These documentation pages are currently under construction and their structure is not ready yet.

As soon as a sufficient number of pages is present, the site navigation will be shown.

System configuration

This configuration is written in a local file and is editable only by direct access to the file system.

This file is stored in the custom directory and it's named config.php

PhPeace has been designed so that file system access is never necessary. Only system administrators can access the file system and hence change the configuration settings stored in this file, which is never going to be updated by automatic updates or by other scripts.

The reason for keeping these settings isolated in a file that cannot be edited by PhPeace users but only by system administrators is because these settings have security or performance implications, or that they require a proper understanding of the local system. Finally, most of these settings are meant to be edited at installation and never going to be changed thereafter.

The config.php file is a set of PHP classes and the main settings are written as public properties of the Config class. So it must be edited respecting PHP syntax. A systax error could result in a fatal error for all PHP pages of the portal, so pay attention when editing it.

Most settings have a default value, which is explained below, so that PhPeace can work even when a setting is not specified in its configuration file. This is quite common for new configuration settings, so you may want to check this page from time to time to figure out if any interesting setting has been introduced.

At run-time, the configuration is cached and you need to clear your browser session in order to see any change.

Here you can find a detailed description of these settings. Their default value is specified next to each of them.

Errors & debugging

public $debug = false;
Whether to show errors in PHP pages.
You should always leave this setting to false and let the ErrorHandler catch all errors and write them in the error log.
However you may want to set it to true in development or during testing for troubleshooting.

public $error_message = "";
Message shown to users in case of errors
Default: "An error occurred and the administrator has been notified"
If set to empty string, no message is shown (so usually this setting is commented out).


public $dbconf = array('user' => 'dbusername','password' => 'dbpassword','database' => 'dbname','server' => 'localhost');
Database connection parameters.
An additional parameter 'impl' can be used to set the DB type. Usually it's not set as it defaults to MySQL. The only other possible value is "mysql_cluster" for MySQL CLuster support.

public $db_pconn = false;
Whether to use a persistent connection.
For performance reasons you better leave this setting to false.

public $delayed_inserts = true;
Some SQL statements use delayed inserts, in particular for logging activities.
This is supported by MyISAM tables only, which is the storage engine used by all tables in the standard PhPeace database schema/
However if you use MySQL Cluster you have to set this to false as delayed inserts are not supported by NDB storage engine.

public $db_charset = "utf8";
Programmatically set the charset for every connection.
This is usually not needed, as your database should really be configured to work in UTF8 by default.
However you can use this settings in case your database uses something different such as latin1.
Please note that this affects the connection only. If your database is not using UTF8 by default, you should remember to specify the charset when creating the database.


public $encoding = "UTF-8";
(X)HTML Encoding for all pages, both admin interface and portal.
It is used for internal XML and for XSL output as well, so it overrides the setting in the XSL's output element, which is therefore useless.
Currently only UTF-8 is supported. Other Unicode encodings may be added in the future.
ISO-8859-1 is not supported any more.

Public website

public $paths = array( 'article' => '/articles/art_','subtopic' => '/indices/index_','gallery' => '/gallery/','article_box' => '/articles/box_','article_doc' => '/docs/','image' => '/images/','image_orig' => '/images/img_','image_zoom' => '/articles/iz_','gallery_image' => '/images/ig_','graphic' => 'images/','docs' => 'pdocs/');
These prefixes are used for the generation of static filenames (ID and extension are added on the right side).
Leave the slashes as specified, and if you change a common setting (such as "article") change in all its occurrences.

public $verification_required = false;
Force portal visitors to verify their email (i.e. they need to click on the link they receive after registration) before any authenticated activity

public $unverified_people_ttl = 0;
Life (in days) of visitors to activate portal account through verification email
Default: 0 day (i.e. unverified visitors will not be removed from database)

public $block_multiple_sessions = false;
Forbid multiple authenticated sessions from different devices for the same user.
You can set it to true in case you want to block people from accessing personalized site content from more than one device at the same time.

