mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-01-29 11:41:06 -05:00
545 lines
16 KiB
PHP
545 lines
16 KiB
PHP
<?php
|
|
|
|
namespace Config;
|
|
|
|
use CodeIgniter\Config\BaseConfig;
|
|
|
|
class App extends BaseConfig
|
|
{
|
|
/**
|
|
* This is the code version of the Open Source Point of Sale you're running.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $application_version = '4.0.0-dev';
|
|
|
|
/**
|
|
* This is the commit hash for the version you are currently using.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $commit_sha1 = 'dev';
|
|
|
|
/**
|
|
* Logs are stored in writable/logs
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $db_log_enabled = false;
|
|
|
|
/**
|
|
* Defines whether to require/reroute to HTTPS
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $https_on; //Set in the constructor
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Base Site URL
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* URL to your CodeIgniter root. Typically this will be your base URL,
|
|
* WITH a trailing slash:
|
|
*
|
|
* http://example.com/
|
|
*
|
|
* If this is not set then CodeIgniter will try guess the protocol, domain
|
|
* and path to your installation. However, you should always configure this
|
|
* explicitly and never rely on auto-guessing, especially in production
|
|
* environments.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $baseURL; //Defined in the constructor
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Index File
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Typically this will be your index.php file, unless you've renamed it to
|
|
* something else. If you are using mod_rewrite to remove the page set this
|
|
* variable so that it is blank.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $indexPage = '';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* URI PROTOCOL
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* This item determines which getServer global should be used to retrieve the
|
|
* URI string. The default setting of 'REQUEST_URI' works for most servers.
|
|
* If your links do not seem to work, try one of the other delicious flavors:
|
|
*
|
|
* 'REQUEST_URI' Uses $_SERVER['REQUEST_URI']
|
|
* 'QUERY_STRING' Uses $_SERVER['QUERY_STRING']
|
|
* 'PATH_INFO' Uses $_SERVER['PATH_INFO']
|
|
*
|
|
* WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
|
|
*
|
|
* @var string
|
|
*/
|
|
public $uriProtocol = 'REQUEST_URI';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Default Locale
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The Locale roughly represents the language and location that your visitor
|
|
* is viewing the site from. It affects the language strings and other
|
|
* strings (like currency markers, numbers, etc), that your program
|
|
* should run under for this request.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $defaultLocale = 'en-US';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Negotiate Locale
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* If true, the current Request object will automatically determine the
|
|
* language to use based on the value of the Accept-Language header.
|
|
*
|
|
* If false, no automatic detection will be performed.
|
|
*
|
|
* @var boolean
|
|
*/
|
|
public $negotiateLocale = true;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Supported Locales
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* If $negotiateLocale is true, this array lists the locales supported
|
|
* by the application in descending order of priority. If no match is
|
|
* found, the first locale will be used.
|
|
*
|
|
* @var string[]
|
|
*/
|
|
public $supportedLocales = [
|
|
'ar-EG',
|
|
'ar-LB',
|
|
'az-AZ',
|
|
'bg',
|
|
'bs-BA',
|
|
'cs',
|
|
'da',
|
|
'de',
|
|
'de-CH',
|
|
'el',
|
|
'en-GB',
|
|
'en-US',
|
|
'es',
|
|
'fa_IR',
|
|
'fr',
|
|
'he',
|
|
'hr-HR',
|
|
'hu-HU',
|
|
'hy',
|
|
'id',
|
|
'it',
|
|
'km',
|
|
'lo',
|
|
'ml',
|
|
'nb_NO',
|
|
'nl',
|
|
'nl-BE',
|
|
'pl',
|
|
'pt-BR',
|
|
'ro',
|
|
'ru',
|
|
'sv',
|
|
'ta',
|
|
'th',
|
|
'tl-PH',
|
|
'tr',
|
|
'uk-UA',
|
|
'ur-PK',
|
|
'vi',
|
|
'zh-HANS',
|
|
'zh-Hant',
|
|
];
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Application Timezone
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The default timezone that will be used in your application to display
|
|
* dates with the date helper, and can be retrieved through app_timezone()
|
|
*
|
|
* @var string
|
|
*/
|
|
public $appTimezone = 'Asia/Kathmandu';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Default Character Set
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* This determines which character set is used by default in various methods
|
|
* that require a character set to be provided.
