]+$/i | | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! | */ if (php_sapi_name() == "cli") { $config['permitted_uri_chars'] = ''; } else { $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; } /* |-------------------------------------------------------------------------- | Enable Query Strings |-------------------------------------------------------------------------- | | By default CodeIgniter uses search-engine friendly segment based URLs: | example.com/who/what/where/ | | You can optionally enable standard query string based URLs: | example.com?who=me&what=something&where=here | | Options are: TRUE or FALSE (boolean) | | The other items let you set the query string 'words' that will | invoke your controllers and its functions: | example.com/index.php?c=controller&m=function | | Please note that some of the helpers won't work as expected when | this feature is enabled, since CodeIgniter is designed primarily to | use segment based URLs. | */ $config['enable_query_strings'] = FALSE; $config['controller_trigger'] = 'c'; $config['function_trigger'] = 'm'; $config['directory_trigger'] = 'd'; /* |-------------------------------------------------------------------------- | Allow $_GET array |-------------------------------------------------------------------------- | | By default CodeIgniter enables access to the $_GET array. If for some | reason you would like to disable it, set 'allow_get_array' to FALSE. | | WARNING: This feature is DEPRECATED and currently available only | for backwards compatibility purposes! | */ $config['allow_get_array'] = TRUE; /* |-------------------------------------------------------------------------- | Error Logging Threshold |-------------------------------------------------------------------------- | | You can enable error logging by setting a threshold over zero. The | threshold determines what gets logged. Threshold options are: | | 0 = Disables logging, Error logging TURNED OFF | 1 = Error Messages (including PHP errors) | 2 = Debug Messages | 3 = Informational Messages | 4 = All Messages | | You can also pass an array with threshold levels to show individual error types | | array(2) = Debug Messages, without Error Messages | | For a live site you'll usually only enable Errors (1) to be logged otherwise | your log files will fill up very fast. | */ $config['log_threshold'] = 0; /* |-------------------------------------------------------------------------- | Error Logging Directory Path |-------------------------------------------------------------------------- | | Leave this BLANK unless you would like to set something other than the default | application/logs/ directory. Use a full server path with trailing slash. | */ $config['log_path'] = ''; /* |-------------------------------------------------------------------------- | Log File Extension |-------------------------------------------------------------------------- | | The default filename extension for log files. The default 'php' allows for | protecting the log files via basic scripting, when they are to be stored | under a publicly accessible directory. | | Note: Leaving it blank will default to 'php'. | */ $config['log_file_extension'] = ''; /* |-------------------------------------------------------------------------- | Log File Permissions |-------------------------------------------------------------------------- | | The file system permissions to be applied on newly created log files. | | IMPORTANT: This MUST be an integer (no quotes) and you MUST use octal | integer notation (i.e. 0700, 0644, etc.) */ $config['log_file_permissions'] = 0644; /* |-------------------------------------------------------------------------- | Date Format for Logs |-------------------------------------------------------------------------- | | Each item that is logged has an associated date. You can use PHP date | codes to set your own date formatting | */ $config['log_date_format'] = 'Y-m-d H:i:s'; /* |-------------------------------------------------------------------------- | Error Views Directory Path |-------------------------------------------------------------------------- | | Leave this BLANK unless you would like to set something other than the default | application/views/errors/ directory. Use a full server path with trailing slash. | */ $config['error_views_path'] = ''; /* |-------------------------------------------------------------------------- | Cache Directory Path |-------------------------------------------------------------------------- | | Leave this BLANK unless you would like to set something other than the default | application/cache/ directory. Use a full server path with trailing slash. | */ $config['cache_path'] = ''; /* |-------------------------------------------------------------------------- | Cache Include Query String |-------------------------------------------------------------------------- | | Whether to take the URL query string into consideration when generating | output cache files. Valid options are: | | FALSE = Disabled | TRUE = Enabled, take all query parameters into account. | Please be aware that this may result in numerous cache | files generated for the same page over and over again. | array('q') = Enabled, but only take into account the specified list | of query parameters. | */ $config['cache_query_string'] = FALSE; /* |-------------------------------------------------------------------------- | Encryption Key |-------------------------------------------------------------------------- | | If you use the Encryption class, you must set an encryption key. | See the user guide for more info. | | https://codeigniter.com/userguide3/libraries/encryption.html | */ $config['encryption_key'] = ''; /* |-------------------------------------------------------------------------- | Session Variables |-------------------------------------------------------------------------- | | 'sess_driver' | | The storage driver to use: files, database, redis, memcached | | 'sess_cookie_name' | | The session cookie