config.pod - documents BSE configuration file options
BSE historically used Constants.pm to keep most configuration information. The plan is to make sure any new configuration is kept in bse.cfg, and to slowly move most configuration information into bse.cfg.
Keeping configuration information in Constants.pm makes it difficult to perform upgrades and makes it impossible to use tools such as mod_perl, at least if you want more than one site on the machine.
Contains URL configuration for the site.
The normal URL for the non-secure parts of the site.
The secure URL for the shop, products and other portions of the site that should use SSL. This isn't checked to make sure it is https.
Used as the site ``name'' in a few places.
If set, this is used as the base URL for accessing the administrative functions of your site.
Ignored if adminurl is set.
If this is true then secureurl is used as the base URL for
accessing the administrative functions of your site, otherwise url
is used as the base URL. Default: false (url's value is used)
Contains various file system paths.
This is where the files uploads with the file wizard are stored. It must be writable by the web server user.
Directory containing administrative templates. Note: this is not completely implemented for now, so assume the default. Default: admin directory under $TMPLDIR.
Directory base for most templates.
Local Directory base for templates. This is searched before the templates directory.
Where uploaded images are stored. This is not yet completely implemented. Default: $IMAGEDIR.
Local search path for BSE::Custom, or the class configured by
custom_class in [basic].
Where uploaded siteuser images are stored. This must be set in the config file. The default bse.cfg include an entry to use the current values of [paths].downloads
Pregenerated dynamic article pages are stored here. This must be defined if you site contains any dynamicly generated pages.
This section is used by the file wizard to map uploaded file extensions to MIME content types. This can be used to extend BSE::FileEditor's internal extension map. It cannot override that map.
The key for each entry is the extension, without the leading '.'.
eg.
xls = application/msexcel
Used for translating symbolic template names into full names under the template directory.
In each case the default is the name with a .tmpl extension.
user logon page
user registration page
Used for translating the names of administration templates into filenames.
In each case the default is the name with a .tmpl extension.
article file wizard
Catalog editor page. Default admin/edit_catalog.tmpl
Article edit pages. Default admin/edit_<number>.tmpl
Step child/parent management page. Default admin/edit_steps.tmpl
Minor html items.
The value of the charset keyword when outputting HTML from a script. Set to the empty string to suppress the charset keyword. Default: iso-8859-1.
If this is a non-zero number, then all but mailto links are redirected
to nuser.pl/redirect so you can display a diclaimer. If this
contained alphabetics it's treated as a comma separated list of url
schemes that should be handled via nuser.pl/redirect. If 0 or not
present, no redirection is done.
The redirect URL includes a hash of the url, title and the redirect salt to prevent using this mechanism by external sites for cookie stealing attacks.
The salt used in generating the has for redirect_links. Default: an empty string.
The expiry time for cookies. This should be in the form supported by CGI.pm for the -expires parameter. Typically you want a plus ('+'), a number, and a time character (s - seconds, m - minutes, h - hours, d - days, M - months). Default: +3h
This overrides the domain value set for cookies. This is useful if you allow the site to run under both example.com and www.example.com, if you set cookie_domain to example.com then a user visiting www.example.com will still have their cookies when they visit example.com.
Minimum password length in characters. Default: 4.
Device to read random data from. This device should not block when it runs out of entropy.
If this is true then the encrypted messages containing the customer's credit card number are sent to the shop owner signed. To avoid keeping a passphrase and signing key on the server you can set this to false (0). This has the effect that anyone could send you an unsigned message encrypted with your public key, though this may not be a security threat. Default: True.
If this is true then the links to your articles within BSE will be followed by a / and then by a simplified version of the article title. The aim is to include at least some title information in the URL without modifying the name of the HTML file. Default: False.
If this is true then the user/group/permissions database is used to control access to the system. Default: False.
Set this to non-zero to enable authentication via server authentication (usually Basic Authentication.) You should normally set this if you set htusers below. Default: 0 (disabled)
This should be the path to a file to be updated with the list of users
and crypt() versions of their passwords. If this is set then the
security system will check for a user set by the browser before
attempting a form based logon. Default: None.
The name of the custom class for your site. This is currently only used for article editing customizations. This class should derive from BSE::CustomBase. Default: BSE::Custom.
If this is true, then pre-generation for dynamic pages will be delayed until the page is displayed to a user. Default: off.
