Rev 1169 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1169 | Rev 1182 | ||
|---|---|---|---|
| 1 | 1 | ||
| 2 | OVERVIEW OF ALL CONFIG.INC.PHP SETTINGS |
2 | OVERVIEW OF ALL CONFIG.INC.PHP SETTINGS |
| 3 | ======================================= |
3 | ======================================= |
| 4 | 4 | ||
| 5 | The file userdata/baseconfig/config.inc.php contains various settings |
5 | The file userdata/baseconfig/config.inc.php contains various settings |
| 6 | which are essential to connect to your database and other |
6 | which are essential to connect to your database and other |
| 7 | things that should be known before the database connection |
7 | things that should be known before the database connection |
| 8 | is opened. |
8 | is opened. |
| 9 | Other settings are stored in the database (table "config") |
9 | Other settings are stored in the database (table "config") |
| 10 | and can be accessed using the admin login area. |
10 | and can be accessed using the admin login area. |
| 11 | 11 | ||
| 12 | The setup assistant (/setup/) will lead you through |
12 | The setup assistant (/setup/) will lead you through |
| 13 | the creation of the most important settings of config.inc.php. |
13 | the creation of the most important settings of config.inc.php. |
| 14 | 14 | ||
| 15 | Below you will find a list of all possible config settings |
15 | Below you will find a list of all possible config settings |
| 16 | of the default OIDplus installation/plugins. |
16 | of the default OIDplus installation/plugins. |
| 17 | Please note that a plugin can define any key. |
17 | Please note that a plugin can define any key. |
| 18 | 18 | ||
| 19 | 19 | ||
| 20 | ------------------------------------- |
20 | ------------------------------------- |
| 21 | (1) CONFIG SETTINGS PROVIDED BY SETUP |
21 | (1) CONFIG SETTINGS PROVIDED BY SETUP |
| 22 | ------------------------------------- |
22 | ------------------------------------- |
| 23 | 23 | ||
| 24 | OIDplus::baseConfig()->setValue('CONFIG_VERSION', 2.1); |
24 | OIDplus::baseConfig()->setValue('CONFIG_VERSION', 2.1); |
| 25 | 25 | ||
| 26 | OIDplus::baseConfig()->setValue('ADMIN_PASSWORD', '<BCrypt hash, or base64 encoded SHA3-512 hash>'); |
26 | OIDplus::baseConfig()->setValue('ADMIN_PASSWORD', '<BCrypt hash, or base64 encoded SHA3-512 hash>'); |
| 27 | If you want to have multiple valid administrator passwords |
27 | If you want to have multiple valid administrator passwords |
| 28 | (e.g. if you want multiple users), then this value can |
28 | (e.g. if you want multiple users), then this value can |
| 29 | also be an array containing hashes. |
29 | also be an array containing hashes. |
| 30 | 30 | ||
| 31 | OIDplus::baseConfig()->setValue('DATABASE_PLUGIN', ''); |
31 | OIDplus::baseConfig()->setValue('DATABASE_PLUGIN', ''); |
| 32 | Valid values: see plugins (setup/) |
32 | Valid values: see plugins (setup/) |
| 33 | 33 | ||
| 34 | OIDplus::baseConfig()->setValue('OCI_CONN_STR', 'localhost/orcl'); |
34 | OIDplus::baseConfig()->setValue('OCI_CONN_STR', 'localhost/orcl'); |
| 35 | Can be a Oracle connection string/TNS or a hostname like |
35 | Can be a Oracle connection string/TNS or a hostname like |
| 36 | 36 | ||
| 37 | OIDplus::baseConfig()->setValue('OCI_USERNAME', 'hr'); |
37 | OIDplus::baseConfig()->setValue('OCI_USERNAME', 'hr'); |
| 38 | 38 | ||
| 39 | OIDplus::baseConfig()->setValue('OCI_PASSWORD', 'oracle'); |
39 | OIDplus::baseConfig()->setValue('OCI_PASSWORD', 'oracle'); |
| 40 | 40 | ||
| 41 | OIDplus::baseConfig()->setValue('ODBC_DSN', 'DRIVER={SQL Server};SERVER=localhost;DATABASE=oidplus;CHARSET=UTF8'); |
41 | OIDplus::baseConfig()->setValue('ODBC_DSN', 'DRIVER={SQL Server};SERVER=localhost;DATABASE=oidplus;CHARSET=UTF8'); |
| 42 | 42 | ||
| 43 | OIDplus::baseConfig()->setValue('ODBC_USERNAME', 'sa'); |
43 | OIDplus::baseConfig()->setValue('ODBC_USERNAME', 'sa'); |
| 44 | 44 | ||
| 45 | OIDplus::baseConfig()->setValue('ODBC_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
45 | OIDplus::baseConfig()->setValue('ODBC_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
| 46 | The base64 encoding protects your password from being read if someone |
46 | The base64 encoding protects your password from being read if someone |
| 47 | "looks over your shoulder" at your display while you have the configuration file opened. |
47 | "looks over your shoulder" at your display while you have the configuration file opened. |
| 48 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
48 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
| 49 | 49 | ||
| 50 | OIDplus::baseConfig()->setValue('PDO_DSN', 'pgsql:host=localhost;dbname=oidplus'); |
50 | OIDplus::baseConfig()->setValue('PDO_DSN', 'pgsql:host=localhost;dbname=oidplus'); |
| 51 | 51 | ||
| 52 | OIDplus::baseConfig()->setValue('PDO_USERNAME', 'postgres'); |
52 | OIDplus::baseConfig()->setValue('PDO_USERNAME', 'postgres'); |
| 53 | 53 | ||
| 54 | OIDplus::baseConfig()->setValue('PDO_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
54 | OIDplus::baseConfig()->setValue('PDO_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
| 55 | The base64 encoding protects your password from being read if someone |
55 | The base64 encoding protects your password from being read if someone |
| 56 | "looks over your shoulder" at your display while you have the configuration file opened. |
56 | "looks over your shoulder" at your display while you have the configuration file opened. |
| 57 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
57 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
| 58 | 58 | ||
