summaryrefslogtreecommitdiffstats
path: root/application/config/config.php
diff options
context:
space:
mode:
Diffstat (limited to 'application/config/config.php')
-rw-r--r--application/config/config.php144
1 files changed, 140 insertions, 4 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 35ace5cc9..845e6b55c 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -160,7 +160,11 @@ $config['composer_autoload'] = FALSE;
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
-$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
+if (php_sapi_name() == "cli") {
+ $config['permitted_uri_chars'] = '';
+} else {
+ $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
+}
/*
|--------------------------------------------------------------------------
@@ -383,11 +387,11 @@ $config['encryption_key'] = '';
| except for 'cookie_prefix' and 'cookie_httponly', which are ignored here.
|
*/
-$config['sess_driver'] = 'files';
+$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_samesite'] = 'Lax';
$config['sess_expiration'] = 7200;
-$config['sess_save_path'] = NULL;
+$config['sess_save_path'] = "ci_sessions";
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
@@ -457,7 +461,7 @@ $config['global_xss_filtering'] = FALSE;
| 'csrf_regenerate' = Regenerate token on every submission
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
*/
-$config['csrf_protection'] = FALSE;
+$config['csrf_protection'] = FALSE; // our controller enables this later
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
@@ -530,3 +534,135 @@ $config['rewrite_short_tags'] = FALSE;
| Array: array('10.0.1.200', '192.168.5.0/24')
*/
$config['proxy_ips'] = '';
+
+/*
+|--------------------------------------------------------------------------
+| FileBin
+|--------------------------------------------------------------------------
+ */
+
+// This address will be used as the sender for emails (like password recovery mails).
+$config['email_from'] = "webmaster@example.invalid";
+
+// upload_path should NOT be readable/served by the server, but only by the script
+$config['upload_path'] = FCPATH.'data/uploads';
+
+// Make sure to adjust PHP's limits (post_max_size, upload_max_filesize) if necessary
+$config['upload_max_size'] = 256*1024*1024; // 256MiB
+
+// Files smaller than this will be highlit, larger ones will simply be downloaded
+// even if requested to be highlit.
+$config['upload_max_text_size'] = 2*1024*1024; // 2MiB
+
+// Files older than this will be deleted by the cron job or when accessed.
+// 0 disables deletion.
+$config['upload_max_age'] = 60*60*24*5; // 5 days
+
+// Action keys (invitions, password resets) will be deleted after this time by
+// the cron job.
+$config['actions_max_age'] = 60*60*24*5; // 5 days
+
+// Files smaller than this won't be deleted (even if they are old enough)
+$config['small_upload_size'] = 1024*10; // 10KiB
+
+// Maximum size for multipaste tarballs. 0 disables the feature
+$config['tarball_max_size'] = 1024*1024*50; // 50MiB
+
+// Multipaste tarballs older than this will be deleted by the cron job
+// Changing this is not recommended
+$config['tarball_cache_time'] = 60*5; // 5 minutes
+
+// The maximum number of active invitation keys per account.
+$config['max_invitation_keys'] = 3; //3 keys
+
+
+// Possible values:
+// - apc: needs the apc module and is only useful on long running php processes
+// - file: you will have to clean up the cache directory yourself (./application/cache/)
+// example cronjob:
+// */15 * * * * find ./application/cache/ -mtime +0.5 -not \( -name .htaccess -or -name index.html \) -delete
+// - memcached: config in application/config/memcached.php; you need the memcached module (with the D)
+// - dummy: disables caching
+//
+// It is highly suggested to enable the cache.
+$config['cache_backend'] = "dummy";
+
+
+// For possible drivers look into ./application/libraries/Duser/drivers/
+$config['authentication_driver'] = 'db';
+
+// This is only used it the driver is set to ldap
+if (extension_loaded("ldap")) {
+ $config['auth_ldap'] = array(
+ "host" => 'ldaps://ldap.example.com',
+ "port" => 636,
+ "basedn" => "dc=example,dc=com",
+ "scope" => "one", // possible values: base, one, subtree
+ "options" => array(
+ // key/values pairs for ldap_set_option
+ // http://php.net/manual/en/function.ldap-set-option.php
+ LDAP_OPT_PROTOCOL_VERSION => 3
+ ),
+ // Please note that php-ldap converts attributes to lowercase
+ "userid_field" => "uidnumber", // This has to be a unique integer
+ "username_field" => "uid", // This is the value the user supplies on the login form
+ // Optional parameters
+ // "bind_rdn" => "uid=search-user,cn=users,dc=example,dc=com", // This is the user used to authenticate for searches
+ // "bind_password" => "***", // This is the password for the search user
+ // You can optionally filter the LDAP users who are allowed to log in using any valid LDAP filter. %s will be replaced
+ // by the user name.
+ // "filter" => "(&(uid=%s)(memberOf=cn=FileBinUsers,cn=groups,dc=example,dc=com))",
+ );
+}
+
+// This is only used if the driver is set to fluxbb
+$config['auth_fluxbb'] = array(
+ 'database' => 'fluxbb'
+);
+
+// This is only used if the driver is set to db. Changes to these settings will be
+// applied when users sucessfully log in with their password.
+// For information about these values refer to https://secure.php.net/manual/en/function.password-hash.php
+$config['auth_db'] = array(
+ 'hashing_options' => array(
+ 'cost' => 10,
+ ),
+ 'hashing_algorithm' => PASSWORD_DEFAULT,
+);
+
+
+// Possible values: production, development
+// "development" enables features like profiling and display of SQL queries.
+$config['environment'] = "production";
+
+
+// This sets the download implementation. Possible values are php, nginx and lighttpd.
+// The nginx and lighttpd drivers make use of the server's sendfile feature.
+//
+// The lighttpd driver requires the following directive to be set in your fastcgi.server configuration:
+// "allow-x-send-file" => "enable"
+// See http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModFastCGI#X-Sendfile
+//
+// When using the nginx download driver you need to define an internal location
+// from which nginx will serve your uploads:
+// location ^~ /protected-uploads/ {
+// internal;
+// alias <upload_path>/;
+// }
+// See http://wiki.nginx.org/X-accel
+$config['download_driver'] = 'php';
+
+$config['download_nginx_location'] = '/protected-uploads';
+
+if (file_exists(APPPATH.'config/config-local.php')) {
+ include APPPATH.'config/config-local.php';
+}
+
+if (getenv("ENVIRONMENT") === "testsuite" && isset($_SERVER['SERVER_PORT'])) {
+ $config['base_url'] = 'http://127.0.0.1:'.$_SERVER['SERVER_PORT'].'/';
+}
+
+if (getenv("ENVIRONMENT") === "testsuite") {
+ $config['upload_path'] = FCPATH.'testsuite-tmp';
+ $config['auth_db']['hashing_options']['cost'] = 5;
+}