Configuration Guide

Configure scriptLog using config.php, .env files, and the dynamic SMTP system for flexible deployment.

Home / Documentation / Configuration Guide

Configuration Files

scriptLog supports both config.php and .env files for configuration. Both are auto-generated during installation.

config.php

Main configuration file with $_ENV fallback pattern:

PHP config.php 
<?php
return [
    'db' => [
        'host' => $_ENV['DB_HOST'] ?? 'localhost',
        'user' => $_ENV['DB_USER'] ?? '',
        'pass' => $_ENV['DB_PASS'] ?? '',
        'name' => $_ENV['DB_NAME'] ?? '',
        'port' => $_ENV['DB_PORT'] ?? '3306',
        'prefix' => $_ENV['DB_PREFIX'] ?? ''
    ],
    'app' => [
        'url'   => $_ENV['APP_URL'] ?? 'http://example.com',
        'email' => $_ENV['APP_EMAIL'] ?? '',
        'key'   => $_ENV['APP_KEY'] ?? '',
        'defuse_key' => 'lib/utility/.lts/lts.txt'
    ],
    'mail' => [
        'smtp' => [
            'host' => $_ENV['SMTP_HOST'] ?? '',
            'port' => $_ENV['SMTP_PORT'] ?? 587,
            'encryption' => $_ENV['SMTP_ENCRYPTION'] ?? 'tls',
            'username' => $_ENV['SMTP_USER'] ?? '',
            'password' => $_ENV['SMTP_PASS'] ?? '',
        ],
        'from' => [
            'email' => $_ENV['MAIL_FROM_ADDRESS'] ?? '',
            'name' => $_ENV['MAIL_FROM_NAME'] ?? 'Blogware'
        ]
    ],
];

.env File

Auto-generated environment file:

ENV .env 
# --- DATABASE CONFIGURATION ---
DB_HOST=localhost
DB_USER=blogwareuser
DB_PASS=yourpassword
DB_NAME=blogwaredb
DB_PORT=3306
DB_PREFIX=

# --- APPLICATION CONFIGURATION ---
APP_URL=https://example.com
[email protected]
APP_KEY=XXXXXX-XXXXXX-XXXXXX-XXXXXX

# --- MAIL / SMTP CONFIGURATION ---
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASS=
SMTP_ENCRYPTION=tls
[email protected]
MAIL_FROM_NAME=Blogware

Application Constants

Defined in lib/common.php:

Constant Value Description
DS / or \ Directory separator
APP_ROOT Application root Root directory path
APP_ADMIN 'admin' Admin directory name
APP_PUBLIC 'public' Public directory name
APP_LIBRARY 'lib' Library directory name
APP_THEME 'public/themes' Themes directory
APP_PLUGIN 'admin/plugins' Plugins directory
APP_IMAGE 'public/files/pictures' Images directory
APP_VIDEO 'public/files/video' Videos directory
APP_AUDIO 'public/files/audio' Audio directory
SCRIPTLOG HMAC hash Security constant

Database Configuration

Configure database connection settings:

Setting Environment Variable Default
Host DB_HOST localhost
Username DB_USER -
Password DB_PASS -
Database DB_NAME -
Port DB_PORT 3306
Table Prefix DB_PREFIX (empty)

Dynamic SMTP System

scriptLog features a database-driven SMTP configuration system that allows real-time updates without manual file modification.

Configuration Keys (tbl_settings)

Key Description
smtp_host SMTP server hostname (e.g., smtp.gmail.com)
smtp_port SMTP server port (587, 465)
smtp_encryption Encryption method (tls, ssl, none)
smtp_username SMTP authentication username
smtp_password SMTP authentication password
smtp_from_email Default "From" email address
smtp_from_name Default "From" name

Core Components

Component Location Purpose
NotificationService lib/service/NotificationService.php Email delivery with database fallback
ConfigurationController lib/controller/ConfigurationController.php Handles SMTP setting updates
MAIL_CONFIG lib/core/ActionConst.php Action constant for mail config

Configuration Priority

NotificationService prioritizes settings from the database. If a setting is missing, it falls back to config.php values.

Security Configuration

Cookie Encryption

Authentication cookies are encrypted using Defuse/php-encryption:

PHP installation 
# Key generation during installation
Defuse\Crypto\Key::createNewRandomKey()

# Key storage
lib/utility/.lts/lts.txt

CSRF Protection

All forms use CSRF tokens generated via CSRFGuard class. Token validation is required for POST requests.

Installation Settings

Additional installation settings stored in tbl_settings:

Key Description
blogname Site title
blogdescription Site tagline
siteurl Site URL
posts_per_page Posts per page
comment_moderation Comment moderation setting
permalink_enabled SEO-friendly URLs
active_theme Current theme directory

Environment Variables

Complete list of supported environment variables:

ENV variables 
# Database
DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT, DB_PREFIX

# Application
APP_URL, APP_EMAIL, APP_KEY, DEFUSE_KEY_PATH

# SMTP
SMTP_HOST, SMTP_PORT, SMTP_USER, SMTP_PASS, SMTP_ENCRYPTION
MAIL_FROM_ADDRESS, MAIL_FROM_NAME

# System
SYSTEM_OS, DISTRIB_NAME

Best Practices

Follow these recommended practices for secure and maintainable configuration:

Environment Variables

Use .env for environment-specific values. Never hardcode sensitive data.

Version Control

Never commit secrets to version control. Add .env to .gitignore.

Encryption Keys

Store encryption keys outside web root. Use the auto-generated Defuse key path.

Database Security

Use table prefixes for multi-tenant setups. Use prepared statements to prevent SQL injection.

Dynamic SMTP

Use dynamic SMTP settings for flexible email configuration without code changes.

Configuration Fallback

Use $_ENV fallback pattern in config.php for default values.

Security Checklist

Use strong database passwords (16+ characters)
Enable SSL/TLS for database connections
Restrict config.php permissions (chmod 600)
Store session data outside web root
Use HTTPS for all production connections
Related Documentation
Installation Guide Initial configuration and setup
Architecture Bootstrap initialization flow
Architecture
Database Schema