| 
 
  
 dot_lwrc - Editing the run control file for LibWeb
 
  
  
 
 You want to edit this file, make it web inaccessible and chmod 600 it. This
 file contains security sensitive data for your site.
 
  
  
 
 These variables are used for preparing (i.e. when a user logs in), checking
 (i.e. session-wise) and nullifying (i.e. when a user logs out)
 authentication cookies.
 
  
 
 
 
 
 CLASSIC_EXPIRES
 
  
 The default is 'Thu, 01-Jan-1970 00:00:01 GMT'. This is used to nullify authentication cookie when a user logs out. Any
 cookie set with this date will be canceled from the client's browser
 immediately. Do not edit this unless there is a compelling reason to do so.
 
 
 RAND_RANGE
 
  
 The range from which to generate a pseudo-random number. For example, if
 the range is 999999999, several places in LibWeb that makes use of pseudo-random number will use
 an integer that is randomly generated between 0 and 999999999. The purpose
 is to have different web site with LibWeb installed to have different and
 less predictable behavior in several aspects. Currently only used for
 generating the dummy authentication cookie (as of LibWeb-0.02). It is also
 used in the sample login script (lm.cgi) to make things look complicated.
 
 
 MAC_KEY
 
  
 HMAC is used for message integrity checks between two parties (in the case
 for LibWeb, the two parties referred here are your web site and a client
 web browser), and works in combination with some other Digest algorithm,
 usually MD5 or SHA-1. The HMAC mechanism is described in RFC 2104. MAC_KEY
 is the private key. Further explanation is better left to the expert,
 
  
    http://www.w3.org/Security/Faq/wwwsf7.html#Q66
  
 See also Digest::HMAC which is used by LibWeb::Digest and LibWeb::Session
 for preparing and checking authentication cookies. The proper size for this
 key is not well documented.
 
 
 
 
 CIPHER_KEY
 
  
 You must provide an encryption/decryption key, which can be any series of
 characters of any length. Internally, the actual key used is derived from
 the MD5 hash of the key you provide. Read the man page for Crypt::CBC for
 details. Blowfish is capable of strong encryption and can use key sizes up
 to 56 bytes (a 448 bit key). You're encouraged to take advantage of the
 full key size to ensure the strongest encryption possible from that module
 (Crypt::Blowfish).
 
 
 
 
 DIGEST_KEY
 
  
 This key is appended to the data from which a digest is to be generated.
 The purpose is to have different web site with LibWeb installed to have
 different and less predictable behavior in several aspects of the
 authentication cookie.
 
 
 
 
 CIPHER_ALGORITHM
 
  
 The cipher algorithm must be 'Crypt::Blowfish','Crypt::DES'or'Crypt::IDEA'as of LibWeb-0.01.
 
 
 DIGEST_ALGORITHM
 
  
 The digest algorithm must be either 'Digest::SHA1'or'Digest::MD5'as of LibWeb-0.01.
 
 
 CIPHER_FORMAT
 
  
 It can be either 'BINARY'or'HEX'. You should use'HEX'for the authentication cookie.
 
 
 DIGEST_FORMAT
 
  
 It can be 'HEX','BINARY'or'B64'. You should use'B64'for the authentication cookie. 
  
 
 
 
 
 
 DEBUG
 
  
 If you want stack traces to be printed to the viewing browser whenever a
 LibWeb's fatal method is called, assign 1 to it and 0 otherwise. You turn
 this on/off depending on whether you are debugging your application.
 
 
 
 
 FATAL_LOG (new in LibWeb-0.02)
 
  
 Absolute path to a log file which records all LibWeb's fatal calls. Assign undefto this variable to disable logging. You may want to turn this on if you
 have turned IS_MAIL_DEBUG_TO_ADMIN off.
 
 
 IS_MAIL_DEBUG_TO_ADMIN
 
  
 If you want stack traces to be sent to ADMIN_EMAIL whenever a LibWeb's fatal method is called, assign 1 to it and 0 otherwise.
 You may want to turn that off while you are debugging your application.
 
 
 
 
 SMTP (new in LibWeb-0.02)
 
  
 If you have installed Mail::Sendmail (this is a mandatory pre-requisite for
 NT servers in order for LibWeb to work properly), LibWeb will first try to
 use this module to send mails before using the primitive UNIX sendmail (see MAIL_PROGRAM below).  SMTP is an ARRAY reference to a list of smtp servers, so if your main server is
 down, LibWeb tries the next one. If one of your servers uses a special
 port, add it to the server name with a colon in front, to override the
 default port (like in smtp.your.server:2525). Defaults are localhost. Leave
 this unedited and LibWeb will probably do the right thing for you,
 especially if your server is UNIX alike.
 
