1. b2evolution CMS User Manual
  2. Installation / Upgrade
  3. Configuration files
  4. _advanced.php
  5. _advanced.php

_advanced.php

/conf/_advanced.php includes advanced settings for b2evolution.

Debug

  • $debug
  • $debug_jslog
  • $debugpwd
  • $display_errors_on_production
  • $dev_menu
  • $log_app_errors

To learn more about these variables, see Debugging.

Time Zone

$date_default_timezone for setting a default timezone, if necessary.

Demo Mode

$demo_mode: If enabled, this will enable Demo mode where:

  • updating of files in the file manager is not allowed
  • changes to the ‘demouser’ and ‘admin’ account/group is not allowed
  • Blog media directories can only be configured to be inside of the media path

Install Test Features

$allow_install_test_features: If enabled, this will create additional demo contents and enable more features during installation. This may result in an overloaded/bloated blog.

Home URL

$home_url: URL of the Home link at the top left. By default, this is the same as the base URL and unless you do a complex installation, there is no need to change this.

  • $baseurlroot
  • $baseprotocol
  • $basehost
  • $baseport

Instance Name

$instance_name : It is very important to change this if you run multiple installations of b2evolution on the same webserver and/or on the same domain. Failure to use unique instance names for multiple b2evolution installations on the same server/domain may result in:

  • Cookie conflicts and impossibility to log in and/or log out
  • Cache (APC, memcache, etc.) conflicts and blocks of content from one system appearing on the other!

Note: if you have multiple installs of b2evolution that run on different servers, different hosting accounts and different domains, you do NOT need to worry about this.

Database Configuration

  • $db_config['show_errors']
  • $db_config['halt_on_error']
  • $db_config['table_options']
  • $db_config['use_transactions']

OBHandler Debug

$obhandler_debug: When debugging obhandler functions, we may need to stop polluting the output with debug info.

Set this to true to prevent displaying minor changing elements (like time) in order not to have artificial content changes

  • $cookie_path: This is the path that will be associated with cookies. That means cookies set by this b2evo install won’t be seen outside of this path on the domain below. This applies only to the backoffice. For the front-office, the URL will be dynamically generated by function get_cookie_path()
  • $cookie_domain: That means cookies set by this b2evo install won’t be seen outside of this domain.
  • $cookie_session: Name used for session cookies.
  • $cookie_name / $cookie_email / $cookie_url: Names used for other cookies.
  • $cookie_expires: Expiration for comment meta data cookies. Note that user sessions use different settings (config in admin). Value in seconds, set this to 0 if you wish to use non permanent cookies (erased when browser is closed).
  • $cookie_expired: Expired-time used to erase comment meta data cookies. Note: user sessions use different settings (config in admin)
  • $crumb_expires: Crumb expiration time

For all these, please see: Troubleshooting Cookies.

Page Cache

$pagecache_max_age: Page cache expiration time. This controls how old can a cached object get before we consider it outdated.

Dummy Fields

$dummy_fields; An associative array of dummy field names to obfuscate spam bots. We use funky field names to defeat the most basic spam bots in the front office public forms. 

$dummy_fields = array(
	'login' => 'x',
	'pwd' => 'q',
	'pass1' => 'm',
	'pass2' => 'c',
	'email' => 'u',
	'name' => 'i',
	'url' => 'h',
	'subject' => 'd',
	'content' => 'g'
);

Locations

  • You should only move these around if you really need to.
  • You should keep everything as subdirectories of the base folder $baseurl which is set in _basic_config.php, default is the /conf/ folder)
  • Remember you can set the baseurl to your website root _basic_config.php.

All paths must have a trailing slash!

