Configuration Configuration

Table of Contents

Server configuration

Create config file

The configuration file is public_html/config/config.php. After installation it does not exist - create a copy from config.php.dist.

Settings

The configurarion file is a php file returning a hash.

📌 Example:

<?php

return [

    "apiurl" => "https://mfaserver.example.com/api/",
    "frontendurl" => "https://mfaserver.example.com/",
    "languages" => [ 
        "de" => "de-de",
        "en" => "en-en", 
    ],
    "ttl" => 60*60*24 * 0.5, // 12 h
    
    "pdo" => [
        "db" => [
            'dsn' => 'sqlite:'.__DIR__.'/../data/mfaserver.sqlite3',
        ],
    ],

    "methods" => [
        "totp" => [
            "enabled" => true,
        ],
        "email" => [
            "enabled" => true,
            "from" => "admin@example.com",
        ],
        "sms" => [],
    ],

];

Keys in alphabetic order:

Key Type Description
apiurl string url of your installation to the api that will be transmitted to webapps.
frontendurl string url of your installation
langauges array list of languages (inactive so far; German only)
methods hash Supported / enabled totp methods; it contains an enabled flag.
ttl int Time in seconds before the next mfa challenge will be shown. 60*60*24 * 0.5, is a half day (12 h)
pdo hash Database connection; Default is a DSN of a sqlite database (it will be created automatically)

Languages

If you translate the texts of public_html/config/lang/* into another language it can be activated to be shown on the top right.

You can extend the hash of visible labels (as keys) and the filenames of the language files

Syntax:

Key Type Description
<Label> string basename of the language file (without extension .php)

If a user switches the language it will be stored in a cookie.

MFA methods

So far 2 methods are implemented.

  • TOTP - A changing code every 30 sec (time based one time password).
  • Email - Enter a code sent to your email address

Each method has its own subkey. Below it is a key "enabled" which can be set to false to disable an existing mehod.

There can be other keys that are method specific.

email
Key Type Description
from string sender address to send emails with verification code to the user

Remark

To use email you need an installed mailing service (Postfix, Sendmail etc.) and you need a proper DNS configuration that sent emails are not marked as spam. Otherwise you should set 'enabled' => false,

PDO

Define database connection. The key "db" is given to abstract database class. See Database connection config 🌐 https://www.axel-hahn.de/docs/php-abstract-dbo/Classes/pdo_db.class.php.html.