 
 
 
 MAIL_PROGRAM
 
  
 For example, '/usr/sbin/sendmail -t -oi'. Leave this unedited if your server is NT.
 
 
 ADMIN_EMAIL
 
  
 E-mail address of your site's administrator.
 
  
  
 
 
 
 
 
 IS_NOTIFY_ADMIN_WHEN_ADDED_NEW_USER
 
  
 Do you want an e-mail to be sent to your site's administrator when a user
 signs up as a member at your site? Put 1 for yes; 0 otherwise.
 
 
 
 
 IS_ALLOW_MULTI_REGISTRATION
 
  
 Can one use the same e-mail address to sign up as different users? Put 1
 for yes; 0 otherwise.
 
 
 
 
 MAX_LOGIN_ATTEMPT_ALLOWED
 
  
 How many times do you allow incorrect password to be entered for an
 existing account? Note that after that maximum is reached (LibWeb basically
 increments NUM_LOGIN_ATTEMPT in the database for that account), anyone will be completely blocked out
 from logging in using that particular account even he/she enters the
 correct password. This number must be smaller than LOGIN_INDICATOR. As of 0.01, you have to reset it to 0 manually in your database after you
 have received the alert e-mail sent by LibWeb. Note that NUM_LOGIN_ATTEMPT is a column of the USER_LOG_TABLE table in the database.
 
 
 
 
 LOGIN_INDICATOR
 
  
 NUM_LOGIN_ATTEMPT is set to this value when a user successfully logs into her/his account.
 Note that when NUM_LOGIN_ATTEMPT is 0, it means that a user is not logged in, if it is any number from 1 to
 MAX_LOGIN_ATTEMPT_ALLOWED, it means that there is/are unsuccessful attempts, and if this number is
 equal to LOGIN_INDICATOR, it means that that user has successfully logged in.
 
 
 
 
 LOGIN_DURATION_ALLOWED
 
  
 There is an encrypted time-stamp on each authentication cookie sent to
 browsers. Whenever a protected page is requested by an authenticated
 browser, LibWeb will retrieve the cookie, decrypt the time-stamp and
 compare it to the current time. If the time difference is bigger than
 LOGIN_DURATION_ALLOWED (in seconds), LibWeb will automatically logs the
 user out by nullifying the authentication cookie on remote browser.
 
  
  
 
 
 
 
 
 IS_DB_ENABLED (new in LibWeb-0.02)
 
  
 If you do not use the database API of LibWeb, assign 0 to this variable to
 prevent LibWeb from generating all sorts of database error message. Assign
 1 to it otherwise.
 
 
 
 
 DB_SOURCE
 
  
 For example, if your database is MySQL, you have installed DBI and the
 specific driver and the database's name is puffy, then you can assign
 'DBI:mysql:puffy'to this value. Read the man page for DBI for details.
 
 
 DB_LOGIN
 
  
 Login name for your database.
 
 
 
 
 DB_PASS
 
  
 Password for your database.
 
 
 
 
 DB_OPTIONS
 
  
 For example, you can assign {RaiseError => 1, AutoCommit => 1} to
 this variable. Read the man page for DBI for details.
 
 
 
 
 USER_PROFILE_TABLE
 
  
 The table name for users' profiles. Default is 'USER_PROFILE'.
 
 
 USER_PROFILE_TABLE_UID
 
  
 The column name for user ID in the USER_PROFILE_TABLE. Default is
 'UID'.
 
 
 USER_PROFILE_TABLE_NAME
 
  
 The column name for users' screen names in the USER_PROFILE_TABLE. Default is 'NAME'.
 
 
 USER_PROFILE_TABLE_PASS
 
  
 The column name for users' passwords in the USER_PROFILE_TABLE. Default is 'PASS'.
 
 
 USER_PROFILE_TABLE_EMAIL
 
  
 The column name for users' e-mail addresses in the
 USER_PROFILE_TABLE. Default is 'EMAIL'.
 
 
 USER_LOG_TABLE
 
  
 The table name for the table that is responsible for logging users' sign-in
 time, status, IP and host name. Default is 'USER_LOG'.
 
