Allow multiple usernames when using HTTP authentication for the admin interface

[jirafeau.git] / lib / config.original.php

diff --git a/lib/config.original.php b/lib/config.original.php
index f1f0368b2afa981ff22e10389c658eadbc578e68..bfa76af9c6f4332164799d7b263619a1019e5a5f 100644 (file)
--- a/lib/config.original.php
+++ b/lib/config.original.php
@@ -25,7 +25,7 @@
  * rename it to »config.local.php« and adapt the parameters.
  **/
 
  * rename it to »config.local.php« and adapt the parameters.
  **/
 

-/* URL of installation, with traling slash (eg. »https://exmaple.com/jirafeau/«)
+/* URL of installation, with trailing slash (eg. »https://example.com/jirafeau/«)

  */
 $cfg['web_root'] = '';
 
  */
 $cfg['web_root'] = '';
 


@@ -33,16 +33,17 @@ $cfg['web_root'] = '';
  */
 $cfg['var_root'] = '';
 
  */
 $cfg['var_root'] = '';
 

-/* Language - choice between 'auto' or any language located in the /lib/locales/ folder.
+/* Language - choose between 'auto' or any language located in the /lib/locales/ folder.

  * The mode »auto« will cause the script to detect the user's browser information
  * The mode »auto« will cause the script to detect the user's browser information

- * and offer a matching language, and use »en« if it is not available.
- * Forcing to a specific lang lightly reduce lang computation.
+ * and offer a matching language, or use »en« if it is not available.
+ * Forcing a specific lang will slightly reduce computation time.

  */
 $cfg['lang'] = 'auto';
 
 /* Select a theme - see media folder for available themes
  */
 $cfg['style'] = 'courgette';
  */
 $cfg['lang'] = 'auto';
 
 /* Select a theme - see media folder for available themes
  */
 $cfg['style'] = 'courgette';

+$cfg['dark_style'] = 'dark-courgette';

 
 /* Name the organisation running this installation, eg. 'ACME'
  */
 
 /* Name the organisation running this installation, eg. 'ACME'
  */


@@ -70,7 +71,7 @@ $cfg['enable_crypt'] = false;
 $cfg['link_name_length'] = 8;
 
 /* Upload password(s).
 $cfg['link_name_length'] = 8;
 
 /* Upload password(s).

- * An empty array will disable the password authentification.
+ * An empty array will disable password authentication.

  * $cfg['upload_password'] = array();               // No password
  * $cfg['upload_password'] = array('psw1');         // One password
  * $cfg['upload_password'] = array('psw1', 'psw2'); // Two passwords
  * $cfg['upload_password'] = array();               // No password
  * $cfg['upload_password'] = array('psw1');         // One password
  * $cfg['upload_password'] = array('psw1', 'psw2'); // Two passwords


@@ -93,18 +94,29 @@ $cfg['upload_ip'] = array();
 $cfg['upload_ip_nopassword'] = array();
 
 /* Password for the admin interface.
 $cfg['upload_ip_nopassword'] = array();
 
 /* Password for the admin interface.

- * An empty password will disable the password authentification.
+ * An empty password will disable password authentication.

  * The password is a sha256 hash of the original version.
  * The password is a sha256 hash of the original version.

+ * Example: echo -n "myVerySecretAdminPassword" | sha256sum

  */
 $cfg['admin_password'] = '';
 
  */
 $cfg['admin_password'] = '';
 

-/* If set, let the user be authenticated as administrator.
- * The user provided here is the user authenticated by HTTP authentication.
+/* If set, let the users be authenticated as administrator.
+ * The users provided here are authenticated by HTTP authentication.

  * Note that Jirafeau does not manage the HTTP login part, it just checks
  * Note that Jirafeau does not manage the HTTP login part, it just checks

- * that the provided user is logged in.
+ * that one of the provided users is logged in.
+ * May be an array for multiple users or a string for a single user.
+ * The option to provide a string is for backward compatibility.

  * If »admin_password« parameter is set, then the »admin_password« is ignored.
  */
  * If »admin_password« parameter is set, then the »admin_password« is ignored.
  */

-$cfg['admin_http_auth_user'] = '';
+$cfg['admin_http_auth_user'] = array();
+
+/* List of IP allowed to access the admin interface.
+ * If the list is empty, then there is no admin interface restriction based on IP.
+ * Elements of the list can be a single IP (e.g. "123.45.67.89") or
+ * an IP range (e.g. "123.45.0.0/16").
+ * Note that CIDR notation is available for IPv4 only for the moment.
+ */
+$cfg['admin_ip'] = array();

 
 /* Allow user to select different options for file expiration time.
  * Possible values in array:
 
 /* Allow user to select different options for file expiration time.
  * Possible values in array:


@@ -112,8 +124,9 @@ $cfg['admin_http_auth_user'] = '';
  * 'hour': file available for one hour
  * 'day': file available for one day
  * 'week': file available for one week
  * 'hour': file available for one hour
  * 'day': file available for one day
  * 'week': file available for one week

+ * 'fortnight': file is available for two weeks

  * 'month': file is available for one month
  * 'month': file is available for one month

- * 'quarter': file is available for three month
+ * 'quarter': file is available for three months

  * 'year': file available for one year
  * 'none': unlimited availability
  */
  * 'year': file available for one year
  * 'none': unlimited availability
  */


@@ -122,6 +135,7 @@ $cfg['availabilities'] = array(
     'hour' => true,
     'day' => true,
     'week' => true,
     'hour' => true,
     'day' => true,
     'week' => true,

+    'fortnight' => true,

     'month' => true,
     'quarter' => false,
     'year' => false,
     'month' => true,
     'quarter' => false,
     'year' => false,


@@ -154,14 +168,19 @@ $cfg['proxy_ip'] = array();
 
 /* File hash
  * In order to make file deduplication work, files can be hashed through different methods.
 