If true, the ifAjax and ajax tags will be active for static pages.
This section controls how BSE sends email.
The host or IP address of your mail server. If this is not set
sendmail will be used instead. If this is set you must also set
helo.
The name that BSE uses to identify itself when sending mail via SMTP. Required if smtp_server is set.
The path to the sendmail binary. Default: /usr/lib/sendmail
The options supplied to sendmail. Default: -t -oi
You may want to add the -odq option to this if you want mail queued rather than sent immediately.
If true, we add an Errors-To header set to the same as the From header. Default: true.
Where id is the identifier for an article.
the name of the default template for children of the given parent
a comma-separated list of extra directories under $TMPLDIR to search for templates that can be used for children of the given parent article.
Where id is the identifier of an article.
A comma-separated list of extra directories under $TMPLDIR to search for templates that can be used for children of the given parent article.
A comma-separated list of extra templates under $TMPLDIR that can be used for the given article.
The default template for this level of article, assuming it hasn't been set in the [children of article id] section.
A comma-separated list of extra directories under $TMPLDIR to search for templates that can be used for articles at the given level.
The default template for catalogs.
The default template for products.
A comma separated list of extra templates that can be used for products.
This can be used to control translation of error messages. Each key has a prefix identifying the module that uses the error, followed by '/' followed by a specific identifier for the message.
Message parameters, expressed as $digit, are replaced with the
parameters passed to the message. $$ is replaced with $.
Each message identifier below is documented with the id, when it occurs, the default message, and any parameters.
the user attempted to logon without entering a logon name. Default: ``Please enter a logon name''. No parameters.
the user attempted to logon without entering a password. Default: ``Please enter your password.'' No parameters.
the user's logon name or password was not found or did not match. Default: ``Invalid user or password''. No parameters.
the user attempted to logoff while not logged on. Default: ``You aren't logged on''. No parameters.
the user entered a new password on the options page without entering their old password. Default: ``You need to enter your old password to change your password''. No parameters.
if non-zero, the order must be marked as paid for before the file can be downloaded.
if non-zero the order must be marked as filled before the files can be downloaded.
if non-zero the user must be registered/logged on to download any file.
Control over confirmation emails.
The subject of email confirmation emails. Default: Subcription Confirmation.
The from field for the email. Default: $SHOP_FROM
Control over subscription messages.
The from field for the email. Default: $SHOP_FROM.
Default for the ``Test Name'' field for sending test subscription messages.
Default for the ``Test Email'' field for sending test subscription messages.
Set to 1 if you want the ``Test Text Only'' box checked by default for sending test subscription messages.
Set to 0 to disable display of the test subscription messages portions of the subscriptions send form.
Set to format links as they appear in the text version of emails.
$1 is replaced with the title, $2 with the URL and $3 with
the index. $$ is replaced with '$'. Default: $1 [$3]
Set to format links as they appear at the footer of the body text. If
this is set to the empty string then no list appears. $1, $2,
$3, $$ are replaced as for text_link_inline and $n is
replaced with newline. Default: [$3] $2
A line of text produced above the list of URLs if there is one.
Default: -----. $n in this is replaced with newlines.
For example, if the configuration is:
text_link_inline="$1" ($3) text_link_list_prefix=$n$n------- text_link_list=($3) "$1"$n => $2
and the body text is:
doclink[3] link[http://www.example.com/|Example]
the result will be:
"The Shop" (1)
"Example" (2)
-------
(1) "The Shop"
=> http://www.yoursite.com/shop/index.html
(2) "Example"
=> http://www.example.com/
If this is true then partial matches will be highlight in search result excerpts. Default: True
If this is true then resulting articles that can't be accessed by the user are listed in the search results. Default: false.
Sets the prefix and suffix used for highlighting matches for different fields.
These are used by the highlight_result, excerpt, pageTitle, author, keywords and matchFile tags.
Each field has a prefix and suffix entry. The key is fieldname_prefix or fieldname_suffix. For file fields this is file_fieldname}_prefix and file_fieldname}_suffix.
The default prefix is <b>. The default suffix is </b>.
For example you can do:
[search highlight] body_prefix=<span class="searchfound"> body_suffix=</span>
Used by some templates to check if the shop is enabled. Set this to 1 to enable the shop, or 0 to disable it.
