Configuration
Total CMS uses a hierarchical configuration system based on PHP files. This allows for flexible environment-specific settings while maintaining secure defaults.
Configuration Load Order
Configuration files are loaded in a specific order, with later files overriding earlier ones:
config/defaults.php- Base application defaultsconfig/env.php- Environment detectionconfig/{environment}.php- Environment-specific settings (e.g.,production.php,development.php){DOCUMENT_ROOT}/env.php- Server-specific overrides (optional)
This hierarchy allows you to:
- Set safe defaults for all environments
- Override settings per environment (dev, staging, production)
- Apply server-specific settings without modifying the codebase
Core Configuration Files
defaults.php
The base configuration file that sets application-wide defaults:
<?php
// config/defaults.php
// Error reporting (production safe)
error_reporting(0);
ini_set('display_errors', '0');
// Locale settings
setlocale(LC_ALL, 'C.UTF-8', 'en_US.UTF-8', 'en_US');
// Core settings
$settings = [
'env' => 'prod',
'locale' => 'en_US',
'timezone' => 'UTC',
'debug' => false,
];
// Database settings
$settings['db'] = [
'driver' => 'sqlite',
'database' => __DIR__ . '/../data/database.sqlite',
];
// Paths
$settings['paths'] = [
'root' => dirname(__DIR__),
'public' => dirname(__DIR__) . '/public',
'cache' => dirname(__DIR__) . '/cache',
'logs' => dirname(__DIR__) . '/logs',
'data' => dirname(__DIR__) . '/tcms-data',
];Environment Configuration
Environment-specific files override defaults:
<?php
// config/development.php
// Enable debugging in development
error_reporting(E_ALL);
ini_set('display_errors', '1');
$settings['debug'] = true;
$settings['env'] = 'dev';
// Development database
$settings['db']['database'] = __DIR__ . '/../data/dev-database.sqlite';
// Disable caching
$settings['cache']['enabled'] = false;
// Verbose logging
$settings['logger']['level'] = 'debug';Configuration Categories
Application Settings
// Basic application settings
$settings['app'] = [
'name' => 'Total CMS',
'version' => '3.0.0',
'timezone' => 'America/New_York',
'locale' => 'en_US',
'charset' => 'UTF-8',
];
// URL and domain settings
$settings['domain'] = $_SERVER['HTTP_HOST'] ?? 'localhost';
$settings['url'] = 'https://' . $settings['domain'];
$settings['api'] = $settings['url'] . '/api/v3';Security Settings
// Security configuration
$settings['security'] = [
// Session settings
'session' => [
'name' => 'TCMS_SESSION',
'lifetime' => 7200, // 2 hours
'path' => '/',
'domain' => '',
'secure' => true,
'httponly' => true,
'samesite' => 'Lax',
],
// CSRF protection
'csrf' => [
'enabled' => true,
'token_name' => 'csrf_token',
'header_name' => 'X-CSRF-Token',
],
// Password hashing
'password' => [
'algorithm' => PASSWORD_BCRYPT,
'options' => ['cost' => 12],
],
];Storage Settings
// File storage configuration
$settings['storage'] = [
// Data storage
'data_path' => $settings['paths']['data'],
'collections_path' => $settings['paths']['data'] . '/collections',
'schemas_path' => $settings['paths']['data'] . '/schemas',
// Media storage
'media' => [
'path' => $settings['paths']['public'] . '/media',
'url' => '/media',
'allowed_extensions' => ['jpg', 'jpeg', 'png', 'gif', 'pdf', 'doc', 'docx'],
'max_upload_size' => '10M',
],
// Image processing
'images' => [
'driver' => 'gd', // or 'imagick'
'quality' => 85,
'cache' => true,
'cache_path' => $settings['paths']['cache'] . '/images',
],
];Cache Configuration
// Caching settings
$settings['cache'] = [
'enabled' => true,
'driver' => 'file', // file, redis, memcached
'ttl' => 3600, // 1 hour default
// File cache settings
'file' => [
'path' => $settings['paths']['cache'],
],
// Redis settings (if using Redis)
'redis' => [
'host' => '127.0.0.1',
'port' => 6379,
'database' => 0,
],
// Template cache
'templates' => [
'enabled' => true,
'path' => $settings['paths']['cache'] . '/twig',
],
];Database Configuration
// Database settings
$settings['db'] = [
// SQLite (default for job queue)
'sqlite' => [
'driver' => 'sqlite',
'database' => $settings['paths']['data'] . '/jobqueue.db',
],
// MySQL (optional)
'mysql' => [
'driver' => 'mysql',
'host' => 'localhost',
'database' => 'totalcms',
'username' => 'root',
'password' => '',
'charset' => 'utf8mb4',
'collation' => 'utf8mb4_unicode_ci',
'prefix' => '',
],
];Logging Configuration
// Logging settings
$settings['logger'] = [
'name' => 'totalcms',
'path' => $settings['paths']['logs'] . '/app.log',
'level' => 'warning', // debug, info, notice, warning, error, critical
'max_files' => 30,
// Separate logs for different components
'channels' => [