 /* File hash
  * In order to make file deduplication work, files can be hashed through different methods.

- * By default, files are hashed through md5 but other methods are available.
- * Possible values are 'md5' and 'md5_outside'.
+ * To enable file deduplication feature, set this option to `md5`.
+ *
+ * Possible values are 'md5', 'md5_outside' and 'random'.
+ *

  * With 'md5' option, the whole file is hashed through md5. This is the default.
  * With 'md5' option, the whole file is hashed through md5. This is the default.

- * With 'md5_outside', md5 is used to hash the first part of the file, the last part of the file. This method offer file deduplication at minimal cost but can be dangerous as files with the same partial hash can be mistaken.
- * With 'random', file hash not set to a random value and file deduplication cannot work anymore but it is fast and safe.
- * and the file's size. This method is fast for large files but cannot be perfect.
+ * With 'md5_outside', hash is computed using:
+ *  - md5 of the first part of the file,
+ *  - md5 of the last part of the file and
+ *  - file's size.
+ * This method offer file deduplication at minimal cost but can be dangerous as files with the same partial hash can be mistaken.
+ * With 'random' option, file hash is set to a random value and file deduplication cannot work but it is fast and safe.

  */
  */

-$cfg['file_hash'] = 'md5';
+$cfg['file_hash'] = 'random';

 
 /* Work around that LiteSpeed truncates large files when downloading.
  * Only for use with the LiteSpeed web server!
 
 /* Work around that LiteSpeed truncates large files when downloading.
  * Only for use with the LiteSpeed web server!


@@ -176,6 +195,21 @@ $cfg['file_hash'] = 'md5';
  */
 $cfg['litespeed_workaround'] = false;
 
  */
 $cfg['litespeed_workaround'] = false;
 

+/* Use the X-Sendfile header which should cause your webserver to handle
+ * the sending of the file. The webserver must be configured to do this
+ * using the mod_xsendfile module in Apache or the appropriate config in
+ * lighttpd. The offload will not happen in the case of server-side encrypted
+ * files, but all other cases should work. Benefits include being able
+ * to resume downloads and seek instantly in media players like VLC or
+ * the Firefox/Discord/Chrome embedded player.
+ */
+$cfg['use_xsendfile'] = false;
+
+/* Store uploader's IP along with 'link' file.
+ * Depending of your legislation, you may have to adjust this parameter.
+ */
+$cfg['store_uploader_ip'] = true;
+

 /* Required flag to test if the installation is already installed
  * or needs to start the installation script
  */
 /* Required flag to test if the installation is already installed
  * or needs to start the installation script
  */


@@ -187,3 +221,40 @@ $cfg['installation_done'] = false;
  * var- folder should kept secret and accessing it may lead to data leak if unprotected.
  */
 $cfg['debug'] = false;
  * var- folder should kept secret and accessing it may lead to data leak if unprotected.
  */
 $cfg['debug'] = false;

+
+/** Set Jirafeau's maximal upload chunk
+ * When Jirafeau upload a large file, Jirafeau sends several data chunks to fit server's capabilities.
+ * Jirafeau tries to upload each data chunk with the maximal size allowed by PHP (post_max_size and upload_max_filesize).
+ * However, too large PHP configuration values are not needed and could induce unwanted side effects (see #303).
+ * This parameter set Jirafeau's own maximal chunk size with a reasonable value.
+ * Option is only used for async uploads and won't be used for browsers without html5 support.
+ * You should not touch this parameter unless you have good reason to do so. Feel free to open an issue to ask questions.
+ * Set to 0 to remove limitation.
+ */
+$cfg['max_upload_chunk_size_bytes'] = 100000000; // 100MB
+
+/* Set password requirement policy for downloading files
+ * Possible values:
+ * optional (default): Password may be set by the uploader, but is not mandatory
+ * required: Setting a password is mandatory to upload a file.
+ * generated: Passwords are automatically generated and shown to the uploader, when uploading a file
+ */
+$cfg['download_password_requirement'] = 'optional';
+
+/* Set length of generated passwords
+ */
+$cfg['download_password_gen_len'] = 10;
+
+/* Set allowed chars for password generation
+ */
+$cfg['download_password_gen_chars'] = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%&*()_-=+;:,.?';
+/* Set password complexity policy for downloading files
+ * possible values:
+ * none (default): Passwords for downloading files can be of arbitrary complexity
+ * regex: Passwords are checked with a regex for complexity constraints
+ */
+$cfg['download_password_policy'] = 'none';
+/* Set the regex for regex download password policy
+ * Delimiters are need, but modifiers should not be used
+ */
+$cfg['download_password_policy_regex'] = '/.*/';