PW Configuration: pw-config.php

pw-config.php generally sits in the main plugin directory, and must be sourced by whatever file is used by the user to first interact with PamelaWare (for example the login page). This is also the place where a framework-specific general include file could be included (for example, wp-config.php).

pw-config.php must contain definitions for the following variables:

PW_PLUGIN

  • set to the plugin identifier' - currently either wp or jos.

PW_TABLE_PREFIX

  • This is often set by the framework, to allow multiple instantiations of a given framework to exist within the same table. If this type of variable doesn't exist in the framework, PW_TABLE_PREFIX should be set to the same as PW_PLUGIN.

PW_DEBUG_ON

  • default is false.
    • if you set debug to true, you get debug output through the browser.

PW_TIMEVALIDATION_ON

  • default is true
    • if set to false, the system does no time checking. This is useful, but not secure.

PW_VALIDITY_WINDOW

  • default is 300 (seconds).
  • The validity window defines how long a given token will work for - it's good to have a bit of a window to allow for time synch differences, but the window should be small enough that somebody couldn't use the window for nefarious purposes.

PW_CLICKBACK_LENGTH

  • default is 16.
  • Clickback salt is used to ensure that every site's clickback mechanism produces clickback IDs that are unique and not guessable.

PW_CUSTOM_DATA

  • default is false
  • If PW_CUSTOM_DATA is set to true, functions that use claims will expect to execute custom data functions around custom claims. Custom functions are expected to be found at PW_CUSTOMDATAPATH.

PW_SHOW_BINARY

  • default is false.
  • If this is set to true, binary data such as the certificate, modulus, etc are displayed in full.

PW_PLUGINPATH', '/wp-content/plugins/wp-infocard'); PW_MANAGEDONLY

  • default is false
  • this dictates whether there are trusted IDPs out there. A list of trusted IDPs are stored in the options table. If the list of trusted IDPs is empty, all IDPs are trusted, which is a bad idea for anything other than demonstrations.

PW_VERSION

  • this is a constant, set by dev scripts when cutting a new release. Currently this is manual.

PW_VERSION_DATE

  • this should be a constant, set by dev scripts when a new rev comes out. Currently this is manual.

PW_SELECTORTRIGGER

  • default is html - can be one of html or xhtml
  • this defines the format of the Identity Selector Trigger mechanism. This should only be changed to XHTML if the admin has a need for strict XHTML 1.0 Compliance.

PW_USECAPTCHAS

  • default is false.
  • this is a to-be-created feature - in the case where the admin wants both username/password and card functionality, we add a captcha to the username/password functionality.

PW_CUSTOMDATAPATH', dirname(FILE) . '/' . PW_PLUGIN. '/customdata.pw.php'); PW_CUSTOMDATAPATH', dirname(FILE) . '/custom/customdata.pw.php');

PW_PATH

  • Filesystem path to the plugin root directory

PW_IMGPATH

  • Filesystem path to the plugin images directory

PW_SITEMESGPATH

  • HTTP URL to the plugin site-messages directory (site-messages)

PW_PLUGINURL

  • HTTP URL to the plugin root directory

PW_IMGURL

  • HTTP URL to the plugin image directory (pwlib/images)

PW_SECUREPLUGINURL

  • HTTPS URL to the plugin root directory.

PW_SITEMESGURL

  • HTTP URL to the plugin site messages file

PW_SECURESITEURL

  • HTTP URL to the main user site

PW_FP_ICON

  • Name of the file to use as the frontpage Information Card Icon
  • Icon must be in /pwlib/images/ic-logo