17. Config.php variables — Mahara 19.

10 manual

previous next index

Table of Contents

17. Config.php variables 17. Config.php variables

17.1. Anatomy of a config
variable Some site options cannot be set in the administration area but need to be updated directly on the server in the
17.2. developermode: config.php file. In this section, you see the settings that are possible and why you might want to include them
Enable or disable in your config.php file for your site.
developer mode
17.3.   Some of the config parameters have an equivalent setting in the Administration area. If you set a
directorypermissions:
value explicitely in your config.php file, it overwrites any value entered in the administration, and
Permissions to use in
the field becomes unavailable for editing.
dataroot
17.4. error_reporting:
Error reporting
The config.php file sits in the /htdocs directory of your site. If you want to view all possible variables and
17.5. externallogin: Login
their default values, you can find them in /htdocs/lib/config-defaults.php . You can overwrite any default
via another site
values by placing the variable in your config.php file.
17.6. insecuredataroot:
Share the same dataroot
with another Mahara 17.1. Anatomy of a config variable
17.7. isolatedinstitutions:
A configuration variable needs to be written in the correct syntax in order to function. In Mahara, this is done the
Separate institutions
following way: $cfg->variable = value; .
entirely
17.8.
log_backtrace_levels: Log
backtraces
17.9.
log_backtrace_print_args:
Log backtraces
17.10. log_file: File A typical configuration variable
containing error
messages
17.11. log targets: 1. $cfg->: Stands for “configuration” and indicates that what follows is a configuration variable.
Destination for log
2. variable =: Here you see the variable that is to be set. Generally, it consists of one word, or words are
information
joined together with underscores. The variable cannot contain any spaces.
17.12. noreplyaddress:
System email address 3. value;: The value that the variable takes is displayed. The values can be different things, for example:
17.13. “true” or “false”
openbadgedisplayer_sour
ce: Open Badges text
displayer sources numbers
17.14. passwordsaltmain: file path

https://manual.mahara.org/en/19.10/administration/config_php.html[13/04/2020 15:21:05]
17. Config.php variables — Mahara 19.10 manual

Set a site-wide password

salt
17.15. pathtoclam: Path   If you want to change the default behaviour of a variable in your instance of Mahara, copy it from the
to virus scanner ClamAV config-defaults.php file into your config.php file so it won’t get overwritten when you update
17.16. probationenabled: the codebase. The config.php file is never changed by an update or upgrade of Mahara.
Give users probation
status
17.17. productionmode:
Enable or disable
production mode 17.2. developermode: Enable or disable developer
17.18.
remoteavatarbaseurl:
mode
Remote avatar server $cfg->developermode = true; or $cfg->developermode = false;
URL
When you enable developer mode, the following two changes are made automatically for your site:
17.19. renamecopies:
Rename copied pages debug.css will be included on each page. You can edit this file to add debugging CSS at your discretion.
and collections

 
17.20. sendemail: Send
developermode=true is less powerful than the productionmode=false.
all emails to one address
17.21. sendallemailto:
Send all emails to one
address
17.22. sessionhandler:
Select the session 17.3. directorypermissions: Permissions to use in
handler dataroot
17.23.
$cfg->directorypermissions = 0700; (default)
showloginsideblock:
Show or hide the login You can set what permissions are used for files and directories in the Mahara dataroot. The default allows only
sideblock
the web server user to read the data. If you are on shared hosting and might want to download the contents of
17.24. sitethemeprefs:
your dataroot later, e.g. for backup purposes, set this to 0755. Otherwise, leave it as is.
Choose your browse
theme from any theme
17.25. skins: Skins
17.26. urlsecret: Run the 17.4. error_reporting: Error reporting
cron or upgrade only
$cfg->error_reporting = E_ALL & ~E_STRICT; (default)
when you are authorised
17.27. This parameter indicates what level of errors to print to the Mahara logs. It gets passed directly to the PHP
usersuniquebyusername: function error_reporting() .
The internal Mahara
username prevails when
connecting external   There are some limitations in this method because it doesn’t get called until several scripts have
authentication methods already been compiled: init.php, config.php, config-defaults.php, errors.php , and the
file directly invoked in the URL. So, compile-time errors in those files, which includes most strict
Previous topic errors, will be unaffected by this setting.