public $log_login = false;
Log portal visitors login. This may fill up your database very quickly, enable it only if you are really sure you want this.
In any case this info is not kept forever. Log data older than 2 months is deleted, and this is not configurable.

public $visitors_life = 60;
Life (in days) of the cookie for visitors' persistent login

public $verify_token_ttl = 432000;
Life (in seconds) of the email verification token sent to the visitors. Default: 432000 seconds (5 days)

public $htaccess = true;
Use .htaccess to control redirects and access. You should usually leave this to true unless you want to block users from messing around with redirects (and achieve also a slight increase in performance).

public $pub_ssl = false;
Use SSL for secure public pages. You need to configure your virtual hosts accordingly.
Of course you need to purchase a SSL certificate for your hostname / domain.


public $img_sizes = array('80','120','250','400');
Default sizes (in pixels) for resized images. Whenever you upload an image in articles' content, it is resized (using ImageMagick) to all these sizes. These settings specify the width of images, height is proportional to the original one.
If you want you can add more options, but you will need to re-generate all images from the Administration module.

public $convert_format = "jpg";
Format of resized images. Possible values: jpg, png
Defaults to JPG as it is the most versatile and efficient format for web images.
If you use PNG, please note that the file size of your resized images will be quite large, so set the compression algorytm and the img_sizes accordingly.

public $convert_path = "";
Path to ImageMagick executable (convert). With no ending slash (i.e. /usr/bin, not /usr/bin/ )
Default: empty (assuming it's in the path reachable by PHP)

public $convert_quality = 90;
Quality of resized images
For JPG, the value goes from 1 to 100, the higher the better
For PNG, the value identifies the lossless compression algorytm to be used
For more details, see ImageMagick documentation

public $default_img_size = 1;
Index of $img_sizes array (which starts from 0). It's used when it's not specified by the admin user.

public $default_associated_img_size = 0;
Index of $img_sizes array (which starts from 0) used by default for associated images.

public $box_sizes = array('100','200','300','400');
Default sizes (in pixels) for article boxes. If you change this, change also article.css

Admin interface

public $content_type = "html4_strict";
HTML content-type for all webpages of the Admin interface
Possible values: html4_strict,html4_transitional,xhtml10_strict,xhtml10_transitional,xhtml11_strict
Default: html4_strict

public $records_per_page = 15;
Number of records per page

public $user_auth = "internal";
User authentication mode. Choose between the internal database user table ("internal") or an external LDAP server ("ldap"). Defaults to "internal"

public $ldap = array( 'server' => 'ldap.domain.org','username' => 'username','password' => '','domain' => 'domain.org','base' => 'ou=People,dc=domain,dc=org','filter' => 'sAMAccountName=*','attributes' => array("mail","name","samaccountname") );
In case you chose "ldap" as user authentication mode, here you can specify the settings to connect to your LDAP server.

public $password_length_min = 8;
Minimum password length

public $max_login_attempts = 3;
Number of failed login attempts before notifying administrators

public $login_failure_delay = 10;
Minimum delay (in seconds) between login attempts

public $disable_autocomplete = false;
Disable auto-complete for login page input. Increases security as login cannot be stored by browser.

public $warranty = "";
You can specify a warranty disclaimer that will be displayed in the footer of all pages of the admin interface.
By default (empty string) it displays the usual GPL no warranty statement.

public $no_more_ie6 = false;
Show a warning to IE6 users. PhPeace currently works with IE6, however you may want to show a warning as specific functionalities may have problems with IE6, and in case people should really upgrade it.

public $welcome_quote = false;
Show a random quote in welcome page of Admin interface

public $force_email_verification = false;
Users must verify their email address before accessing admin interface

public $uppercase_warning = false;
Display a warning when an admin user inserts an article with all-uppercase title

public $max_vis = 20;
Articles may be manually ordered using the "visibility" parameter, which goes from 1 to this maximum value

public $update_diff = 14400;
Difference in seconds in order for an update to be considered new and stored in the history table. (default: 4 hours)

public $step_articles = 100;
How many articles are created on each publishing step (when forcing a full republish from the admin interface)

public $users_mode = "shared";
How topics are shown to admin users. Possible values: "shared" "isolated". Default: "shared"
In shared mode, all topics content can be read by all users, and only each topic's users / administrators can edit.
In isolated mode, admin users can see the topics the belong to only, and are not able to read content from other topics.