|
|
*
|
|
* @see http://php.net/htmlspecialchars for a list of supported charsets.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $charset = 'UTF-8';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* URI PROTOCOL
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* If true, this will force every request made to this application to be
|
|
* made via a secure connection (HTTPS). If the incoming request is not
|
|
* secure, the user will be redirected to a secure version of the page
|
|
* and the HTTP Strict Transport Security header will be set.
|
|
*
|
|
* @var boolean
|
|
*/
|
|
public $forceGlobalSecureRequests = true;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Driver
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The session storage driver to use:
|
|
* - `CodeIgniter\Session\Handlers\FileHandler`
|
|
* - `CodeIgniter\Session\Handlers\DatabaseHandler`
|
|
* - `CodeIgniter\Session\Handlers\MemcachedHandler`
|
|
* - `CodeIgniter\Session\Handlers\RedisHandler`
|
|
*
|
|
* @var string
|
|
*/
|
|
public $sessionDriver = 'CodeIgniter\Session\Handlers\DatabaseHandler';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Cookie Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The session cookie name, must contain only [0-9a-z_-] characters
|
|
*
|
|
* @var string
|
|
*/
|
|
public $sessionCookieName = 'ospos_session';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Expiration
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The number of SECONDS you want the session to last.
|
|
* Setting to 0 (zero) means expire when the browser is closed.
|
|
*
|
|
* @var integer
|
|
*/
|
|
public $sessionExpiration = 7200;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Save Path
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The location to save sessions to and is driver dependent.
|
|
*
|
|
* For the 'files' driver, it's a path to a writable directory.
|
|
* WARNING: Only absolute paths are supported!
|
|
*
|
|
* For the 'database' driver, it's a table name.
|
|
* Please read up the manual for the format with other session drivers.
|
|
*
|
|
* IMPORTANT: You are REQUIRED to set a valid save path!
|
|
*
|
|
* @var string
|
|
*/
|
|
public $sessionSavePath = 'sessions';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Match IP
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Whether to match the user's IP address when reading the session data.
|
|
*
|
|
* WARNING: If you're using the database driver, don't forget to update
|
|
* your session table's PRIMARY KEY when changing this setting.
|
|
*
|
|
* @var boolean
|
|
*/
|
|
public $sessionMatchIP = true;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Time to Update
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* How many seconds between CI regenerating the session ID.
|
|
*
|
|
* @var integer
|
|
*/
|
|
public $sessionTimeToUpdate = 300;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Regenerate Destroy
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Whether to destroy session data associated with the old session ID
|
|
* when auto-regenerating the session ID. When set to FALSE, the data
|
|
* will be later deleted by the garbage collector.
|
|
*
|
|
* @var boolean
|
|
*/
|
|
public $sessionRegenerateDestroy = false;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie Prefix
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Set a cookie name prefix if you need to avoid collisions.
|
|
*
|
|
* @var string
|
|
*
|
|
* @deprecated use Config\Cookie::$prefix property instead.
|
|
*/
|
|
public $cookiePrefix = '';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie Domain
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Set to `.your-domain.com` for site-wide cookies.
|
|
*
|
|
* @var string
|
|
*
|
|
* @deprecated use Config\Cookie::$domain property instead.
|
|
*/
|
|
public $cookieDomain = '';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie Path
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Typically will be a forward slash.
|
|
*
|
|
* @var string
|
|
*
|
|
* @deprecated use Config\Cookie::$path property instead.
|
|
*/
|
|
public $cookiePath = '/';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie Secure
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Cookie will only be set if a secure HTTPS connection exists.
|
|
*
|
|
* @var boolean
|
|
*
|
|
* @deprecated use Config\Cookie::$secure property instead.
|
|
*/
|
|
public $cookieSecure;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie HttpOnly
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Cookie will only be accessible via HTTP(S) (no JavaScript).
|
|
*
|
|
* @var boolean
|
|
*
|
|
* @deprecated use Config\Cookie::$httponly property instead.