| 59 | OIDplus::baseConfig()->setValue('MYSQL_HOST', 'localhost:3306'); |
59 | OIDplus::baseConfig()->setValue('MYSQL_HOST', 'localhost:3306'); |
| 60 | The hostname to connect to. Port (:3306) is optional. |
60 | The hostname to connect to. Port (:3306) is optional. |
| 61 | 61 | ||
| 62 | OIDplus::baseConfig()->setValue('MYSQL_SOCKET', ''); |
62 | OIDplus::baseConfig()->setValue('MYSQL_SOCKET', ''); |
| 63 | In case you connect via MySQL through a socket, use this setting. |
63 | In case you connect via MySQL through a socket, use this setting. |
| 64 | (It is currently not included in setup/ and needs to be set manually). |
64 | (It is currently not included in setup/ and needs to be set manually). |
| 65 | 65 | ||
| 66 | OIDplus::baseConfig()->setValue('MYSQL_USERNAME', 'root'); |
66 | OIDplus::baseConfig()->setValue('MYSQL_USERNAME', 'root'); |
| 67 | 67 | ||
| 68 | OIDplus::baseConfig()->setValue('MYSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
68 | OIDplus::baseConfig()->setValue('MYSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
| 69 | The base64 encoding protects your password from being read if someone |
69 | The base64 encoding protects your password from being read if someone |
| 70 | "looks over your shoulder" at your display while you have the configuration file opened. |
70 | "looks over your shoulder" at your display while you have the configuration file opened. |
| 71 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
71 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
| 72 | 72 | ||
| 73 | OIDplus::baseConfig()->setValue('MYSQL_DATABASE', 'oidplus'); |
73 | OIDplus::baseConfig()->setValue('MYSQL_DATABASE', 'oidplus'); |
| 74 | 74 | ||
| 75 | OIDplus::baseConfig()->setValue('PGSQL_HOST', 'localhost:5432'); |
75 | OIDplus::baseConfig()->setValue('PGSQL_HOST', 'localhost:5432'); |
| 76 | The hostname to connect to. Port (:5432) is optional. |
76 | The hostname to connect to. Port (:5432) is optional. |
| 77 | 77 | ||
| 78 | OIDplus::baseConfig()->setValue('PGSQL_SOCKET', ''); |
78 | OIDplus::baseConfig()->setValue('PGSQL_SOCKET', ''); |
| 79 | In case you connect via PostgreSQL through a socket, use this setting. |
79 | In case you connect via PostgreSQL through a socket, use this setting. |
| 80 | (It is currently not included in setup/ and needs to be set manually). |
80 | (It is currently not included in setup/ and needs to be set manually). |
| 81 | 81 | ||
| 82 | OIDplus::baseConfig()->setValue('PGSQL_USERNAME', 'postgres'); |
82 | OIDplus::baseConfig()->setValue('PGSQL_USERNAME', 'postgres'); |
| 83 | 83 | ||
| 84 | OIDplus::baseConfig()->setValue('PGSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
84 | OIDplus::baseConfig()->setValue('PGSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
| 85 | The base64 encoding protects your password from being read if someone |
85 | The base64 encoding protects your password from being read if someone |
| 86 | "looks over your shoulder" at your display while you have the configuration file opened. |
86 | "looks over your shoulder" at your display while you have the configuration file opened. |
| 87 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
87 | (Obviously, it doesn't protect you if they can make a photo or screenshot) |
| 88 | 88 | ||
| 89 | OIDplus::baseConfig()->setValue('PGSQL_DATABASE', 'oidplus'); |
89 | OIDplus::baseConfig()->setValue('PGSQL_DATABASE', 'oidplus'); |
| 90 | 90 | ||
| 91 | 91 | ||
| 92 | OIDplus::baseConfig()->setValue('SQLITE3_FILE', 'userdata/database/oidplus.db'); |
92 | OIDplus::baseConfig()->setValue('SQLITE3_FILE', 'userdata/database/oidplus.db'); |
| 93 | Attention: This file must be located in a location that is not world-readable/downloadable! |
93 | Attention: This file must be located in a location that is not world-readable/downloadable! |
| 94 | 94 | ||
| 95 | OIDplus::baseConfig()->setValue('SQLITE3_ENCRYPTION', ''); |
95 | OIDplus::baseConfig()->setValue('SQLITE3_ENCRYPTION', ''); |
| 96 | Optional encryption |
96 | Optional encryption |
| 97 | 97 | ||
| 98 | OIDplus::baseConfig()->setValue('TABLENAME_PREFIX', 'oidplus_'); |
98 | OIDplus::baseConfig()->setValue('TABLENAME_PREFIX', 'oidplus_'); |
| 99 | 99 | ||
| 100 | OIDplus::baseConfig()->setValue('SERVER_SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'); |
100 | OIDplus::baseConfig()->setValue('SERVER_SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'); |
| 101 | It is very very important that you choose a long sequence of |
101 | It is very very important that you choose a long sequence of |
| 102 | random characters. OIDplus uses this secret for various |
102 | random characters. OIDplus uses this secret for various |
| 103 | security related purposes. If someone accidently received this secret, |
103 | security related purposes. If someone accidently received this secret, |
| 104 | please change the sequence. |
104 | please change the sequence. |
| 105 | 105 | ||
| 106 | OIDplus::baseConfig()->setValue('CAPTCHA_PLUGIN', 'None'); |
106 | OIDplus::baseConfig()->setValue('CAPTCHA_PLUGIN', 'None'); |
| 107 | Alternative Values (installed plugins) |
107 | Alternative Values (installed plugins) |
| 108 | - reCAPTCHA |
108 | - reCAPTCHA |
| 109 | - hCaptcha |
109 | - hCaptcha |
| 110 | - ViaThinkSoft Client Challenge |
110 | - ViaThinkSoft Client Challenge |
| 111 | 111 | ||
| 112 | OIDplus::baseConfig()->setValue('RECAPTCHA_VERSION', \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_CHECKBOX); |
112 | OIDplus::baseConfig()->setValue('RECAPTCHA_VERSION', \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_CHECKBOX); |
| 113 | Possible values: |
113 | Possible values: |