If this is false then shop articles will not use the secureurl as their baseurl. Default: True
If true the customer is required to register before checkout if there are any for sale files attached to products in the cart. Default: True
If true the customer is required to be logged on before checkout, whether or not for sale files are attached to products in the cart. Default: False.
A comma-separated list of acceptable payment types. Default: 0
The possible payment types are:
0 - the user enters a credit card number, name and expiry date
1 - the customer will send a cheque
2 - contact customer for details
Other types can be added by adding entries to the [payment type names] and [payment type descs] sections.
These are used by various shop templates to present an address that a cheque payment should be sent to.
From email address for emails sent by the shop. Overides $SHOP_FROM in Constants.pm
To name for emailed orders sent by the shop. Overrides $SHOP_TO_NAME in Constants.pm
To email for emailed orders sent by the shop. Overrides $SHOP_TO_EMAIL in Constants.pm
If this is true then orders sent to you by the shop will not be
encrypted. Enabling this disabled acceptance of credit card orders,
and the default for payment_types will become 1 instead or 0.
Please realize that other potentially commercially sensitive information is being sent in the clear to a central location, unencrypted.
If true, then the order is email to to_email, possibly with credit card information included. Default: $SHOP_EMAIL_ORDER.
Used to translate the stored order field name into a presentation name suitable for error messages.
The name of a class to load to process credit card transactions online.
Currently this can be either DevHelp::Payments::Test or DevHelp::Payments::Inpho.
Name of the encryption module to use. Default: $SHOP_CRYPTO.
Id of the key to sign the order email with. If this is non-empty then the email is signed even if [basic].sign is false. Default: $SHOP_SIGNING_ID.
Path to the GnuPG program. Default: $SHOP_GPG
Passphrase of the key used to sign the email. Default: $SHOP_PASSPHRASE.
If true, request the card type when requesting credit card information. Default: False.
This section can contain extra order validation information, including specifying required fields, display names and extra validation rules.
The maximum length of the article title field. Default: 255. Should not be set higher than this unless you change the database schema.
Controls the interest.pl script.
Email address that is notified of the interest. Defaults to $SHOP_FROM.
Used for debugging.
When a user logs on, and the site url is different to the secure url BSE attempts to refresh to the other ``side'' of the site to set the same cookie.
BSE does some simple comparisons to attempt to determine whether the logon form was triggered on the secure side of the site (possibly from the shop) or on the insecure side. Since CGI doesn't necessarily give us all the information required, it's possible it will guess wrong.
Setting this option to 1 will enable debugging information sent to standard error, which will be sent to the error log on Apache. This probably isn't useful on IIS.
Reports errors to STDERR (hence to the error log on Apache) if there is a problem deleting the actual file when an attached file is removed.
Reports debugging information to standard error while encrypting your mail.
Reports cookies received from the browser and sent to the browser to STDERR (hence to the error log on Apache.)
If nonzero the session hash is dumped to STDERR after it is retrived from the database.
If non-zero then subscription expiry date calculations are dumped to STDERR.
If non-zero then information about jit_dynamic_regen is sent to STDERR.
If non-zero then the ifUserCan tag will output some trace information to STDERR.
Contains various URIs.
This is underused, so don't rely on it yet.
The URI to the CGI directory. Default: /cgi-bin
The URI where images are kept. Default: /images
This will provide translations from symbolic names to article ids.
Currently this is used for converting article ids in the access control code, and for looking up the id of the shop.
If the user supplies a template name to printable.pl then you can use a different content type by adding an entry to this section. The key is the template name, and the value is the full content type.
This section is used when generating the search index to override the default scores for each field in the articles.
The default scores are:
Field Score Notes ----- ----- ----- title 5 body 3 keyword 4 pageTitle 5 author 4 summary 0 description 0 Products only product_code 0 Products only file_displayName 2 displayName for files file_description 2 description for files file_notes 1 notes for files
Flags that can be set for articles, products and catalogs respectively. Note that flags for articles are also visible in products and catalogs.
All flag Ids are single letters or digits. Uppercase letters are reserved for use by BSE internally, leaving lower-case letters and digits for your own use.
Use the id of the flag as the key, and a description of the flag as it's value.
Each key is an article id, the values are base URIs to store the HTML form of those articles and their children under.
The keys are ids of articles that shouldn't have their link field overwritten. The value should be a true value, but is otherwise ignored.
The recipient for the data dump email sent by datadump.pl. Default: $DATA_EMAIL.
the From for the data dump email sent by datadump.pl. Default: $SHOP_FROM.
