Most of it should be self-explaining, so here are just a few notes.


The SQL Database Name field should contain the name of the database file. Username and password are ignored, they can be left blank.

Other databases

All the SQL fields have to be filled out.

Misc. settings

  • Maintenance Mode prevents anyone who doesn't have access to the Administration Panel from using the board. This is useful if you're in the middle of an upgrade, for example.
  • Filesystem Path is the path to up until you reach index.php of the board. If you are in that directory, just do a pwd, add a slash to the end, and you have it. You'll be given a suggestion which will be correct in almost all cases. That suggestion is colour-coded: if it's green, you already have the same setting, if it's red, your setting is different.
  • Webserver Path is the virtual path visible to visitors. It's everything after .com, .net, .org (or whatever you have), starting with a slash and ending with a slash. Again, you'll be given a suggestion, and again, it's colour-coded.
  • Cookie Path is the path with which all board cookies will be saved. Usually, this is the same path as the webserver path.
  • Cookie Domain is the domain with which all board cookies will be valid for. Usually, this is the host you're running the forum on. Changing it could be useful for cross-host cookies.
  • Board Logo contains the file name of the image located in the images directory.
  • Login Attempts is a try to do something against dictionary attacks. If you enter a number greater than zero, the board will just ignore any further calls to any pages from a visitor who has had as many failed login attempts as defined here. Don't overestimate the effectiveness of this setting. It's easy to circumvent if an attacker really wants to, but it also can't hurt to have it.
  • Timezone is given in this format: [+-]?[0-9]+:[0-9]{2} (e.g. +1:00 for CET)
  • Shorter URLs is only prepared to work on Apache by default (through the .htaccess files). It can also be used on lighttpd, but the installation script can handle this automatically as it requires higher privileges than this script has. If you're running another webserver, you probably have to adjust its settings for it to do the rewrite. If you do that, please post the relevant configuration as a patch to be included into the default distribution.
  • Authentication Codes appear on the site on registration, guest posting and searches. It is definitely not recommended to turn this off, unless your forum isn't publically accessable anyway.
  • Character Encoding is disabled to to bug #99. This has absolutely no security implications and there isn't any compelling reason not to use UTF-8, so fixing this has very low priority.
  • Hash Algorithm will offer you all the hashes supported by your PHP installation. They will all work, but if you value password security, stay clear of all the md* and CRC, though, unless you have a very good reason to use them! SHA1 is also on the list of halfway broken hashes already as well. Standard choices would be another of the SHAs or a RIPEMD. If you decide to switch the hash algorithm on a production system, all member will have to use the 'lost password' function to get back in, so think twice before you do that.
Last modified 2 years ago Last modified on 02/03/15 11:02:46