| 114 | \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_CHECKBOX |
114 | \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_CHECKBOX |
| 115 | \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_INVISIBLE |
115 | \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V2_INVISIBLE |
| 116 | \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V3 |
116 | \ViaThinkSoft\OIDplus\OIDplusCaptchaPluginRecaptcha::RECAPTCHA_V3 |
| 117 | 117 | ||
| 118 | OIDplus::baseConfig()->setValue('RECAPTCHA_ENABLED', true); |
118 | OIDplus::baseConfig()->setValue('RECAPTCHA_ENABLED', true); |
| 119 | Deprecated! |
119 | Deprecated! |
| 120 | RECAPTCHA_ENABLED=true becomes CAPTCHA_PLUGIN=reCAPTCHA |
120 | RECAPTCHA_ENABLED=true becomes CAPTCHA_PLUGIN=reCAPTCHA |
| 121 | RECAPTCHA_ENABLED=false becomes CAPTCHA_PLUGIN=None |
121 | RECAPTCHA_ENABLED=false becomes CAPTCHA_PLUGIN=None |
| 122 | 122 | ||
| 123 | OIDplus::baseConfig()->setValue('RECAPTCHA_PUBLIC', ''); |
123 | OIDplus::baseConfig()->setValue('RECAPTCHA_PUBLIC', ''); |
| 124 | Only used if CAPTCHA_PLUGIN=ReCAPTCHA |
124 | Only used if CAPTCHA_PLUGIN=ReCAPTCHA |
| 125 | 125 | ||
| 126 | OIDplus::baseConfig()->setValue('RECAPTCHA_PRIVATE', ''); |
126 | OIDplus::baseConfig()->setValue('RECAPTCHA_PRIVATE', ''); |
| 127 | Only used if CAPTCHA_PLUGIN=ReCAPTCHA |
127 | Only used if CAPTCHA_PLUGIN=ReCAPTCHA |
| 128 | 128 | ||
| 129 | OIDplus::baseConfig()->setValue('HCAPTCHA_SITEKEY', ''); |
129 | OIDplus::baseConfig()->setValue('HCAPTCHA_SITEKEY', ''); |
| 130 | Only used if CAPTCHA_PLUGIN=hCaptcha |
130 | Only used if CAPTCHA_PLUGIN=hCaptcha |
| 131 | 131 | ||
| 132 | OIDplus::baseConfig()->setValue('HCAPTCHA_SECRET', ''); |
132 | OIDplus::baseConfig()->setValue('HCAPTCHA_SECRET', ''); |
| 133 | Only used if CAPTCHA_PLUGIN=hCaptcha |
133 | Only used if CAPTCHA_PLUGIN=hCaptcha |
| 134 | 134 | ||
| 135 | OIDplus::baseConfig()->setValue('ENFORCE_SSL', OIDplus::ENFORCE_SSL_AUTO); |
135 | OIDplus::baseConfig()->setValue('ENFORCE_SSL', OIDplus::ENFORCE_SSL_AUTO); |
| 136 | Values OIDplus::ENFORCE_SSL_NO (0) = (off) |
136 | Values OIDplus::ENFORCE_SSL_NO (0) = (off) |
| 137 | OIDplus::ENFORCE_SSL_YES (1) = (on) |
137 | OIDplus::ENFORCE_SSL_YES (1) = (on) |
| 138 | OIDplus::ENFORCE_SSL_AUTO (2) = (auto detect SSL) |
138 | OIDplus::ENFORCE_SSL_AUTO (2) = (auto detect SSL) |
| 139 | 139 | ||
| 140 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_COMPLEXITY', 50000); |
140 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_COMPLEXITY', 50000); |
| 141 | Only used if CAPTCHA_PLUGIN=ViaThinkSoft Client Challenge |
141 | Only used if CAPTCHA_PLUGIN=ViaThinkSoft Client Challenge |
| 142 | 142 | ||
| 143 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_AUTOSOLVE', true); |
143 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_AUTOSOLVE', true); |
| 144 | Only used if CAPTCHA_PLUGIN=ViaThinkSoft Client Challenge |
144 | Only used if CAPTCHA_PLUGIN=ViaThinkSoft Client Challenge |
| 145 | 145 | ||
| 146 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/); |
146 | OIDplus::baseConfig()->setValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/); |
| 147 | Only used if CAPTCHA_PLUGIN=ViaThinkSoft Client Challenge |
147 | Only used if CAPTCHA_PLUGIN=ViaThinkSoft Client Challenge |
| 148 | 148 | ||
| 149 | ---------------------- |
149 | ---------------------- |
| 150 | (2) SYSTEM LIMITATIONS (defined and documented in includes/oidplus_limits.inc.php , can be overwritten by config.inc.php) |
150 | (2) SYSTEM LIMITATIONS (defined and documented in includes/oidplus_limits.inc.php , can be overwritten by config.inc.php) |
| 151 | ---------------------- |
151 | ---------------------- |
| 152 | 152 | ||
| 153 | OIDplus::baseConfig()->setValue('LIMITS_MAX_ID_LENGTH', 255); |
153 | OIDplus::baseConfig()->setValue('LIMITS_MAX_ID_LENGTH', 255); |
| 154 | Please read the documentation in the file includes/oidplus_limits.inc.php |
154 | Please read the documentation in the file includes/oidplus_limits.inc.php |
| 155 | 155 | ||
| 156 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_ASN1_ID_LEN', 255); |
156 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_ASN1_ID_LEN', 255); |
| 157 | Please read the documentation in the file includes/oidplus_limits.inc.php |
157 | Please read the documentation in the file includes/oidplus_limits.inc.php |
| 158 | 158 | ||
| 159 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_UNICODE_LABEL_LEN', 255); |
159 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_UNICODE_LABEL_LEN', 255); |
| 160 | Please read the documentation in the file includes/oidplus_limits.inc.php |
160 | Please read the documentation in the file includes/oidplus_limits.inc.php |
| 161 | 161 | ||
| 162 | 162 | ||
| 163 | ----------------------------------------- |
163 | ----------------------------------------- |
| 164 | (3) "HIDDEN"/UNDOCUMENTED CONFIG SETTINGS |
164 | (3) "HIDDEN"/UNDOCUMENTED CONFIG SETTINGS |
| 165 | ----------------------------------------- |
165 | ----------------------------------------- |
| 166 | 166 | ||
| - | 167 | OIDplus::baseConfig()->setValue('OFFLINE_MODE', false); |
|
| - | 168 | If set to true, OIDplus will not contact other servers. No system registration, |
|
| - | 169 | no hCaptcha, no reCAPTCHA, no system updates, etc. |
|
| - | 170 | ||
| 167 | OIDplus::baseConfig()->setValue('OIDINFO_API_URL', '<url>'); |
171 | OIDplus::baseConfig()->setValue('OIDINFO_API_URL', '<url>'); |
| 168 | Currently only internal use for development utilities (dev/). |
172 | Currently only internal use for development utilities (dev/). |
| 169 | The API to oid-info.com is currently not public. |
