* Jirafeau, your web file repository
* Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
* Copyright (C) 2015 Jerome Jutteau <jerome@jutteau.fr>
+ * Copyright (C) 2024 Jirafeau project <https://gitlab.com/jirafeau> (see AUTHORS.md)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
*/
$cfg['admin_password'] = '';
-/* If set, let the user be authenticated as administrator.
- * The user provided here is the user authenticated by HTTP authentication.
+/* If set, let the users be authenticated as administrator.
+ * The users provided here are authenticated by HTTP authentication.
* Note that Jirafeau does not manage the HTTP login part, it just checks
- * that the provided user is logged in.
+ * that one of the provided users is logged in.
+ * May be an array for multiple users or a string for a single user.
+ * The option to provide a string is for backward compatibility.
* If »admin_password« parameter is set, then the »admin_password« is ignored.
*/
-$cfg['admin_http_auth_user'] = '';
+$cfg['admin_http_auth_user'] = array();
+
+/* List of IP allowed to access the admin interface.
+ * If the list is empty, then there is no admin interface restriction based on IP.
+ * Elements of the list can be a single IP (e.g. "123.45.67.89") or
+ * an IP range (e.g. "123.45.0.0/16").
+ * Note that CIDR notation is available for IPv4 only for the moment.
+ */
+$cfg['admin_ip'] = array();
/* Allow user to select different options for file expiration time.
* Possible values in array:
*/
$cfg['one_time_download'] = true;
+/* When set to "true", the checkbox for deleting the file after the first download
+ * is preselected.
+ */
+$cfg['one_time_download_preselected'] = false;
+
/* Set maximal upload size expressed in MB.
* »0« means unlimited upload size.
*/
/* File hash
* In order to make file deduplication work, files can be hashed through different methods.
- * By default, files are hashed through md5 but other methods are available.
+ * To enable file deduplication feature, set this option to `md5`.
*
* Possible values are 'md5', 'md5_outside' and 'random'.
*
* - md5 of the last part of the file and
* - file's size.
* This method offer file deduplication at minimal cost but can be dangerous as files with the same partial hash can be mistaken.
- * With 'random' option, file hash is set to a random value and file deduplication cannot work anymore but it is fast and safe.
+ * With 'random' option, file hash is set to a random value and file deduplication cannot work but it is fast and safe.
*/
-$cfg['file_hash'] = 'md5';
+$cfg['file_hash'] = 'random';
/* Work around that LiteSpeed truncates large files when downloading.
* Only for use with the LiteSpeed web server!
*/
$cfg['debug'] = false;
+/* Enable this flag to enforce the classic upload without the HTML5 File API
+ * Only set to "true", if you know what you're doing!
+ */
+$cfg['debug_enforce_classic_upload'] = false;
+
/** Set Jirafeau's maximal upload chunk
* When Jirafeau upload a large file, Jirafeau sends several data chunks to fit server's capabilities.
* Jirafeau tries to upload each data chunk with the maximal size allowed by PHP (post_max_size and upload_max_filesize).
* Set to 0 to remove limitation.
*/
$cfg['max_upload_chunk_size_bytes'] = 100000000; // 100MB
+
+/* Set password requirement policy for downloading files
+ * Possible values:
+ * optional (default): Password may be set by the uploader, but is not mandatory
+ * required: Setting a password is mandatory to upload a file.
+ * generated: Passwords are automatically generated and shown to the uploader, when uploading a file
+ */
+$cfg['download_password_requirement'] = 'optional';
+
+/* Set length of generated passwords
+ */
+$cfg['download_password_gen_len'] = 10;
+
+/* Set allowed chars for password generation
+ */
+$cfg['download_password_gen_chars'] = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%&*()_-=+;:,.?';
+/* Set password complexity policy for downloading files
+ * possible values:
+ * none (default): Passwords for downloading files can be of arbitrary complexity
+ * regex: Passwords are checked with a regex for complexity constraints
+ */
+$cfg['download_password_policy'] = 'none';
+/* Set the regex for regex download password policy
+ * Delimiters are need, but modifiers should not be used
+ */
+$cfg['download_password_policy_regex'] = '/.*/';