16. Isolated institutions

https://manual.mahara.org/en/19.10/administration/config_php.html[13/04/2020 15:21:05]
17. Config.php variables — Mahara 19.10 manual

Next topic

18. Command-line 17.5. externallogin: Login via another site

interfaces (CLI)
$cfg->externallogin = 'URL';

Mahara manuals You can overwrite the normal Mahara login page by providing an external one. This is useful if all people with
access to the site shall log in via a different system and should be redirected there automatically.
19.10
19.04
  Be careful when you have multiple institutions turned on. If at least one institution does not log in via
18.10
the same external login page, you cannot use this setting as people in that institution would not be
All releases
able to log in to Mahara at all since they can never get to the login page that they need.

Languages
If you use the external login, you may need to override it at times, e.g. for troubleshooting the external
Some of these may be
authentication method or when it is not reachable. You can add a parameter at the end of the Mahara URL. You
incomplete.
are then taken to the normal Mahara login screen.
Deutsch
English The parameter is ?override=true

Français For example, https://mahara.example.com/admin/users/search.php ?override=true

日本語
Nederlands   It doesn’t matter what value you add. You can use “true” or “1” or anything else.

17.6. insecuredataroot: Share the same dataroot with

another Mahara
$cfg->insecuredataroot = false; (default) or $cfg->insecuredataroot = true;

You can enforce checking that files that are served have come from dataroot. You would only want to turn this on
if you were running more than one Mahara against the same dataroot. If you are doing that, make sure you
create separate dataroots for each installation, but symlink the artefact directory from all of them to one of them,
and turn on “insecuredataroot” on all the ones for which you created symlinks.

17.7. isolatedinstitutions: Separate institutions entirely

$cfg->isolatedinstitutions = false; (default) or $cfg->isolatedinstitutions = true;

If you have a multi-tenanted Mahara instance but do not want people from the individual institutions to
communicate on the site or share groups, you can turn on “Isolated institutions”.

This can be beneficial when you set up a large site for several organisations and need to adhere to privacy
regulations that don’t allow people from one organisation to contact people from other organisations.

https://manual.mahara.org/en/19.10/administration/config_php.html[13/04/2020 15:21:05]
17. Config.php variables — Mahara 19.10 manual

  See the section “Isolated institutions” for more information.

17.8. log_backtrace_levels: Log backtraces

For example: $cfg->log_backtrace_levels = LOG_LEVEL_WARN | LOG_LEVEL_ENVIRON; (default)

The log levels that will generate backtraces. Useful for development, but probably only warnings are useful on a
live site.

17.9. log_backtrace_print_args: Log backtraces

$cfg->log_backtrace_print_args = null; (default)

Print the values of function and method arguments when printing a backtrace. This can be useful for debugging,
but it is a security risk because function parameters may include sensitive data such as passwords and private
keys. Though arguments whose names suggest that they contain passwords, will still be blanked out even if this
feature is enabled.

A null value here tells Mahara to hide argument values when $cfg->productionmode is enabled, and to
show them otherwise. A true or false tells Mahara to always show or hide argument values in backtraces
regardless of the value of $cfg->productionmode .

17.10. log_file: File containing error messages

$cfg->log_file = '/path/to/dataroot/error.log';

If you use LOG_TARGET_FILE, this is the file to which errors will be logged. By default, it will write to the file
error.log under the dataroot. If you change this in config.php, make sure you use a folder which is writable by
the web server.

17.11. log targets: Destination for log information

Typical production environment:

$cfg->log_dbg_targets     = LOG_TARGET_ERRORLOG;
$cfg->log_info_targets    = LOG_TARGET_ERRORLOG;
$cfg->log_warn_targets    = LOG_TARGET_ERRORLOG;

Typical non-production environment:

$cfg->log_dbg_targets     = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG;

https://manual.mahara.org/en/19.10/administration/config_php.html[13/04/2020 15:21:05]
17. Config.php variables — Mahara 19.10 manual

$cfg->log_info_targets    = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG;

$cfg->log_warn_targets    = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG;
$cfg->log_environ_targets = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG;

There are 4 different types of log messages that you can log to an error log and / or display on screen:

dbg: Debugging messages

info: Informational messages
warn: Warning messages
environ: Environment errors

You can log the different messages to different destinations:

LOG_TARGET_SCREEN: Display error messages on the screen. This is useful during testing and when
debugging, but should not be used on a live site.
LOG_TARGET_ADMIN: Show error messages on the screen, but only when you are in the
Administration area.
LOG_TARGET_ERRORLOG: Send log information to the error log as specified in your Apache
configuration. It is recommended to use this setting for all log levels no matter the other targets that you
specified.
LOG_TARGET_FILE: This allows you to specify a file to which messages will be logged. It’s best to pick a
path in dataroot, but note that log files tend to get very large over time. So it’s advisable to implement some
kind of logrotate if you want to leave this on all the time. The other option is to just turn this option on when
you are getting a specific error or want to see the logging, and know that you’re not going to let the log file
get large.