 
 USER_LOG_TABLE_UID
 
  
 The column name for users' ID in the USER_LOG_TABLE. Default is
 'UID'.
 
 
 USER_LOG_TABLE_IP
 
  
 The column name for users' IPs in USER_LOG_TABLE. Default is
 'IP'.
 
 
 USER_LOG_TABLE_HOST
 
  
 The column name for users' host name in the USER_LOG_TABLE. Default is 'HOST'.
 
 
 USER_LOG_TABLE_LAST_LOGIN
 
  
 The column name for the last login date and time in the
 USER_LOG_TABLE. Default is 'LAST_LOGIN'.
 
 
 USER_LOG_TABLE_NUM_LOGIN_ATTEMPT
 
  
 The column name for the number of login attempt in the
 USER_LOG_TABLE. Default is 'NUM_LOGIN_ATTEMPT'. 
  
 
 
 
 
 
 SITE_1ST_COLOR
 
  
 In RGB, for example '#0099CC'(light blue).
 
 
 SITE_2ND_COLOR
 
  
 In RGB, for example '#006699'(blue).
 
 
 SITE_3RD_COLOR
 
  
 In RGB, for example '#003366'(deep blue).
 
 
 SITE_4TH_COLOR
 
  
 In RGB, for example '#FF9900'(orange).
 
 
 SITE_BG_COLOR
 
  
 In RGB, for example '#FFFFFF'(white).
 
 
 SITE_TXT_COLOR
 
  
 In RGB, for example '#000000'(black).
 
 
 SITE_LIQUID_COLOR1
 
  
 In RGB, for example '#E6E6E6'(lighter grey).
 
 
 SITE_LIQUID_COLOR2
 
  
 In RGB, for example '#C9C9C9'(light grey).
 
 
 SITE_LIQUID_COLOR3
 
  
 In RGB, for example '#9C9C9C'(grey).
 
 
 SITE_LIQUID_COLOR4
 
  
 In RGB, for example '#6E6E6E'(dark grey).
 
 
 SITE_LIQUID_COLOR5
 
  
 In RGB, for example '#000000'(black). 
 Note: Liquid colors are used for shading. For example, even rows of any
 table listing may be shaded. Some theme constructs use liquid colors as
 well (e.g. LibWeb::Themes::Default::enlighted_titled_table()). Make sure SITE_TXT_COLOR can be read clearly together with liquid colors (at least for SITE_LIQUID_COLOR1,2 and 3).
 
 
 PIX_URL
 
  
 The relative URL of image files. For example, '/img/'(note the trailing slash).
 
 
 SITE_LOGO
 
  
 The URL of your site's logo. For example, '/img/logo.png'. This is the image that goes well with your SITE_BG_COLOR. This is necessary because most browsers do not render png images with
 transparent background. You can ignore this fact if you use gif or jpg. 
  
 
 
 
 
 
 DOC_ROOT
 
  
 Do not edit unless there is a compelling reason to do so.
 
 
 
 
 URL_ROOT
 
  
 Do not edit unless there is a compelling reason to do so.
 
 
 
 
 LIB_ROOT
 
  
 Deprecated as of LibWeb-0.02.
 
 
 
 
 COPYRIGHT
 
  
 Deprecated as of LibWeb-0.02.
 
 
 
 
 PRIVACY_POLICY
 
  
 What is the relative URL of your site's privacy policy?
 
 
 
 
 TOS
 
  
 What is the relative URL of your site's Terms of Service?
 
 
 
 
 CSS
 
  
 What is the relative URL of your site's style sheet? A sample is included
 with the distribution.
 
 
 
 
 SITE_NAME
 
  
 Your site's name.
 
 
 
 
 SITE_DESCRIPTION
 
  
 A short description for your site. This will appear in every HTML page.
 
 
 
 
 SITE_KEYWORDS
 
  
 Keywords for your site. This will appear in every HTML page.
 
 
 
 
 SITE_YEAR
 
  
 When is your site established?
 
  
  
 
 
 
 
 
 LM_IN
 
  
 Relative URL of your site's login script, e.g. '/cgi-bin/lm.cgi'. This is the page to which LibWeb directs the Web browser in the case
 where the browser attempts to view a protected page without authentication
 a priori.
 
 
 LM_OUT
 
  
 Relative URL to your site's logout script, e.g. '/cgi-bin/lm.cgi?.a=logout'. |