Configuration for site users.
If this is set to true then no passwords are required during registration, a confirmation email is sent immediately upon registration and that confirmation email contains a link the user can use to manage their details.
This option has some security concerns since it can leave links to the user's information in the browser history. This option is not recommended.
You cannot use this to control access to the shop.
Set these to true to require the corresponding field during registration, and to keep it required after modification. Default: false.
If you enable any of these, you should enable info_on_register as
well, or modify the registration template to include the given fields.
Controls how the given field is displayed in error messages. If you change the field names on the registration and/or options forms you should probably change them here too. Default: internal field name with the first character converted to upper-case.
If this is set then the user info is prompted for during user registration. The information still isn't required unless the appropriate require_field option is set. Default: false.
The default URL to refresh to on completing registration if no r parameter is supplied.
If this is set then the subcription checkboxes are all checked on registration by default. Default: false.
The user will only receive the subscriptions if they leave them checked and follow the link in the confirmation email.
Where id is the number identifying a subscription. If this is set then the subscription checkbox for that subscription will be checked by default on the registration form. Default: false.
The user will only receive the subscriptions if they leave it checked and follow the link in the confirmation email.
You can get the id of a subcription by looking at the Edit link on the subscriptions management page, the number after ``id='' is the id.
If set to zero then user billing options will be managed on a separate page. This is controlled by the user/options_base.tmpl template.
If set to zero then users cannot register themselves. Default: true, allowing users to register themselves.
If true then an email is sent when a new user registers on your site. The email address sent to is the first set of [site users].notify_register_email, [shop].from or $SHOP_FROM from Constants.pm
No email is sent if a new user is created from the administration user interface.
See also: notify_register_email, notify_register_subject.
The email to sent the registration notification too. See notify_register above.
The subject of the notification email sent when a new user registers. Any {field} is replaced with the given field from the registered user. See notify_register above.
Default: New user {userId} registered
This section and [payment type descs] are used to configure new paymeny type ids.
The key is the integer representing the payment type. The value is the name used in tags for checking the payment type.
You can also add a description (currently unused) to [payment type descs].
You should use numbers starting from 10 to avoid conflicts with future BSE payment types.
See [payment type names].
Set the key given by the payment type id to a value of a comma-separated list of fields required for that payment type.
This type of configuration section is used to set values for a style
of help icon. Only the template and prefix values are used
directly by the code, the others are used by the default helpicon
templates.
The URI to the help files for this style. Default: /help/ in style ``user'', /admin/help/ in style ``admin''.
The template used to produce the icon. Default: helpicon in style user, admin/helpicon in style ``admin''.
URI to the help icon image. Default: /images/admin/help.gif
The width of the help icon image. Default: 16
The height of the help icon image. Default: 16
If you just want to change the help icon image for user help icons you might do:
[help style user] icon=/images/help.gif
A semi-colon (;) separated list of referer domains that are allowed to
link to the a_set target of the affiliate.pl manpage.
If the user's browser supplies a referer header then it will be checked against this list.
If this is set then the a_set target of the affiliate.pl manpage will
require that the user's browser supply a Referer header.
If no r parameter is supplied to the a_set target of
the affiliate.pl manpage then this is used as the default refresh.
Default: the site base url.
This is either the numeric or text of a subscription for which the affiliate must have an active subscription.
A single letter flag which the site administrator must set for the affiliate page to be displayed for the given member.
If this is set then affiliate.pl will set the named cookie to the affiliate id.
This is a comma-separated list of other cookies that should be set by the a_set target. The values for the cookies should be passed to the a_set target. For example with:
[affiliate] other_cookies=alpha,beta
if the url:
http://your.site.com/cgi-bin/affiliate.pl?a_set=1&id=someid&alpha=1&beta=2&gamme=3
is accessed, then the cookie alpha is set to ``1'', beta is set to ``2''. The cookie gamma will not be set since it's not listed.
Used as the link base URL for the afflink.tmpl side bar template when an affiliate id is set. Default: example.com
Used at the text of the link for the afflink.tmpl side bar template when an affiliate id is set. Default: Your Site.
Used as the link URL for the afflink.tmpl side bar template when an affiliate id is not set. Default: example.com
Used as the text of the link for the afflink.tmpl side bar template when an affiliate id is not set. Default: Our site
Each key is the id of a member image, with a corresponding [BSE Siteuser Image image_id] section. The values are ignored.