173 | The API to oid-info.com is currently not public. |
| 170 | 174 | ||
| 171 | OIDplus::baseConfig()->setValue('REGISTRATION_HIDE_SYSTEM', true); |
175 | OIDplus::baseConfig()->setValue('REGISTRATION_HIDE_SYSTEM', true); |
| 172 | Set this if you have a clone of a productive system and you want |
176 | Set this if you have a clone of a productive system and you want |
| 173 | to avoid that the clone registers at the ViaThinkSoft directory |
177 | to avoid that the clone registers at the ViaThinkSoft directory |
| 174 | (which would overwrite the URL of the productive system and reveal |
178 | (which would overwrite the URL of the productive system and reveal |
| 175 | the URL of your testing system) |
179 | the URL of your testing system) |
| 176 | 180 | ||
| 177 | OIDplus::baseConfig()->setValue('MYSQL_FORCE_MYSQLND_SUPPLEMENT', false); |
181 | OIDplus::baseConfig()->setValue('MYSQL_FORCE_MYSQLND_SUPPLEMENT', false); |
| 178 | The MySQLi plugin contains a supplement code to handle |
182 | The MySQLi plugin contains a supplement code to handle |
| 179 | prepared statements on servers which do not have the MySQLnd extension |
183 | prepared statements on servers which do not have the MySQLnd extension |
| 180 | installed. Set this flag to force the supplement to be used, |
184 | installed. Set this flag to force the supplement to be used, |
| 181 | even if MySQLnd is available. (For testing purposes only) |
185 | even if MySQLnd is available. (For testing purposes only) |
| 182 | 186 | ||
| 183 | OIDplus::baseConfig()->setValue('QUERY_LOGFILE', ''); |
187 | OIDplus::baseConfig()->setValue('QUERY_LOGFILE', ''); |
| 184 | Set this setting to a filename where all queries including timestamps would be written. |
188 | Set this setting to a filename where all queries including timestamps would be written. |
| 185 | This is used for performance analysis. |
189 | This is used for performance analysis. |
| 186 | Please choose a directory that cannot be accessed by world-wide. |
190 | Please choose a directory that cannot be accessed by world-wide. |
| 187 | 191 | ||
| 188 | OIDplus::baseConfig()->setValue('SESSION_LIFETIME', 30*60); |
192 | OIDplus::baseConfig()->setValue('SESSION_LIFETIME', 30*60); |
| 189 | Session lifetime in seconds. |
193 | Session lifetime in seconds. |
| 190 | 194 | ||
| 191 | OIDplus::baseConfig()->setValue('OBJECT_CACHING', true); |
195 | OIDplus::baseConfig()->setValue('OBJECT_CACHING', true); |
| 192 | 196 | ||
| 193 | OIDplus::baseConfig()->setValue('FORCE_DBMS_SLANG', ''); |
197 | OIDplus::baseConfig()->setValue('FORCE_DBMS_SLANG', ''); |
| 194 | Currently valid values: access, mssql, mysql, oracle, pgsql, sqlite |
198 | Currently valid values: access, mssql, mysql, oracle, pgsql, sqlite |
| 195 | 199 | ||
| 196 | OIDplus::baseConfig()->setValue('PREPARED_STATEMENTS_EMULATION', 'auto'); |
200 | OIDplus::baseConfig()->setValue('PREPARED_STATEMENTS_EMULATION', 'auto'); |
| 197 | Currently only for ODBC database plugin. |
201 | Currently only for ODBC database plugin. |
| 198 | 'auto' = Auto detect if prepared statements should be emulated |
202 | 'auto' = Auto detect if prepared statements should be emulated |
| 199 | 'on' = Always emulate prepared statements |
203 | 'on' = Always emulate prepared statements |
| 200 | 'off' = Never emulate prepared statements |
204 | 'off' = Never emulate prepared statements |
| 201 | 205 | ||
| 202 | OIDplus::baseConfig()->setValue('MINIFY_CSS', true); |
206 | OIDplus::baseConfig()->setValue('MINIFY_CSS', true); |
| 203 | This enables the compression of CSS definitions. |
207 | This enables the compression of CSS definitions. |
| 204 | Compressed approx: 220 KB |
208 | Compressed approx: 220 KB |
| 205 | Uncompressed approx: 224 KB |
209 | Uncompressed approx: 224 KB |
| 206 | 210 | ||
| 207 | OIDplus::baseConfig()->setValue('MINIFY_JS', true); |
211 | OIDplus::baseConfig()->setValue('MINIFY_JS', true); |
| 208 | This enables the compression of JavaScript code. |
212 | This enables the compression of JavaScript code. |
| 209 | Please only disable this, if you want to debug |
213 | Please only disable this, if you want to debug |
| 210 | the code! You should not disable it on a productive |
214 | the code! You should not disable it on a productive |
| 211 | system, because otherwise the JavaScript code |
215 | system, because otherwise the JavaScript code |
| 212 | would be several Megabytes large. |
216 | would be several Megabytes large. |
| 213 | Compressed approx: 1133 KB |
217 | Compressed approx: 1133 KB |
| 214 | Unompressed approx: 2761 KB |
218 | Unompressed approx: 2761 KB |
| 215 | 219 | ||
| 216 | OIDplus::baseConfig()->setValue('DISABLE_PLUGIN_...', true); |
220 | OIDplus::baseConfig()->setValue('DISABLE_PLUGIN_...', true); |
| 217 | This gives you the possibility to disable a plugin without |
221 | This gives you the possibility to disable a plugin without |
| 218 | requiring it to be removed from the file system. |
222 | requiring it to be removed from the file system. |
| 219 | (Removing a plugin from the file system can result in various |
223 | (Removing a plugin from the file system can result in various |
| 220 | problems, e.g. they can be re-added during a SVN/software update.) |
224 | problems, e.g. they can be re-added during a SVN/software update.) |
| 221 | Replace "..." with the main PHP class of the plugin you want to disable. |
225 | Replace "..." with the main PHP class of the plugin you want to disable. |
| 222 | The namespace must be included. |
226 | The namespace must be included. |
| 223 | Example: |
227 | Example: |