You can combine the targets with bitwise operations, e.g. LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG .

17.12. noreplyaddress: System email address

$cfg->noreplyaddress = 'noreply@yourdomainhere';

Set the system mail address. Notifications are sent from this address (except for a few emails when a person
doesn’t yet have an account). You can also set it in Administration menu → Configure site → Site options →
Email settings.

Typically, the noreply address is one that is not monitored as people are not supposed to reply to it.

17.13. openbadgedisplayer_source: Open Badges

displayer sources
$cfg->openbadgedisplayer_source = '{"shortname":"url","shortname":"url"}';

In order to display Open Badges in the “Open Badges” block, the sites that host the badges need to be

https://manual.mahara.org/en/19.10/administration/config_php.html[13/04/2020 15:21:05]
17. Config.php variables — Mahara 19.10 manual

configured. Per default, the Mozilla Backpack and the Open Badge Passport can be connected. If you have other
sources, you would need to add them to the allowed sources.

Badgr can be configured as well.

The configuration variable for The Backpack, the Open Badge Passport, and Badgr looks like the following:

$cfg->openbadgedisplayer_source =
'{"backpack":"https://backpack.openbadges.org/","passport":"https://openbadgepassport.com/","badgr":"https://api.badgr.io/"}';

17.14. passwordsaltmain: Set a site-wide password

salt
$cfg->passwordsaltmain = 'your secret phrase here';

A password salt helps “hash” passwords more securely in the database to make hacking them more difficult.
Using a phrase is a good start. Passwords are already not displayed in plain text in the database, they are
hashed. The salt helps randomise that even more.

If you don’t have a password salt set, you see a warning on the “Admin home” page.

17.15. pathtoclam: Path to virus scanner ClamAV

$cfg->pathtoclam = '/path/to/your/clamscan';

If you are running the antivirus engine ClamAV on your server and don’t scan for viruses on the system level,
you can let Mahara know where to find it so files that are uploaded are scanned. For security reasons, the path
to ClamAV on your server needs to be provided in the config.php file.

You can see the path that has been set in the “Security settings”.

17.16. probationenabled: Give users probation status

$cfg->probationenabled = true; or $cfg->probationenabled = false;

If $cfg->probationenabled = true; , you should set $cfg->probationstartingpoints = 2; as well.

You can set a spam probation level for your users to prevent self-registered users from posting spam especially
on a public site. Use the following two variables to do that:

$cfg->probationenabled = true; : This setting decides whether users can be put on probation.
$cfg->probationstartingpoints = 2; : This setting determines how many probation points a newly
self-registered user has per default. In this example, users would get two probation points that they need to
get rid off before all functionality is available to them.

You can change the probation points individually on the user’s account settings page displayed by clicking on a

https://manual.mahara.org/en/19.10/administration/config_php.html[13/04/2020 15:21:05]
17. Config.php variables — Mahara 19.10 manual

person’s username in Administration menu → User → User search.

When you enable probation, people who leave comments on a page or artefact and are not logged in, cannot
post URLs either.

17.17. productionmode: Enable or disable production

mode
$cfg->productionmode = true; or $cfg->productionmode = false;

If production mode is disabled, a message is displayed at the top of the screen alerting to that effect.

Info message when site is not in prodution mode

A number of parameters are overridden with sensible defaults for a testing or development site. For the current
list of parameters, please see init.php . These settings include:

Print debug, information and warning messages as well as environment targets to the screen and the error
log. This helps to see error messages quickly as they appear directly on the screen.
Turn on developer mode.
Disable cache.

  Paradoxically, you will need to set productionmode=true if you want to fine-tune your settings on
a test / development site because productionmode=false overrides a lot of settings with sensible
developer mode defaults.

17.18. remoteavatarbaseurl: Remote avatar server URL

$cfg->remoteavatarbaseurl = 'https://example.com/avatar/';

Profile pictures of your users can be pulled from an avatar service such as Gravatar. If you run your own service.
e.g. Libravatar, you can point Mahara directly to it with this configuration variable.

You decide in the “User settings” whether remote avatars can be displayed or not.
https://manual.mahara.org/en/19.10/administration/config_php.html[13/04/2020 15:21:05]
17. Config.php variables — Mahara 19.10 manual

17.19. renamecopies: Rename copied pages and

collections
$cfg->renamecopies = true; or $cfg->renamecopies = false;

The site administrator can decide to add “Copy of…” for copied pages and collections. If $cfg->renamecopies
= true; , copies of new pages and collections will have “Copy of” prepended to their titles. The default setting is
$cfg->renamecopies = false; .