public $submit_defects = true;
Allow defects submission from admin interface

public $video_files = array('mpg','mpeg','avi','flv','wmv','qt','mov','mp4');
Which file extensions are considered of type video

public $audio_files = array('wav','mp3','ogg','aiff','au','mp4','m4a','wma','ra');
Which file extensions are considered of type audio

public $image_files = array('jpg','jpeg','gif','png','bmp','tif','tiff','swf','ico');
Which file extensions are considered of type image

public $doc_files = array('pdf','rtf','txt','doc','docx','xls','xlsx');
Which file extensions are considered of type document

public $doc_covers_size = -1;
Generate JPG images of document covers. Value refers to index of img_sizes array

Search engine

public $scheduler_index = 50;
How many resources to index per each scheduler cycle

public $indexer_weights = array( 'keyword' => 10, 'title' => 8, 'keyword_related' => 5, 'content' => 4, 'notes' => 3 );
Weight associated with different type of content.
If you change this setting after installation, you have to rebuild the whole index

public $time_weight = 0;
Weight associated with articles' timestamp.
It's multiplied with the aging days, and subtracted from the ranking score, so that older articles are penalized in search results.

public $min_str_length = 3;
Minimum lenght of search term

public $metaphone_threshold = 0;
Threshold for metaphone-based suggestions
If number of search results is less than this threshold, metaphone-based suggestions of indexed words will be shown.

public $index_pdf = false;
Extract and index text from PDF documents.
Requires pdftotext (part of xpdf package)

public $index_doc = false;
Extract and index text from Microsoft Word .doc documents
Requires antiword

public $search_query_store = false;
Store all search queries (which are then visible in the Aministration module).


public $cron_timeout = 1800;
Timeout in seconds for each cron step.
Set 0 for no timeout (dangerous).

public $topic_publish_timeout = 900;
Timeout in seconds for manual publish step


public $sender_address = false;
Set the email envelope sender.
If you're using sendmail, you may want to set the envelope sender address. It works with Postfix too if PHP has ben compiled with the sendmail wrapper.
To avoid X-Authentication-Warning, add your webserver user to /etc/mail/trusted-users
If set to true, it will bounce to the address specified in the From: header, unless you set a specific address in $specific_sender_address

public $specific_sender_address = "";
If $sender_address is set to true, you may want to specify a specific address for capturing bounces, different from the From: header. You will then be able to process bounces, specifying their settings below.

public $bounces_host = "";
public $bounces_port = "";
public $bounces_username = "";
public $bounces_password = "";
If $specific_sender_address is set, you can specify the POP host and account in order to download and process the bounced messages.

public $bounces_threshold = 5;
Score of bounces before disabling email (for both admin and portal users)

public $soft_bounce_score = 0;
Score of soft bounces.

public $hard_bounce_score = 0;
Score of hard bounces.

public $mailjob_limit = 200;
Maximum number of messages sent by each scheduler cycle

public $mail_from = "PhPeace ";
When sender is not specified, this setting will be prexifed to all outgoing mail messages

public $x_mailer = true;
Add X-Mailer header ("PhPeace " + version number) to outgoing email messages

public $attachment_max_size = 1048576;
The maximum size for mailjobs' attachments (in bytes). Default: 1Mb

public $phpmailer = false;
Use PHPMailer instead of internal PHP mail method

public $phpmailer_smtp = "";
SMTP server for PHPMailer


public $proxy = false;
Use a proxy for CURL connections

public $proxy_name = "";
Name/IP of proxy server to be used

public $proxy_port = "";
Port of proxy server to be used


public $mobile_salt = "";
String used to salt passwords coming from mobile apps


public $error_log_size = 2048;
Maximum size of the error log (in kB). Default: 2048 (2MB)

public $log_archive = false;
Copy daily logs in the archive folder. Useful if you want to keep the whole log story, but be aware of disk space issues.

public $syslog = false;
Use local syslog facility to log warnings and errors

public $formspam_log = false;
Log spam attempts from public forms. Be careful when enabling this as your log may fill up pretty quickly.