| 224 | "DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplusLoggerPluginUserdataLogfile" |
228 | "DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplusLoggerPluginUserdataLogfile" |
| 225 | disables the plugin "logger/300_userdata_logfile". |
229 | disables the plugin "logger/300_userdata_logfile". |
| 226 | 230 | ||
| 227 | OIDplus::baseConfig()->setValue('DISABLE_AJAX_TRANSACTIONS', false); |
231 | OIDplus::baseConfig()->setValue('DISABLE_AJAX_TRANSACTIONS', false); |
| 228 | This will disable the usage of database transactions in ajax.php |
232 | This will disable the usage of database transactions in ajax.php |
| 229 | Do only use this if you have severe problems with the system running. |
233 | Do only use this if you have severe problems with the system running. |
| 230 | It might result in inconsistent data e.g. if you update an OID |
234 | It might result in inconsistent data e.g. if you update an OID |
| 231 | and an error occurs in the middle of that process. |
235 | and an error occurs in the middle of that process. |
| 232 | 236 | ||
| 233 | OIDplus::baseConfig()->setValue('CANONICAL_SYSTEM_URL', ''); |
237 | OIDplus::baseConfig()->setValue('CANONICAL_SYSTEM_URL', ''); |
| 234 | Setting this value to a system URL will override the absolute system URL detection. |
238 | Setting this value to a system URL will override the absolute system URL detection. |
| 235 | It has the following effects: |
239 | It has the following effects: |
| 236 | 1. The "canonical" metatag will use this explicit system URL |
240 | 1. The "canonical" metatag will use this explicit system URL |
| 237 | instead of the one the PHP script is detecting. |
241 | instead of the one the PHP script is detecting. |
| 238 | (This is important to avoid duplicate content at search indexes) |
242 | (This is important to avoid duplicate content at search indexes) |
| 239 | 2. CLI WHOIS and other CLI (Command-line-interface) tools |
243 | 2. CLI WHOIS and other CLI (Command-line-interface) tools |
| 240 | will use this address when they need to output an URL. |
244 | will use this address when they need to output an URL. |
| 241 | Otherwise, the CLI tools would need to use the last known |
245 | Otherwise, the CLI tools would need to use the last known |
| 242 | URL that was detected when a webpage visitor has last visited the |
246 | URL that was detected when a webpage visitor has last visited the |
| 243 | page. |
247 | page. |
| 244 | 3. While most resources (images, CSS files, scripts, etc.) are loaded |
248 | 3. While most resources (images, CSS files, scripts, etc.) are loaded |
| 245 | via relative URLs, sometimes an absolute URL is required |
249 | via relative URLs, sometimes an absolute URL is required |
| 246 | (e.g., if an email is sent with an activation link). |
250 | (e.g., if an email is sent with an activation link). |
| 247 | The explicit absolute system URL will then be used rather |
251 | The explicit absolute system URL will then be used rather |
| 248 | than the automatically detected one. |
252 | than the automatically detected one. |
| 249 | Note that setting an absolute system URL can be very useful if |
253 | Note that setting an absolute system URL can be very useful if |
| 250 | OIDplus runs on a system (which detects itself as "X"), |
254 | OIDplus runs on a system (which detects itself as "X"), |
| 251 | while the canonical URL "Y" is a reverse-proxy. |
255 | while the canonical URL "Y" is a reverse-proxy. |
| 252 | 256 | ||
| 253 | OIDplus::baseConfig()->setValue('DEBUG', false); |
257 | OIDplus::baseConfig()->setValue('DEBUG', false); |
| 254 | Enables some special checks for plugins (e.g. a self-test for auth plugins). |
258 | Enables some special checks for plugins (e.g. a self-test for auth plugins). |
| 255 | It is highly recommended that you enable DEBUG if you are developing |
259 | It is highly recommended that you enable DEBUG if you are developing |
| 256 | plugins! |
260 | plugins! |
| 257 | It is recommended to disable this switch in productive systems, |
261 | It is recommended to disable this switch in productive systems, |
| 258 | because the self-tests decrease the performance. |
262 | because the self-tests decrease the performance. |
| 259 | However, after installing a new plugin, you might want to enable |
263 | However, after installing a new plugin, you might want to enable |
| 260 | it for a few minutes, to make sure the plugin is working correctly. |
264 | it for a few minutes, to make sure the plugin is working correctly. |
| 261 | 265 | ||
| 262 | OIDplus::baseConfig()->setValue('COOKIE_SAMESITE_POLICY', 'Strict'); |
266 | OIDplus::baseConfig()->setValue('COOKIE_SAMESITE_POLICY', 'Strict'); |
| 263 | Defined which "SameSite" policy should be used for the cookies OIDplus uses. |
267 | Defined which "SameSite" policy should be used for the cookies OIDplus uses. |
| 264 | Can be "None", "Lax" or "Strict". |
268 | Can be "None", "Lax" or "Strict". |
| 265 | "Strict" is the most secure setting. |
269 | "Strict" is the most secure setting. |
| 266 | "Lax" allows that people stay logged in if they follow a link pointing |
270 | "Lax" allows that people stay logged in if they follow a link pointing |
| 267 | to your OIDplus installation. |
271 | to your OIDplus installation. |
| 268 | "None" is not recommended and is deprecated by modern web browsers. |
272 | "None" is not recommended and is deprecated by modern web browsers. |
| 269 | However, OIDplus itself provides an Anti-CSRF mechanism, so you should be |
273 | However, OIDplus itself provides an Anti-CSRF mechanism, so you should be |
| 270 | still safe. |
274 | still safe. |
| 271 | 275 | ||
