:s A');
setDefault($CFG->mysql_date_format, '%e %b %Y');
setDefault($CFG->mysql_time_format, '%k:%i');