Low-level customization: userconfig.cfg and persistent logins

This short tutorial covers the userconfig.cfg file and how to use it. It also describes the settings needed to enable persistent user login, i.e. carrying logins over from one browser session to another.

LnBlog has a lot of configuration settings. However, not all of them have a nice settings dialog that allows you to change them graphically.

The blogconfig.php file in the root of your LnBlog installation is full of settings like this this. That file has PHP definitions for various configuration constants. They're "constant" in that you can't change them programatically, i.e. inside a plugin or other script, but you can change them using a configuration file. That file is called userconfig.cfg and it is located in your LnBlog/userdata folder.

If you look at the blogconfig.php documentation, you'll see that many of the constants defined there are listed as having a default value. The values of those constants can be changed by adding a line to your userconfig.cfg file. Of course, you could just just edit blogconfig.php, but that file changes with every version of LnBlog, so you'd have to re-do all your chages with every upgrade. Since userconfig.cfg lives in your userdata folder, you can easily carry it over from one version of the software to another.

The format of userconfig.cfg is simple: name=value pairs, one per line. You can add comments by starting a line with a hash (#) character. When LnBlog loads a page, it will read the userconfig.cfg and for each line it will define a constant with the name given before the equal sign and assign it the value after the equal sign. Because this is loaded before other constants are defined, the values set here will take precedence over the defaults.

As an example, let's set some of the values that control user login security. LnBlog's default user authentication settings are, well, a little paranoid. In the current version (0.7.3) and earlier, a login token is stored on the server in a session variable and on the client in a cookie. A user is only authenticated if the client's token matches the server's. This is good because it prevents account hijacking by stealing cookies (the login token incorporates a timestamp and IP address, so simply copying the cookie won't get you authenticated), but it's a little inconvenient, as your login only lasts as long as your HTTP session does.

To fix this, we will add two lines to our userconfig.cfg. Note that this file is case-sensitive. If you do not have a userconfig.cfg file in your userdata directory, create it with a text editor.

Open up your userconfig.cfg in a text editor and add the code below.
AUTH_USE_SESSION = false
LOGIN_EXPIRE_TIME = 2592000

The first line turns off the paranoid authentication check so that LnBlog will only check for a predefined value in a cookie. The second line sets the expiration time of that cookie. The default value (false) expires the cookie when your browser session end. The number indicates the number of seconds after which the login cookie should expire. The value given above is equivalent to 30 days.

There are a number of other userconfig.cfg settings that might prove interesting. ENTRY_DATE_FORMAT is the format string used to display the post date on entries. Another good one is KEEP_EDIT_HISTORY, which determines whether changes to entries and articles should just overwrite the old data or whether the system should keep a backup copy. The COMMENT_NOFOLLOW configuration constant determines whether links in entry comments should have the rel="nofollow" attribute added to them. And lastly, the ANON_POST_NAME and NO_SUBJECT constants determine what name and subject should be given to comments when the user doesn't enter one.

Hopefully that gives you an idea of how to set some of the more esoteric configuration options in LnBlog. In a future posting, I'll describe userconfig.php, which is similar in purpose, but both much more powerful and much harder to use.

You can reply to this entry by leaving a comment below. You can send TrackBack pings to this URL. This entry accepts Pingbacks from other blogs. You can follow comments on this entry by subscribing to the RSS feed.

Add your comments #

A comment body is required. No HTML code allowed. URLs starting with http:// or ftp:// will be automatically converted to hyperlinks.