'security' => $settings['paths']['logs'] . '/security.log',
'api' => $settings['paths']['logs'] . '/api.log',
'jobs' => $settings['paths']['logs'] . '/jobs.log',
],
];API Configuration
// API settings
$settings['api'] = [
'version' => 'v3',
'rate_limit' => [
'enabled' => true,
'requests_per_minute' => 60,
'burst' => 10,
],
'cors' => [
'enabled' => true,
'origins' => ['*'],
'methods' => ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
'headers' => ['Content-Type', 'Authorization', 'X-Requested-With'],
'credentials' => true,
'max_age' => 86400,
],
];Email Configuration
// Email settings
$settings['mail'] = [
'driver' => 'smtp', // smtp, sendmail, mail
'from' => [
'address' => 'noreply@example.com',
'name' => 'Total CMS',
],
// SMTP settings
'smtp' => [
'host' => 'smtp.mailtrap.io',
'port' => 2525,
'encryption' => 'tls', // tls or ssl
'username' => '',
'password' => '',
],
];License Configuration
// License settings
$settings['license'] = [
'enabled' => true,
'api_url' => 'https://license.totalcms.co/api',
'cache_ttl' => 86400, // 24 hours
'trial_days' => 30,
'features' => [
'collections' => ['blog', 'image', 'gallery', 'file'],
'max_objects' => 1000,
'custom_schemas' => false,
],
];Environment Variables
You can also use environment variables for sensitive configuration:
// Using environment variables
$settings['api_key'] = $_ENV['TOTALCMS_API_KEY'] ?? null;
$settings['db']['password'] = $_ENV['DB_PASSWORD'] ?? '';
$settings['mail']['smtp']['password'] = $_ENV['SMTP_PASSWORD'] ?? '';Creating Custom Configuration
Server-Specific Configuration
Create a file at {DOCUMENT_ROOT}/env.php for server-specific settings:
<?php
// /path/to/document/root/env.php
// Override domain for this server
$settings['domain'] = 'mysite.com';
$settings['url'] = 'https://mysite.com';
// Production database
$settings['db']['mysql'] = [
'host' => 'localhost',
'database' => 'prod_totalcms',
'username' => 'prod_user',
'password' => 'secure_password',
];
// Disable debug mode
$settings['debug'] = false;
error_reporting(0);Feature Flags
Enable/disable features via configuration:
// Feature flags
$settings['features'] = [
'blog' => true,
'ecommerce' => false,
'multi_language' => true,
'api_v4' => false,
'beta_features' => false,
];
// Check feature in code
if ($settings['features']['ecommerce'] ?? false) {
// Enable e-commerce functionality
}Configuration Best Practices
1. Never Commit Sensitive Data
Keep sensitive configuration out of version control:
// BAD - Don't commit passwords
$settings['db']['password'] = 'my-secret-password';
// GOOD - Use environment variables
$settings['db']['password'] = $_ENV['DB_PASSWORD'] ?? '';2. Use Environment Detection
Automatically detect the environment:
// config/env.php
$settings['env'] = match ($_SERVER['HTTP_HOST'] ?? '') {
'localhost', '127.0.0.1' => 'development',
'staging.example.com' => 'staging',
default => 'production',
};3. Validate Configuration
Add configuration validation:
// Validate required settings
$required = ['domain', 'paths.data', 'paths.cache'];
foreach ($required as $key) {
if (empty(array_get($settings, $key))) {
throw new ConfigurationException("Missing required config: {$key}");
}
}4. Document Settings
Always document custom configuration:
// Custom image processing settings
$settings['image_processing'] = [
// Maximum dimension for auto-resize (0 = disabled)
'max_dimension' => 2048,
// Automatically convert uploads to WebP
'auto_webp' => true,
// Strip EXIF data from uploads
'strip_exif' => true,
];Accessing Configuration
In PHP Code
// Get the container
$container = $app->getContainer();
// Access settings
$settings = $container->get('settings');
$debug = $settings['debug'];
$dbConfig = $settings['db'];
// Using helper function
$value = config('app.name'); // "Total CMS"
$apiUrl = config('api.url', 'http://localhost'); // With defaultIn Twig Templates
{# Access configuration in templates #}
{{ config.app.name }}
{{ config.domain }}
{# Check feature flags #}
{% if config.features.blog %}
{# Show blog features #}
{% endif %}Troubleshooting Configuration
Debug Configuration Loading
// Add to config/env.php for debugging
if ($_GET['debug_config'] ?? false) {
echo '<pre>';
print_r($settings);
echo '</pre>';
exit;
}Common Issues
- Configuration not loading: Check file permissions and path
- Settings being overridden: Check the load order
- Environment detection failing: Verify $_SERVER variables
- Cache not clearing: Manually clear cache directory
Configuration Reference
For a complete list of all configuration options, see the config/defaults.php file in your Total CMS installation. Each setting is documented with its purpose and acceptable values.