Configuration Files

  • $conf_subdir
  • $conf_path

Base

  • $basepath

Includes

  • $inc_subdir
  • $inc_path
  • $misc_inc_path

HTML Services

  • $htsrv_subdir
  • $htsrv_path
  • $htsrv_url

XML Services

  • $xmlsrv_subdir
  • $xmlsrv_url

REST API

  • $restapi_script
  • $restapi_url

Resources Folder

  • $rsc_subdir
  • $rsc_path
  • $rsc_url
  • $rsc_uri

Skins

  • $skins_subdir:
  • $skins_path:
  • $skins_url:

Site Skins

  • $siteskins_subdir
  • $siteskins_path
  • $siteskins_url

Email Skin

  • $emailskins_subdir
  • $emailskins_path
  • $emailskins_url

Admin Interface Dispatcher

  • $dispatcher
  • $admin_url

Admin Skin

  • $adminskins_subdir
  • $adminskins_path
  • $adminskins_url

Locales

  • $locales_subdir
  • $locales_path

Plugins

  • $plugins_subdir
  • $plugins_path
  • $plugins_url

Cron

  • $cron_subdir
  • $cron_url

Installation Files

  • $install_subdir
  • $install_path

Page Cache

  • $cache_subdir
  • $cache_path

Media

  • $media_subdir
  • $media_path
  • $media_url

Backup

  • $backup_subdir
  • $backup_path

Upgrades

  • $upgrade_subdir
  • $upgrade_path

Public Access to Media

$public_access_to_media:

Forbidden File Extensions

$force_upload_forbiddenext: File extensions that the admin will not be able to enable in the Settings

Uploading of Sensitive Files

$admins_can_manipulate_sensitive_files: set to true to allow admins to upload/rename/edit files that are considered sensitive file types. See Allow upload setting in File Type Editing.

Valid Filenames Regex

The admin can configure the regexp for valid file names in the Settings interface
However, if the following values are set to non empty, the admin will not be able to customize these values.

  • $force_regexp_filename
  • $force_regexp_dirname

Maximum length of file/folder name

$filename_max_length controls the maximum length of a file name. On new uploads file names with more characters are not allowed. The default value for this parameter is 64.

$dirpath_max_length controls the maximum length of a file absolute path is controlled by the value assigned to $dirpath_max_length. Creating folders/files with longer path then this value is not allowed.

Note:

  • 247 is the max length of an absolute path a PHP file operation functions can handle on Windows.
  • On UNIX systems, the file path length is not an issue, so we can allow a higher value. The OS independent max length is 767, because that is what b2evolution can handle correctly.

$filemanager_allow_dotdot_in_filenames: Allows double dots in file names. Use true if you want to allow .. in file and directory names like ..filename or dir..name.

XML-RPC Logging

$debug_xmlrpc_logging: Set this to 1 to log XMLRPC calls received by this server into /xmlsrv/xmlrpc.log.

  • $pwdchange_request_delay: Password change request delay in seconds. Only one email can be requested for one login or email address in each second defined.
  • $enabled_password_drivers: List what drivers must be enabled on your server. By default, only the first driver (which is supported by the server configuration) will be used to store new updated passwords in the DB. Possible driver values are:
    • evo_salted
    • bcrypt_2y
    • bcrypt
    • salted_md5
    • phpass
    • evo_md5 (Use this driver as last choice only)

Hacks and Fixes

  • $tags_dash_fix: Enable a workaround to allow accessing posts with URL titles ending with a dash (workaround for old bug).
  • $use_hacks: Use hacks file. See /inc/_main.inc.php

Logins

  • $failed_logins_before_lockout: Maximum number of failed login attempts before account lockout.
  • $failed_logins_lockout: Length of time the account is locked out in seconds.
  • $reserved_logins: list of logins that are reserved ( admin, administrator, webmaster, etc. ). Normal users can’t register with these and can’t change their current login to one of these. Only User Admins with permission to modify other users can assign these logins.

Allowing redirects to different domains

Most of the time, the best security practice is to NOT allow redirects from your current site to another domain. That is, unless you specifically configured a redirected post. If this doesn’t work for you, you can change this security policy here.

