source: branches/1.1dev/config/defaults.inc.php @ 649

Last change on this file since 649 was 633, checked in by anonymous, 6 years ago

Add disabled session_use_trans_sid to defaults

File size: 6.8 KB
Line 
1<?php
2/* defaults.inc.php
3 * code by strangecode :: www.strangecode.com :: this document contains copyrighted information. */
4
5
6/*
7 * This file contains global configration variables that apply to the underlying
8 * codebase framework. These values can be overwritten in a site-specific config
9 * file to customize values for a specific site.
10 */
11
12
13// $CFG is the object we store all global codebase configuration variables in.
14if (!isset($CFG)) {
15    $CFG = new stdClass;
16}
17
18
19/******************************************************************************
20 * DEBUGGERY SETTINGS
21 *****************************************************************************/
22
23// The level of error reporting. Don't set this to 0 to suppress messages, use display_errors to control display.
24setDefault($CFG->error_reporting, E_ALL & ~E_NOTICE & ~E_STRICT);
25error_reporting($CFG->error_reporting);
26
27// Location to store log files.
28setDefault($CFG->log_directory, realpath(SITE_BASE . '/../log'));
29
30// Don't display errors, but do log them to a file.
31setDefault($CFG->display_errors, false);
32
33// Database debugging.
34setDefault($CFG->db_debug, false); // TRUE = display db errors.
35setDefault($CFG->db_die_on_failure, true); // TRUE = script stops on db error.
36setDefault($CFG->db_always_debug, false); // TRUE = display all SQL queries.
37
38// Logging priority can be any of the following, or null to deactivate:
39// LOG_EMERG     system is unusable
40// LOG_ALERT     action must be taken immediately
41// LOG_CRIT      critical conditions
42// LOG_ERR       error conditions
43// LOG_WARNING   warning conditions
44// LOG_NOTICE    normal, but significant, condition
45// LOG_INFO      informational message
46// LOG_DEBUG     debug-level message
47setDefault($CFG->log_file_priority, LOG_DEBUG);
48setDefault($CFG->log_email_priority, LOG_WARNING);
49setDefault($CFG->log_sms_priority, false);
50setDefault($CFG->log_screen_priority, false);
51
52// Email address to receive log event emails.
53setDefault($CFG->log_to_email, 'log@strangecode.com');
54
55// SMS Email address to receive log event SMS messages
56setDefault($CFG->log_to_sms, 'sms@strangecode.com');
57
58// General error log for the applications.
59setDefault($CFG->log_filename, 'app_error_log');
60
61/******************************************************************************
62 * CODEBASE FEATURES
63 *****************************************************************************/
64
65// Use mysql database?
66setDefault($CFG->enable_mysql, true);
67
68// Use php sessions?
69setDefault($CFG->enable_session, true);
70
71// Pass the session-id through URLs if cookies are not enabled?
72// Disable this to prevent session ID theft.
73setDefault($CFG->session_use_trans_sid, false);
74
75// Use mysql-based sessions?
76setDefault($CFG->enable_mysql_session_handler, false);
77
78/******************************************************************************
79 * USER LOGIN SETTINGS
80 *****************************************************************************/
81
82// The maximum amount of time a user is allowed to be logged in.
83// They will be forced to login again if they expire.
84// This applies to admins and users. In seconds.
85// 21600 seconds = 6 hours.
86setDefault($CFG->login_timeout, 21600);
87
88// The maximum amount of time a user is allowed to be idle before
89// their session expires. They will be forced to login again if they expire.
90// This applies to admins and users. In seconds.
91// 3600 seconds = 1 hour.
92setDefault($CFG->idle_timeout, 3600);
93
94/******************************************************************************
95 * ACCOUNT ABUSE SETTINGS
96 *****************************************************************************/
97
98// The period of time to compare login abuse attempts. If a threshold of
99// logins is reached in this amount of time the account is blocked.
100// Days and hours, like this: 'DD:HH'
101$CFG->login_abuse_timeframe = '04:00'; // 4 days
102
103// The number of warnings a user will receive (and their password reset each
104// time) before their account is completely blocked.
105$CFG->login_abuse_warnings = 3;
106
107// The maximum number of IP addresses a user can login with over the
108// timeout period before their account is blocked.
109$CFG->login_abuse_max_ips = 5;
110
111// The IP address subnet size threshold. Uses a CIDR notation
112// network mask. Any integar between 0 and 32 is permitted. Setting this
113// to '24' permits any address in a class C network (255.255.255.0)
114// to be considered the same. Setting to '32' compares each IP absolutely.
115// Setting to '0' ignores all IPs.
116$CFG->login_abuse_ip_bitmask = 32;
117
118// Array of IP addresses or hostnames that are to be granted relaxed auth access.
119// Specifically, these will be networks that fall behind shifting proxy server
120// and because the client IP would change between requests auth would fail.
121setDefault($CFG->trusted_networks, array());
122
123// Array of usernames which are exempt from abuse detection.
124setDefault($CFG->login_abuse_exempt_usernames, array());
125
126// Array of usernames which are exempt from remote_ip matching. Users behind
127// proxy servers should be appended to this array so their shifting remote IP
128// will not log them out.
129setDefault($CFG->match_remote_ip_exempt_usernames, array());
130
131/******************************************************************************
132 * SESSION CONFIGURATION
133 *****************************************************************************/
134
135// Session name.
136setDefault($CFG->session_name, '_session');
137
138// If not using cookies, will pass session ID by URL.
139setDefault($CFG->session_use_cookies, true);
140
141// Skip session for some user agents.
142if (preg_match('/Atomz|ApacheBench|Wget/i', getenv('HTTP_USER_AGENT'))) {
143    $CFG->enable_session = false;
144}
145
146// The maximum byte size that the session cache will hold.
147// Used in SessionCache.inc.php
148define('SESSION_CACHE_SIZE_BYTES', 204800); // 200 Kilobytes.
149
150
151/******************************************************************************
152 * ET CETERA
153 *****************************************************************************/
154
155setDefault($CFG->site_email, '');
156
157setDefault($CFG->site_url, sprintf('%s://%s', ('on' == getenv('HTTPS') ? 'https' : 'http'), getenv('HTTP_HOST')));
158setDefault($CFG->admin_url, sprintf('%s/admin/', $CFG->site_url));
159
160// Used as the fifth parameter to mail() to set the return address for sent messages. Requires safe_mode off.
161setDefault($CFG->envelope_sender_address, "-f $CFG->site_email");
162
163// Character set for page output. Used by App::oTxt(), boot.inc.php sends a Content-Type header, and header.ihtml should have <meta content-type> tag.
164setDefault($CFG->character_set, 'ISO-8859-1');
165
166// A key for calculating simple cryptographic signatures.
167if (!empty($_SERVER['SIGNING_KEY'])) {
168    $CFG->signing_key = $_SERVER['SIGNING_KEY'];
169} else {
170    $CFG->signing_key = 'change me please';
171}
172
173// The human-readable format used to display dates.
174setDefault($CFG->date_format, 'd M Y');
175setDefault($CFG->time_format, 'h:i:s A');
176setDefault($CFG->mysql_date_format, '%e %b %Y');
177setDefault($CFG->mysql_time_format, '%k:%i');
Note: See TracBrowser for help on using the repository browser.