| 272 | OIDplus::baseConfig()->setValue('COOKIE_DOMAIN', ''); |
276 | OIDplus::baseConfig()->setValue('COOKIE_DOMAIN', ''); |
| 273 | Can be used to increase security by setting an explicit domain-name in the cookies. |
277 | Can be used to increase security by setting an explicit domain-name in the cookies. |
| 274 | Set to '' (empty string) to allow all (sub)domains. |
278 | Set to '' (empty string) to allow all (sub)domains. |
| 275 | Set to '(auto)' to automatically detect the domain based on the absolute canonical path. |
279 | Set to '(auto)' to automatically detect the domain based on the absolute canonical path. |
| 276 | 280 | ||
| 277 | OIDplus::baseConfig()->setValue('COOKIE_PATH', '/'); |
281 | OIDplus::baseConfig()->setValue('COOKIE_PATH', '/'); |
| 278 | Can be used to increase security by setting an explicit pathname in the cookies. |
282 | Can be used to increase security by setting an explicit pathname in the cookies. |
| 279 | Set to '/' to allow all paths. |
283 | Set to '/' to allow all paths. |
| 280 | Set to '(auto)' to automatically detect the path based on the absolute canonical path. |
284 | Set to '(auto)' to automatically detect the path based on the absolute canonical path. |
| 281 | Note: If supported, you can use Apache's "ProxyPassReverseCookiePath" to translate |
285 | Note: If supported, you can use Apache's "ProxyPassReverseCookiePath" to translate |
| 282 | the cookie path in a reverse-proxy setting. |
286 | the cookie path in a reverse-proxy setting. |
| 283 | 287 | ||
| 284 | OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER', ''); |
288 | OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER', ''); |
| 285 | The pepper is stored inside the base configuration file |
289 | The pepper is stored inside the base configuration file |
| 286 | It prevents that an attacker with SQL write rights can |
290 | It prevents that an attacker with SQL write rights can |
| 287 | create accounts. |
291 | create accounts. |
| 288 | ATTENTION!!! If a pepper is used, then the |
292 | ATTENTION!!! If a pepper is used, then the |
| 289 | hashes are bound to that pepper. If you change the pepper, |
293 | hashes are bound to that pepper. If you change the pepper, |
| 290 | then ALL passwords of RAs become INVALID! |
294 | then ALL passwords of RAs become INVALID! |
| 291 | 295 | ||
| 292 | OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER_ALGO', 'sha512'); |
296 | OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER_ALGO', 'sha512'); |
| 293 | The pepper is stored inside the base configuration file |
297 | The pepper is stored inside the base configuration file |
| 294 | It prevents that an attacker with SQL write rights can |
298 | It prevents that an attacker with SQL write rights can |
| 295 | create accounts. |
299 | create accounts. |
| 296 | ATTENTION!!! If a pepper is used, then the |
300 | ATTENTION!!! If a pepper is used, then the |
| 297 | hashes are bound to that pepper. If you change the pepper, |
301 | hashes are bound to that pepper. If you change the pepper, |
| 298 | then ALL passwords of RAs become INVALID! |
302 | then ALL passwords of RAs become INVALID! |
| 299 | 303 | ||
| 300 | OIDplus::baseConfig()->setValue('DEFAULT_LANGUAGE', 'enus'); |
304 | OIDplus::baseConfig()->setValue('DEFAULT_LANGUAGE', 'enus'); |
| 301 | Default language of the system. This is the language |
305 | Default language of the system. This is the language |
| 302 | a new visitor will see if no "lang=" parameter is used |
306 | a new visitor will see if no "lang=" parameter is used |
| 303 | and no cookie is set. |
307 | and no cookie is set. |
| 304 | Must be a valid language in the plugins directory. |
308 | Must be a valid language in the plugins directory. |
| 305 | Currently available: |
309 | Currently available: |
| 306 | enus = English USA (default) |
310 | enus = English USA (default) |
| 307 | dede = German Germany |
311 | dede = German Germany |
| 308 | 312 | ||
| 309 | ---------------------------------------------------- |
313 | ---------------------------------------------------- |
| 310 | (4) LDAP FIELDS (see document ldap_installation.txt) |
314 | (4) LDAP FIELDS (see document ldap_installation.txt) |
| 311 | ---------------------------------------------------- |
315 | ---------------------------------------------------- |
| 312 | 316 | ||
| 313 | OIDplus::baseConfig()->setValue('LDAP_ENABLED', true); |
317 | OIDplus::baseConfig()->setValue('LDAP_ENABLED', true); |
| 314 | Set to true if you want to enable that users can log-in using LDAP / ActiveDirectory. |
318 | Set to true if you want to enable that users can log-in using LDAP / ActiveDirectory. |
| 315 | 319 | ||
| 316 | OIDplus::baseConfig()->setValue('LDAP_NUM_DOMAINS', 1); |
320 | OIDplus::baseConfig()->setValue('LDAP_NUM_DOMAINS', 1); |
| 317 | Contains the number of domains/servers which are used. |
321 | Contains the number of domains/servers which are used. |
| 318 | For 2nd, 3rd, 4th, ... domain use the fields LDAP_xxx__2, LDAP_xxx__3, ... |
322 | For 2nd, 3rd, 4th, ... domain use the fields LDAP_xxx__2, LDAP_xxx__3, ... |
| 319 | e.g. LDAP_SERVER__2 |
323 | e.g. LDAP_SERVER__2 |
| 320 | LDAP_PORT__2 |
324 | LDAP_PORT__2 |
| 321 | LDAP_BASE_DN__2 |
325 | LDAP_BASE_DN__2 |
| 322 | ... |
326 | ... |
| 323 | 327 | ||
| 324 | OIDplus::baseConfig()->setValue('LDAP_SERVER', 'ldap://server1.contoso.local'); |
328 | OIDplus::baseConfig()->setValue('LDAP_SERVER', 'ldap://server1.contoso.local'); |
| 325 | The LDAP server of your company. |
329 | The LDAP server of your company. |
| 326 | 330 | ||
| 327 | OIDplus::baseConfig()->setValue('LDAP_PORT', 389); |