name, must contain only [0-9a-z_-] characters | | 'sess_samesite' | | Session cookie SameSite attribute: Lax (default), Strict or None | | 'sess_expiration' | | The number of SECONDS you want the session to last. | Setting to 0 (zero) means expire when the browser is closed. | | 'sess_save_path' | | The location to save sessions to, driver dependent. | | For the 'files' driver, it's a path to a writable directory. | WARNING: Only absolute paths are supported! | | For the 'database' driver, it's a table name. | Please read up the manual for the format with other session drivers. | | IMPORTANT: You are REQUIRED to set a valid save path! | | 'sess_match_ip' | | Whether to match the user's IP address when reading the session data. | | WARNING: If you're using the database driver, don't forget to update | your session table's PRIMARY KEY when changing this setting. | | 'sess_time_to_update' | | How many seconds between CI regenerating the session ID. | | 'sess_regenerate_destroy' | | Whether to destroy session data associated with the old session ID | when auto-regenerating the session ID. When set to FALSE, the data | will be later deleted by the garbage collector. | | Other session cookie settings are shared with the rest of the application, | except for 'cookie_prefix' and 'cookie_httponly', which are ignored here. | */ $config['sess_driver'] = 'database'; $config['sess_cookie_name'] = 'ci_session'; $config['sess_samesite'] = 'Lax'; $config['sess_expiration'] = 7200; $config['sess_save_path'] = "ci_sessions"; $config['sess_match_ip'] = FALSE; $config['sess_time_to_update'] = 300; $config['sess_regenerate_destroy'] = FALSE; /* |-------------------------------------------------------------------------- | Cookie Related Variables |-------------------------------------------------------------------------- | | 'cookie_prefix' = Set a cookie name prefix if you need to avoid collisions | 'cookie_domain' = Set to .your-domain.com for site-wide cookies | 'cookie_path' = Typically will be a forward slash | 'cookie_secure' = Cookie will only be set if a secure HTTPS connection exists. | 'cookie_httponly' = Cookie will only be accessible via HTTP(S) (no javascript) | 'cookie_samesite' = Cookie's samesite attribute (Lax, Strict or None) | | Note: These settings (with the exception of 'cookie_prefix' and | 'cookie_httponly') will also affect sessions. | */ $config['cookie_prefix'] = ''; $config['cookie_domain'] = ''; $config['cookie_path'] = '/'; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; $config['cookie_samesite'] = 'Lax'; /* |-------------------------------------------------------------------------- | Standardize newlines |-------------------------------------------------------------------------- | | Determines whether to standardize newline characters in input data, | meaning to replace \r\n, \r, \n occurrences with the PHP_EOL value. | | WARNING: This feature is DEPRECATED and currently available only | for backwards compatibility purposes! | */ $config['standardize_newlines'] = FALSE; /* |-------------------------------------------------------------------------- | Global XSS Filtering |-------------------------------------------------------------------------- | | Determines whether the XSS filter is always active when GET, POST or | COOKIE data is encountered | | WARNING: This feature is DEPRECATED and currently available only | for backwards compatibility purposes! | */ $config['global_xss_filtering'] = FALSE; /* |-------------------------------------------------------------------------- | Cross Site Request Forgery |-------------------------------------------------------------------------- | Enables a CSRF cookie token to be set. When set to TRUE, token will be | checked on a submitted form. If you are accepting user data, it is strongly | recommended CSRF protection be enabled. | | 'csrf_token_name' = The token name | 'csrf_cookie_name' = The cookie name | 'csrf_expire' = The number in seconds the token should expire. | 'csrf_regenerate' = Regenerate token on every submission | 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks */ $config['csrf_protection'] = FALSE; // our controller enables this later $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200; $config['csrf_regenerate'] = TRUE; $config['csrf_exclude_uris'] = array(); /* |-------------------------------------------------------------------------- | Output Compression |-------------------------------------------------------------------------- | | Enables Gzip output compression for faster page loads. When enabled, | the output class will test whether your server supports Gzip. | Even if it does, however, not all browsers support compression | so enable only if you are reasonably sure your visitors can handle it. | | Only used if zlib.output_compression is turned off in your php.ini. | Please do not use it together with httpd-level output compression. | | VERY IMPORTANT: If you are getting a blank page when compression is enabled it | means you are prematurely outputting something to your browser. It could | even be a line of whitespace at the end of one of your scripts. For | compression to work, nothing can be sent before the output buffer is called | by the output class. Do not 'echo' any values with compression enabled. | */ $config['compress_output'] = FALSE; /* |-------------------------------------------------------------------------- | Master Time Reference |-------------------------------------------------------------------------- | | Options are 'local' or any PHP supported timezone. This preference tells | the system whether to use your server's local time as the master 'now' | reference, or convert it to the configured one timezone. See the 'date | helper' page of the user guide for information regarding date handling. | */ $config['time_reference'] = 'local'; /* |-------------------------------------------------------------------------- | Rewrite PHP Short Tags |-------------------------------------------------------------------------- | | If