Provides information about a single member image ``template''.
Short description on the image, like ``Logo''. Used in error messages.
Longer description of the image. Accessible with the member_image tag.
The minimum and maximum dimensions of the image.
Error messages displayed in the when the image is outside the configured dimensions.
Default error messages for the above.
Maximum storage the image can use in bytes. Default: 1000000.
Error message displayed if the image uses too much storage.
Various editor settings.
If this is non-zero the system will attempt to load the configured thumbnail class, and put thumbnail images on the image manager page rather than full-size images. Default: off
The name of a perl class that implement's BSE's thumbnail API. At this point the only class that implements that is BSE::Thumb::Imager, supplied with BSE. Default: None
URI to the default thumbnail image. This is presented when the runtime production of a thumbnail image fails.
Dimensions of the default thumbnail image.
Alt text for the default thumbnail image.
If this is true then BSE will check the value of the lastModified parameter passed against the value in the article. If these don't match the article isn't saved and is redisplayed with an error message. This provides simple protection against one user saving changes over those made by another.
Default values for the thumbimage tag.
Each value is used as the relative or absolute name of a file or directory to load more configuration data from.
The keywords must remain unique.
Only the [includes] section from bse.cfg itself is used to locate more configuration data.
If the value references a directory, all files with an extension of
.cfg are read for configuration data.
The order the files are read (which later files overriding older files) is:
bse.cfg is read
the entries in [includes] are sorted alphabetically (or rather asciily), so an entry with key ``A'' is read before one with key ``B'', one with key ``01'' is read before ``02'', but key ``10'' would be read before key ``2''.
if an entry is a file then that is read and the values merged.
if an entry is a directory, then that is scanned and the files found read alphabetically as above.
This is used to configure the error icon displayed next to fields that fail validation.
URI to the image file.
The width and height of the error icon image.
Flags that can be set for site users.
All flag Ids are single letters or digits. Uppercase letters are reserved for use by BSE internally, leaving lower-case letters and digits for your own use.
Use the id of the flag as the key, and a description of the flag as it's value.
These sections contain defaults values for the corresponding article types.
Each key is the name of a column for the article type.
If an entry is not found in [catalog defaults] then [article defaults] is also checked.
If an entry is not found in [product defaults] then [article defaults] is also checked.
These sections are checked after the [children of id] and
[level level] sections.
These defaults are used when creating an article where no value is supplied, they can also be accessed via the <:default name:> tag.
Contains criteriaindex entries starting from criteria1, then
criteria2, etc.
Each entry consists of a filter class name, followed by a ; followed by data passed to that filter.
; user the original SQL based filter, configured from ; section [foo] criteria1=BSE::NLFilter::SQL;foo
See the documentation for each filter to configure the filters.
The key of each entry is the numeric identifier of a query group, the values are the name of the query group. For example:
[query groups] 1=some name
[query group some name] sql=select id from site_users where id = ? and name1 like '%some%'
Each entry also has a corresponding [Query Group name] section.
This section corresponds to an entry in [Query Groups].
This is an SQL statement. One placeholder is required and is passed the siteuser id (primary key) of the user to be checked. If this query returns any rows then the user is considered part of the group.
Each key is a template name, the value is the content type to be used when displaying the template dynamically.
This section defines CSS class names for BSE's body text link tags. The key is the tag name, the value is the CSS class to be used.
By default the class used is the same as the name of the tag, but you can switch this off by adding an entry setting the class to the empty string, for example:
; no class attribute for any of the links [body class] link= poplink= doclink= popdoclink=
You can set p here too to set the class for paragraphs generated as body text. By default no class is set.
Controls the behaviour of the window displayed by the popimage[] body text tag. If the Javascript for this has been customized then this may not apply.
Extra width and height for the window beyond the size of the image. Default: no extra width or height.
If set to non-zero popimage[] will attempt to centre the popup within the current window. Default: 0.
This is used to configure the DevHelp::Payments::Inpho module.
If this is set then the test parameters are used instead of the product values.
The URL to process requests through.
Inpho supplied user name.
Inpho supplied password.
The URL to process test requests through.
The user to supply to test requests.
The password to supply to test requests.
This section controls whether some custom class methods are called:
If this is non-zero then siteuser_saveopts is called.
Tony Cook <tony@develop-help.com>