331 | OIDplus::baseConfig()->setValue('LDAP_PORT', 389); |
| 328 | The port of the LDAP server |
332 | The port of the LDAP server |
| 329 | 333 | ||
| 330 | OIDplus::baseConfig()->setValue('LDAP_BASE_DN', 'DC=CONTOSO,DC=local'); |
334 | OIDplus::baseConfig()->setValue('LDAP_BASE_DN', 'DC=CONTOSO,DC=local'); |
| 331 | The base Distinguished Name (DN) of your directory. |
335 | The base Distinguished Name (DN) of your directory. |
| 332 | 336 | ||
| 333 | OIDplus::baseConfig()->setValue('LDAP_UPN_SUFFIX', '@contoso.local'); |
337 | OIDplus::baseConfig()->setValue('LDAP_UPN_SUFFIX', '@contoso.local'); |
| 334 | The UPN suffix of this domain. |
338 | The UPN suffix of this domain. |
| 335 | 339 | ||
| 336 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_UPN', true); |
340 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_UPN', true); |
| 337 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
341 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
| 338 | and in OIDplus, a RA account with an email equal to the UPN will be created. |
342 | and in OIDplus, a RA account with an email equal to the UPN will be created. |
| 339 | 343 | ||
| 340 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_EMAIL', false); |
344 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_EMAIL', false); |
| 341 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
345 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
| 342 | and in OIDplus, a RA account with an email equal to the "E-Mail-Address" field of the user in the directory will be created. |
346 | and in OIDplus, a RA account with an email equal to the "E-Mail-Address" field of the user in the directory will be created. |
| 343 | Note: If you did not set an email address to the user in the LDAP/ActiveDirectory, then the login will not be possible, |
347 | Note: If you did not set an email address to the user in the LDAP/ActiveDirectory, then the login will not be possible, |
| 344 | except if LDAP_AUTHENTICATE_UPN is additionally enabled. |
348 | except if LDAP_AUTHENTICATE_UPN is additionally enabled. |
| 345 | Attention: Depending on your domain configuration, users might be able to change their own data, |
349 | Attention: Depending on your domain configuration, users might be able to change their own data, |
| 346 | e.g. email address. If this is the case, you must not enable this setting, otherwise, |
350 | e.g. email address. If this is the case, you must not enable this setting, otherwise, |
| 347 | users could authenticate with any address! |
351 | users could authenticate with any address! |
| 348 | 352 | ||
| 349 | OIDplus::baseConfig()->setValue('LDAP_ADMIN_GROUP', ''); |
353 | OIDplus::baseConfig()->setValue('LDAP_ADMIN_GROUP', ''); |
| 350 | If set to an empty string, the OIDplus administrator account cannot be accessed using LDAP authentication. |
354 | If set to an empty string, the OIDplus administrator account cannot be accessed using LDAP authentication. |
| 351 | Otherwise, the user will be authenticated as administrator, if the LDAP user is a |
355 | Otherwise, the user will be authenticated as administrator, if the LDAP user is a |
| 352 | member of the group specified in this setting. |
356 | member of the group specified in this setting. |
| 353 | Example values: CN=Administrators,CN=Builtin,DC=CONTOSO,DC=local |
357 | Example values: CN=Administrators,CN=Builtin,DC=CONTOSO,DC=local |
| 354 | makes every domain administrator also an OIDplus administrator |
358 | makes every domain administrator also an OIDplus administrator |
| 355 | CN=OIDplus Administrators,CN=Users,DC=CONTOSO,DC=local |
359 | CN=OIDplus Administrators,CN=Users,DC=CONTOSO,DC=local |
| 356 | makes every user of the group (OIDplus Administrators) to OIDplus administrators |
360 | makes every user of the group (OIDplus Administrators) to OIDplus administrators |
| 357 | 361 | ||
| 358 | OIDplus::baseConfig()->setValue('LDAP_RA_GROUP', ''); |
362 | OIDplus::baseConfig()->setValue('LDAP_RA_GROUP', ''); |
| 359 | If set to an empty string, every LDAP user can authenticate as RA, depending |
363 | If set to an empty string, every LDAP user can authenticate as RA, depending |
| 360 | on whether LDAP_AUTHENTICATE_UPN and/or LDAP_AUTHENTICATE_EMAIL is set. |
364 | on whether LDAP_AUTHENTICATE_UPN and/or LDAP_AUTHENTICATE_EMAIL is set. |
| 361 | Otherwise, the LDAP users must be a member of the group specified in this setting. |
365 | Otherwise, the LDAP users must be a member of the group specified in this setting. |
| 362 | 366 | ||
| 363 | 367 | ||
| 364 | ---------------------------------------------------------------------- |
368 | ---------------------------------------------------------------------- |
| 365 | (5) GOOGLE OAUTH2 FIELDS (see document google_oauth2_installation.txt) |
369 | (5) GOOGLE OAUTH2 FIELDS (see document google_oauth2_installation.txt) |
| 366 | ---------------------------------------------------------------------- |
370 | ---------------------------------------------------------------------- |
| 367 | 371 | ||
| 368 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_ENABLED', true); |
372 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_ENABLED', true); |
| 369 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_ID', '..............apps.googleusercontent.com'); |
373 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_ID', '..............apps.googleusercontent.com'); |
| 370 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_SECRET', '.............'); |
374 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_SECRET', '.............'); |
| 371 | 375 | ||
| 372 | 376 | ||