|
|
*/
|
|
public $cookieHTTPOnly = true;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie SameSite
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Configure cookie SameSite setting. Allowed values are:
|
|
* - None
|
|
* - Lax
|
|
* - Strict
|
|
* - ''
|
|
*
|
|
* Alternatively, you can use the constant names:
|
|
* - `Cookie::SAMESITE_NONE`
|
|
* - `Cookie::SAMESITE_LAX`
|
|
* - `Cookie::SAMESITE_STRICT`
|
|
*
|
|
* Defaults to `Lax` for compatibility with modern browsers. Setting `''`
|
|
* (empty string) means default SameSite attribute set by browsers (`Lax`)
|
|
* will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
|
|
*
|
|
* @var string
|
|
*
|
|
* @deprecated use Config\Cookie::$samesite property instead.
|
|
*/
|
|
public $cookieSameSite = 'Lax';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Reverse Proxy IPs
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* If your server is behind a reverse proxy, you must whitelist the proxy
|
|
* IP addresses from which CodeIgniter should trust headers such as
|
|
* HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP in order to properly identify
|
|
* the visitor's IP address.
|
|
*
|
|
* You can use both an array or a comma-separated list of proxy addresses,
|
|
* as well as specifying whole subnets. Here are a few examples:
|
|
*
|
|
* Comma-separated: '10.0.1.200,192.168.5.0/24'
|
|
* Array: ['10.0.1.200', '192.168.5.0/24']
|
|
*
|
|
* @var string|string[]
|
|
*/
|
|
public $proxyIPs = '';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Token Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The token name.
|
|
*
|
|
* @deprecated Use `Config\Security` $tokenName property instead of using this property.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $CSRFTokenName;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Header Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The header name.
|
|
*
|
|
* @deprecated Use `Config\Security` $headerName property instead of using this property.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $CSRFHeaderName = 'X-CSRF-TOKEN';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Cookie Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The cookie name.
|
|
*
|
|
* @deprecated Use `Config\Security` $cookieName property instead of using this property.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $CSRFCookieName;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Expire
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The number in seconds the token should expire.
|
|
*
|
|
* @deprecated Use `Config\Security` $expire property instead of using this property.
|
|
*
|
|
* @var integer
|
|
*/
|
|
public $CSRFExpire = 7200;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Regenerate
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Regenerate token on every submission?
|
|
*
|
|
* @deprecated Use `Config\Security` $regenerate property instead of using this property.
|
|
*
|
|
* @var boolean
|
|
*/
|
|
public $CSRFRegenerate = true;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Redirect
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Redirect to previous page with error on failure?
|
|
*
|
|
* @deprecated Use `Config\Security` $redirect property instead of using this property.
|
|
*
|
|
* @var boolean
|
|
*/
|
|
public $CSRFRedirect = true;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF SameSite
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Setting for CSRF SameSite cookie token. Allowed values are:
|
|
* - None
|
|
* - Lax
|
|
* - Strict
|
|
* - ''
|
|
*
|
|
* Defaults to `Lax` as recommended in this link:
|
|
*
|
|
* @see https://portswigger.net/web-security/csrf/samesite-cookies
|
|
*
|
|
* @deprecated Use `Config\Security` $samesite property instead of using this property.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $CSRFSameSite = 'Lax';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Content Security Policy
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Enables the Response's Content Secure Policy to restrict the sources that
|
|
* can be used for images, scripts, CSS files, audio, video, etc. If enabled,
|
|
* the Response object will populate default values for the policy from the
|
|
* `ContentSecurityPolicy.php` file. Controllers can always add to those
|
|
* restrictions at run time.
|
|
*
|
|
* For a better understanding of CSP, see these documents:
|
|
*
|
|
* @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
|
|
* @see http://www.w3.org/TR/CSP/
|
|
*
|
|
* @var boolean
|
|
*/
|
|
public $CSPEnabled = false;
|
|
|
|
public function __construct()
|
|
{
|
|
parent::__construct();
|
|
$this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] == 'true');
|
|
$this->baseURL = $this->https_on ? 'https' : 'http';
|
|
$this->baseURL .= '://' . ((isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : 'localhost');
|
|
$this->baseURL .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
|
|
}
|
|
}
|