$allow_redirects_to_different_domain = 'only_redirected_posts';

Possible values:

  • ‘always’ : Always allow redirects to a different domain
  • ‘all_collections_and_redirected_posts’ ( Default ): Allow redirects to all collection domains, ALL SUB-DOMAINS of $basehost or redirects of posts with redirected status
  • ‘only_redirected_posts’: Allow redirects to a different domain only in case of posts with redirected status
  • ‘never’ : Force redirects to the current domain in all case, and never allow redirects to a different domain

Email

See: Email Sending Vars

Loading Libraries from CDNs

  • $use_cdns: Set to true to use CDNs as defined in the array $library_cs_urls below.
  • $library_cdn_urls: let you decide which CDNs to use for loading common libraries. Each line starts with the js or css alias. The first string is the production (minified URL), the second is the development URL (optional). If you don’t want to use a CDN and want to use the local version, comment out the line.

Example ( only a few positions included in this page, you can find all the options directly in the file ) :


$library_cdn_urls = array(
	'#jquery#' => array( '//code.jquery.com/jquery-1.11.1.min.js', '//code.jquery.com/jquery-1.11.1.js' ),
	//'#jqueryUI#' => array( '//code.jquery.com/ui/1.10.4/jquery-ui.min.js', '//code.jquery.com/ui/1.10.4/jquery-ui.js' ),
	//'#jqueryUI_css#' => array( '//code.jquery.com/ui/1.10.4/themes/smoothness/jquery-ui.min.css', '//code.jquery.com/ui/1.10.4/themes/smoothness/jquery-ui.css' ),
	'#bootstrap#' => array( '//netdna.bootstrapcdn.com/bootstrap/3.0.0/js/bootstrap.min.js', '//netdna.bootstrapcdn.com/bootstrap/3.0.0/js/bootstrap.js' ),
);

  • $library_local_urls : The aliases for all local JS and CSS files that are used when CDN url is not defined in $library_cdn_urls. It has the same structure than $library_cdn_urls

Example ( only a few positions included in this page, you can find all the options directly in the file ) :


$library_local_urls = array(
	'#jquery#' => array( 'jquery.min.js', 'jquery.js' ),
	'#jqueryUI#' => array( 'jquery/jquery.ui.b2evo.min.js', 'jquery/jquery.ui.b2evo.js' ),
	'#jqueryUI_css#' => array( 'jquery/smoothness/jquery-ui.b2evo.min.css', 'jquery/smoothness/jquery-ui.b2evo.css' ),
);

Important: libraries in $library_cdn_urls will have precedence over the same libraries declared in $library_local_urls. There is no fallback between them, which means that if a library can’t be loaded from a remote CDN, you must exclude it from the first array in order to load the local copy.

Outbound Pings

$allow_post_pings_on_localhost: Allow sending of outbound pings on localhost.

Proxy Settings

Set these if you need b2evolution to use a proxy for all outbound communications, like auto-upgrade, pinging b2evolution.net or twitter, etc.
Leave empty if you don’t want to use a proxy.

  • $outgoing_proxy_hostname
  • $outgoing_proxy_port
  • $outgoing_proxy_username
  • $outgoing_proxy_password

Browser Check

$check_browser_version: Check for old browsers like IE and display info message. Set to false if you do not want this check and never inform users if they use an old browser.

Skin API

$max_skin_api_version: Maximum skin API version which is supported by current version of b2evolution. Skin API version is defined in the method Skin::get_api_version() of each skin.

Evonet

  • $evonetsrv_protocol
  • $evonetsrv_host
  • $evonetsrv_port
  • $evonetsrv_uri

Anti-SPAM

  • $antispamsrv_protocol
  • $antispamsrv_host
  • $antispamsrv_port
  • $antispamsrv_uri
  • $antispamsrv_tos_url
  • $enable_blacklist_server_API: Set to true if the server should be used as central antispam server.

TinyMCE

$tinymce_content_css: This is for plugins to add CSS files to the TinyMCE editor window.

Created by • Last edit by on 2020-02-14 14:57 • •

No feedback yet