There are two caches in PhPeace. An in-memory one and a file-system based one.
The in-memory one is used for caching variables, settings, localization files and other values across multiple users and even across multiple installations on the same server. It works best when APC is enabled.
The file-system one is used for caching network resources (such as RSS feeds).

public $caching = "session";
Which facility to use for in-memory cache. Possible values: "session"  "apc"
If APC is not available, it will fall back to session

public $apc_cache_ttl = 0;
Time to live for cached data in APC, in seconds. Default: 0 (never expires), i.e. all cached variables are programmatically set and removed from cache.

public $cache_ttl = 360;
Generic time to live for content cached on the file system, in minutes. Default: 360 (6 hours).

public $rss_ttl = 60;
Time to live for RSS feed content cached on the file system, in minutes. Default: 60 (1 hour).

URL shortening

public $uss_url = "";
Public URL of PhPeace running the URL shortening service to use
Alternatively, you can use http://bit.ly setting this to "bit.ly"

public $uss_key = "";
URL shortening server key.
For a PhPeace instance running the USS service, this key is used to authorize requests.
For any other PhPeace, this key is used to request URL shortening from the server above (in $uss_url)

public $uss_log_hits = false;
Whether you want to track hits on shortened URLs.

public $uss_mask = "";
Hostname to mask the default page on the portal domain for USS redirection.
You will need to cofingure the URL rewriting rule for this to work in your virtual host configuration.


public $audio_max_size = 30971520;
The maximum size for the uploaded video files (remember to check your php.ini settings for post_max_size and upload_max_filesize directives). Default: 20Mb

public $audio_sample_rate = 22050;
Audio rate of encoded audio files. Default: 22050 Hz

public $audio_bitrate = 96;
Audio bitrate of encoded audio files. Default: 96 kbps

public $ffmpeg_audio_options = "-acodec mp3 -ac 1 ";
ffmpeg options (audio codec and channels)


public $video_resize_width = 320;
public $video_resize_height = 240;
Resize values for videos. Default 320x240 pixel

public $video_length_limit = 1200;
Maximum video duration in seconds. Default: 1200 (20 minutes).

public $video_max_size = 31457280;
The maximum size for the uploaded video files (remember to check your php.ini settings for post_max_size and upload_max_filesize directives). Default: 30Mb

public $video_bitrate = 200000;
Bitrate of encoded video files. Default: 200000 b/s (= 200 kbps)

public $video_frame_rate = 25;
Frame rate of encoded video files. Default: 25 fps

public $video_audio_sample_rate = 22050;
Audio rate of encoded video files. Default: 22050 Hz

public $video_audio_bitrate = 32;
Audio bitrate of encoded video files. Default: 32 kbps

public $video_thumbs = 3;
How many thumbs to generate per video.

public $ffmpeg_niceness = 19;
ffmpeg (video encoder) nice level. Leave it to a low level like this.

public $ffmpeg_options = "-aspect 4:3 -f flv -acodec mp3 -ac 1 ";
ffmpeg options (screen dimensions, audio codec and others)

public $encodings_per_cron_job = 1;
How many video to encode per each cron cycle

Tracking visitors

public $track = false;
Track known visitors (i.e. already registered and with cookie)

public $track_exclude = array("");
Which IPs to exclude from tracking

public $track_exclude_ua = array("Googlebot","Slurp","msnbot");
Which User Agents to exclude from tracking

public $track_all = false;
Track all visitors. Huge impact on performance, advisable only in controlled environments (such as intranets).