| 373 | -------------------------------------------------------------------------- |
377 | -------------------------------------------------------------------------- |
| 374 | (6) FACEBOOK OAUTH2 FIELDS (see document facebook_oauth2_installation.txt) |
378 | (6) FACEBOOK OAUTH2 FIELDS (see document facebook_oauth2_installation.txt) |
| 375 | -------------------------------------------------------------------------- |
379 | -------------------------------------------------------------------------- |
| 376 | 380 | ||
| 377 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_ENABLED', true); |
381 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_ENABLED', true); |
| 378 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_ID', '.............'); // Your App ID |
382 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_ID', '.............'); // Your App ID |
| 379 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_SECRET', '.............'); // Your App Secret |
383 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_SECRET', '.............'); // Your App Secret |
| 380 | 384 | ||
| 381 | 385 | ||
| 382 | ---------------------------------------------------- |
386 | ---------------------------------------------------- |
| 383 | (7) JWT AUTHENTICATION FIELDS |
387 | (7) JWT AUTHENTICATION FIELDS |
| 384 | ---------------------------------------------------- |
388 | ---------------------------------------------------- |
| 385 | 389 | ||
| 386 | If a web request contains the field "OIDPLUS_AUTH_JWT" containing a signed JWT token, |
390 | If a web request contains the field "OIDPLUS_AUTH_JWT" containing a signed JWT token, |
| 387 | an automatic one-time login is performed in order to execute commands. |
391 | an automatic one-time login is performed in order to execute commands. |
| 388 | This feature is used in the plugins "Automated AJAX calls" for admins and RAs. |
392 | This feature is used in the plugins "Automated AJAX calls" for admins and RAs. |
| 389 | With these switches you can disable this feature. |
393 | With these switches you can disable this feature. |
| 390 | 394 | ||
| 391 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_ADMIN', true); |
395 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_ADMIN', true); |
| 392 | Allow JWT tokens that were created using the admin-plugin |
396 | Allow JWT tokens that were created using the admin-plugin |
| 393 | "Automated AJAX calls". |
397 | "Automated AJAX calls". |
| 394 | 398 | ||
| 395 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_USER', true); |
399 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_USER', true); |
| 396 | Allow JWT tokens that were created using the RA-plugin |
400 | Allow JWT tokens that were created using the RA-plugin |
| 397 | "Automated AJAX calls". |
401 | "Automated AJAX calls". |
| 398 | 402 | ||
| 399 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_ADMIN', true); |
403 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_ADMIN', true); |
| 400 | Allow "Remember me" logins for the administrator account. |
404 | Allow "Remember me" logins for the administrator account. |
| 401 | 405 | ||
| 402 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_USER', true); |
406 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_USER', true); |
| 403 | Allow "Remember me" logins for a RA. |
407 | Allow "Remember me" logins for a RA. |
| 404 | 408 | ||
| 405 | OIDplus::baseConfig()->setValue('JWT_ALLOW_MANUAL', false); |
409 | OIDplus::baseConfig()->setValue('JWT_ALLOW_MANUAL', false); |
| 406 | Allow JWT tokens which were manually created "by hand". |
410 | Allow JWT tokens which were manually created "by hand". |
| 407 | These can have any content you like, but they must |
411 | These can have any content you like, but they must |
| 408 | contain the claim "oidplus_generator" with value "2". |
412 | contain the claim "oidplus_generator" with value "2". |
| 409 | 413 | ||
| 410 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60); |
414 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60); |
| 411 | How many seconds will a "remember me" login JWT token be valid? |
415 | How many seconds will a "remember me" login JWT token be valid? |
| 412 | (RA login) |
416 | (RA login) |
| 413 | 417 | ||
| 414 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60); |
418 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60); |
| 415 | How many seconds will a "remember me" login JWT token be valid? |
419 | How many seconds will a "remember me" login JWT token be valid? |
| 416 | (Administrator login) |
420 | (Administrator login) |
| 417 | 421 | ||
| 418 | 422 | ||
| 419 | ---------------------------------------------------- |
423 | ---------------------------------------------------- |
| 420 | (8) THIRD-PARTY PLUGINS |
424 | (8) THIRD-PARTY PLUGINS |
| 421 | ---------------------------------------------------- |
425 | ---------------------------------------------------- |
| 422 | 426 | ||
| 423 | OIDplus::baseConfig()->setValue('RDAP_CACHE_ENABLED', false ); |
427 | OIDplus::baseConfig()->setValue('RDAP_CACHE_ENABLED', false ); |
| 424 | OIDplus::baseConfig()->setValue('RDAP_CACHE_DIRECTORY', OIDplus::localpath().'userdata/cache/' ); |
428 | OIDplus::baseConfig()->setValue('RDAP_CACHE_DIRECTORY', OIDplus::localpath().'userdata/cache/' ); |
| 425 | OIDplus::baseConfig()->setValue('RDAP_BASE_URI', OIDplus::webpath() ); |
429 | OIDplus::baseConfig()->setValue('RDAP_BASE_URI', OIDplus::webpath() ); |
| 426 | OIDplus::baseConfig()->setValue('RDAP_CACHE_EXPIRES', 60 * 3 ); |
430 | OIDplus::baseConfig()->setValue('RDAP_CACHE_EXPIRES', 60 * 3 ); |