your PHP installation does not have short tag support enabled CI | can rewrite the tags on-the-fly, enabling you to utilize that syntax | in your view files. Options are TRUE or FALSE (boolean) | | Note: You need to have eval() enabled for this to work. | */ $config['rewrite_short_tags'] = FALSE; /* |-------------------------------------------------------------------------- | Reverse Proxy IPs |-------------------------------------------------------------------------- | | If your server is behind a reverse proxy, you must whitelist the proxy | IP addresses from which CodeIgniter should trust headers such as | HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP in order to properly identify | the visitor's IP address. | | You can use both an array or a comma-separated list of proxy addresses, | as well as specifying whole subnets. Here are a few examples: | | Comma-separated: '10.0.1.200,192.168.5.0/24' | Array: array('10.0.1.200', '192.168.5.0/24') */ $config['proxy_ips'] = ''; /* |-------------------------------------------------------------------------- | FileBin |-------------------------------------------------------------------------- */ // This address will be used as the sender for emails (like password recovery mails). $config['email_from'] = "webmaster@example.invalid"; // upload_path should NOT be readable/served by the server, but only by the script $config['upload_path'] = FCPATH.'data/uploads'; // Make sure to adjust PHP's limits (post_max_size, upload_max_filesize) if necessary $config['upload_max_size'] = 256*1024*1024; // 256MiB // Files smaller than this will be highlit, larger ones will simply be downloaded // even if requested to be highlit. $config['upload_max_text_size'] = 2*1024*1024; // 2MiB // Files older than this will be deleted by the cron job or when accessed. // 0 disables deletion. $config['upload_max_age'] = 60*60*24*5; // 5 days // Action keys (invitions, password resets) will be deleted after this time by // the cron job. $config['actions_max_age'] = 60*60*24*5; // 5 days // Files smaller than this won't be deleted (even if they are old enough) $config['small_upload_size'] = 1024*10; // 10KiB // Maximum size for multipaste tarballs. 0 disables the feature $config['tarball_max_size'] = 1024*1024*50; // 50MiB // Multipaste tarballs older than this will be deleted by the cron job // Changing this is not recommended $config['tarball_cache_time'] = 60*5; // 5 minutes // The maximum number of active invitation keys per account. $config['max_invitation_keys'] = 3; //3 keys // Possible values: // - apc: needs the apc module and is only useful on long running php processes // - file: you will have to clean up the cache directory yourself (./application/cache/) // example cronjob: // */15 * * * * find ./application/cache/ -mtime +0.5 -not \( -name .htaccess -or -name index.html \) -delete // - memcached: config in application/config/memcached.php; you need the memcached module (with the D) // - dummy: disables caching // // It is highly suggested to enable the cache. $config['cache_backend'] = "dummy"; // For possible drivers look into ./application/libraries/Duser/drivers/ $config['authentication_driver'] = 'db'; // This is only used it the driver is set to ldap if (extension_loaded("ldap")) { $config['auth_ldap'] = array( "host" => 'ldaps://ldap.example.com', "port" => 636, "basedn" => "dc=example,dc=com", "scope" => "one", // possible values: base, one, subtree "options" => array( // key/values pairs for ldap_set_option // http://php.net/manual/en/function.ldap-set-option.php LDAP_OPT_PROTOCOL_VERSION => 3 ), // Please note that php-ldap converts attributes to lowercase "userid_field" => "uidnumber", // This has to be a unique integer "username_field" => "uid", // This is the value the user supplies on the login form // Optional parameters // "bind_rdn" => "uid=search-user,cn=users,dc=example,dc=com", // This is the user used to authenticate for searches // "bind_password" => "***", // This is the password for the search user // You can optionally filter the LDAP users who are allowed to log in using any valid LDAP filter. %s will be replaced // by the user name. // "filter" => "(&(uid=%s)(memberOf=cn=FileBinUsers,cn=groups,dc=example,dc=com))", ); } // This is only used if the driver is set to fluxbb $config['auth_fluxbb'] = array( 'database' => 'fluxbb' ); // This is only used if the driver is set to db. Changes to these settings will be // applied when users sucessfully log in with their password. // For information about these values refer to https://secure.php.net/manual/en/function.password-hash.php $config['auth_db'] = array( 'hashing_options' => array( 'cost' => 10, ), 'hashing_algorithm' => PASSWORD_DEFAULT, ); // Possible values: production, development // "development" enables features like profiling and display of SQL queries. $config['environment'] = "production"; // This sets the download implementation. Possible values are php, nginx and lighttpd. // The nginx and lighttpd drivers make use of the server's sendfile feature. // // The lighttpd driver requires the following directive to be set in your fastcgi.server configuration: // "allow-x-send-file" => "enable" // See http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModFastCGI#X-Sendfile // // When using the nginx download driver you need to define an internal location // from which nginx will serve your uploads: // location ^~ /protected-uploads/ { // internal; // alias /; // } // See http://wiki.nginx.org/X-accel $config['download_driver'] = 'php'; $config['download_nginx_location'] = '/protected-uploads'; if (file_exists(APPPATH.'config/config-local.php')) { include APPPATH.'config/config-local.php'; } if (getenv("ENVIRONMENT") === "testsuite" && isset($_SERVER['SERVER_PORT'])) { $config['base_url'] = 'http://127.0.0.1:'.$_SERVER['SERVER_PORT'].'/'; } if (getenv("ENVIRONMENT") === "testsuite") { $config['upload_path'] = FCPATH.'testsuite-tmp'; $config['auth_db']['hashing_options']['cost'] = 5; }