public $awstats = "";
URL to awstats.pl , for example "http://username:password@localhost/awstats"


public $widgets_cache_default_ttl = 600;
Maximum time (in seconds) a widget can be cached on local file system (for anonymous users only). Default: 600 (10 minutes)

public $widget_library_display = "";
Widgets categories to show My Widgets

public $openinviter = false;
Use openinviter to send widgets invitations
If set to true, put its settings in a file named openinviter.php in the custom directory

Widgets - Web feeds

public $feed_items_validate_per_cron_job = 100;
How many feed items URLs to check on each scheduler cycle

public $minimum_feed_update_interval = 30;
Minimum time interval (in minutes) for updating a feed content stored in the database.
This overrides $rss_ttl as widgets feeds can have a higher update frequency. Default: 30 (half-hour).

public $feeds_import_per_cron_job = 50;
How many feeds to import on each scheduler cycle


public $mod_rewrite = false;
Whether Apache module mod_rewrite and mod_proxy are available and can be used for Friendly URLs redirection.

public $upload_host = "";
Host to send upload posts. Useful in case of multiple frontend servers.
Do not specify the protocol http://, just the host name

public $post_install_script = "";
Shell script to be executed after every PhPeace update.
Useful for additional deployment tasks

public $post_update_script = "";
Shell script to be executed after every update action (publish, upload, update)
Useful to synchronize content across multiple servers

public $user_agent = "";
User Agent for network activities (download, browse, post). Default: PhPeace {version} bot

public $soap_timeout = 5;
Timeout in seconds for connection to SOAP services

public $soap_timeout_short = 1;
A shorter timeout in seconds for connection to SOAP services

public $blackdirs = array();
Blacklist of directories to be kept safe (i.e. not to be used for topics or other purposes)

public $dr_site = false;
Whether this installation is a disaster recovery site.
Useful to block interactive actions and show warnings in the UI.


TinyMCE is the WYSIWYG editor used in PhPeace admin interface.

public $tinymce_b1 = "";
public $tinymce_b2 = "";
TinyMCE buttons. There are two bars, the first one is set to the following default values: "bold, italic, underline, strikethrough, formatselect, removeformat, separator, cut, copy, paste, pastetext, pasteword, separator, justifyleft, justifycenter, justifyright, justifyfull, separator, bullist, numlist, separator, undo, redo, separator, link, unlink, separator, cleanup, code"
The second one is empy. Some common buttons that can be added are "fontsizeselect" and "tablecontrols"
You can see all available settings here http://wiki.moxiecode.com/index.php/TinyMCE:Control_reference

public $tinymce_blockformats = "";
Styles available in TinyMCE. Default: "p,h2,h3,blockquote"
See http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/theme_advanced_blockformats

public $tinymce_valid_elements = "";
HTML elements allowed in the WYSIWYG editor
Default: "img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name|phpeace_id], iframe[src|width|height|name|align|frameborder|scrolling]"
See http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/extended_valid_elements


public $codepress = false;
Use CodePress for CSS syntax highlighting

public $upload_progress = false;
Show file upload progress bar. Requires jQuery Progress Bar plug-in

public $highslide = false;
Use Highslide JS for images zooming and galleries. See http://highslide.com

public $google_api_key = "";
Google API key for various services (maps, gmail)

public $captcha = "";
Captcha type.
securimage for internal captcha support
recaptcha for external Google service

public $recaptcha_public_key = "";
public $recaptcha_private_key = "";
If you select to use recatpcha, get your keys at http://www.google.com/recaptcha

public $ydn_oauth_consumer_key = "";
public $ydn_oauth_consumer_secret = "";
Oauth account for Yahoo Developer Network API

public $twitter_consumer_key = "";
public $twitter_consumer_secret = "";
Twitter API keys for automatic tweets generation.
Get your keys at http://dev.twitter.com/apps

public $bitly_login = "";
public $bitly_key = "";
bit.ly key for URL Shortening service
Get your key at http://bit.ly/a/your_api_key/

public $stop_forum_spam = false;
Use stopforumspam.com blacklist for filtering IPs and email addresses on form submissions

This information has been last verified with PhPeace version 2.4.1

Powered by PhPeace 2.5.4