17.20. sendemail: Send all emails to one address

$cfg->sendemail = true; or $cfg->sendemail = false;

Decide whether you want to send emails from your instance of Mahara. If set to false, Mahara will not send any
emails. This is useful when setting up a non-production instance of Mahara with real data where you don’t want
to accidentally send email to users from this particular Mahara instance.

17.21. sendallemailto: Send all emails to one address

$cfg->sendallemailto = 'you@yourdomain';

You can use this setting to have all emails from this instance of Mahara sent to one particular email address
instead of their real recipients. Leave $cfg->sendemail = true; if you want to use this setting.

This setting is handy for test instances when you want to replicate an issue or test a new feature with real data,
but do not want the users to receive notifications accidentally.

17.22. sessionhandler: Select the session handler

$cfg->sessionhandler = 'file'; or $cfg->sessionhandler = 'memcached'; or $cfg-
>sessionhandler = 'redis';

Mahara supports three different session handlers:

file storage
Memcached
Redis

Memcached and Redis are recommended for large sites as data is accessed more quickly. Redis is beneficial in
a cluster environment.

https://manual.mahara.org/en/19.10/administration/config_php.html[13/04/2020 15:21:05]
17. Config.php variables — Mahara 19.10 manual

Both Memcached and Redis require a few more configuration variables to be set. Please review
/htdocs/lib/config-defaults.php for more information.

17.23. showloginsideblock: Show or hide the login

sideblock
$cfg->showloginsideblock = true; or $cfg->showloginsideblock = false;

You can hide the login form by adding the value $cfg->showloginsideblock = false; to your config.php
file. Once you have done that, only a link to the login form is displayed for an administrator or other users with
internal Mahara accounts to log into the site.

Link to the login form

This is useful if you have single sign-on set up and automatically log in to Mahara via another site.

Per default, the value is set to “true” so that the login sideblock is displayed.

17.24. sitethemeprefs: Choose your browse theme from

any theme
$cfg->sitethemeprefs = true; or $cfg->sitethemeprefs = false;

If the site administrator allowed it, you can choose any theme that is available to you as your browse theme on
your “Account settings” page. In that case, you are not restricted to only use your institution theme or if you are a
member of multiple institutions choose between them.

17.25. skins: Skins

$cfg->skins = true; or $cfg->skins = false;

You can allow your users to personalise their portfolio pages beyond choosing a theme. This is done via skins in
Mahara. Skins can be created on the site level or by individuals. Institutions can allow or deny the use of skins
for their users.

https://manual.mahara.org/en/19.10/administration/config_php.html[13/04/2020 15:21:05]
17. Config.php variables — Mahara 19.10 manual

17.26. urlsecret: Run the cron or upgrade only when

you are authorised
$cfg->urlsecret = 'somesecret';

Without this configuration variable, anybody can run the cron job (scheduled tasks) on your site or an upgrade
potentially causing problems.

Place this variable into your config.php file to overwrite the default value. Choose your own secret phrase
(enclose it with single quotation marks) that only select few people know who are allowed to run the cron or an
upgrade.

Whenever you want to run the cron or perform an upgrade, you need to add your secret word at the end of the
URL. The URLs for the cron and the upgrade look like this then (replace “somesecret” with your own secret
word):

cron: /lib/cron.php?urlsecret=somesecret
upgrade: /admin/upgrade.php?urlsecret=somesecret

  When you have a developer instance or a test server that is behind a firewall, you may not want to
add the urlsecret every time, especially when you are the only one who has access to those sites.
You could put $cfg->urlsecret = null; into the config.php files for these sites and
circumvent the requirement of entering a secret phrase. However, you should not use that on a
production site or any other site that is accessible to many people.

17.27. usersuniquebyusername: The internal Mahara

username prevails when connecting external
authentication methods
$cfg->usersuniquebyusername = true; or $cfg->usersuniquebyusername = false;

This is an experimental feature. When turned on, this setting means that it does not matter which other
application the user SSOs from, they will be given the same account in Mahara as the internal username is
matched and the remote username ignored.

previous next index top

The Mahara manual is licensed under your choice of Creative Commons Attribution-ShareAlike 3.0 unported or GNU General Public License version 3 or later 2011-2020 Catalyst IT and others.
Last updated
on Apr 12, 2020.
Created using Sphinx 3.0.1.

https://manual.mahara.org/en/19.10/administration/config_php.html[13/04/2020 15:21:05]