General Configuration

Controls various aspects of Enacts behavior.

Your general configuration options are stored in enact/config/config.php, the config file returns an array that gets merge with the default configurations stored in enact/app/config/enact.php.

For example, to change the control panel slug and timezone return an array like so:

return Array(
    'cpAccessSlug' => '/control/',
    'timezone'  => 'America/Chicago'

Below is the full listing of default configuration settings.

devMode #
Acceptstrue or false

Whether or not your application is running in Development mode.

'devMode' => true,
cpAccessSlug #
Accepts string

The control panel access slug. Must begin and end with a slash!

'cpAccessSlug' => '/control/',
sessionKey #
Accepts string

They key user sessions will be stored in.

'sessionKey' => 'site-user',
PHPSessionStorage #
Acceptstrue, false, or string

Define how session files should be stored                                                                        
true -  Enact should store it in enact/storage/session.
false -  Use the default server configuration.
string - A valid path to a writable directory on the web server

'PHPSessionStorage' => '/home/user/sessions/',
PHPSessionName #
Accepts string

The key for storing session ids in cookies.

'PHPSessionName' => 'siteSession',
permanentLoginTokenCookieName #
Accepts string

The name of the cookie used to store the permanent login token of the user, enabling permanent login sessions.

'permanentLoginTokenCookieName' => 'site-perm',
permanentLoginLength #
Accepts integer
Default5184000 - 2 months (60 x 60 x 24 x 60)

The number of seconds the permanent login token should last.

'permanentLoginLength' => 2592000,
maxLoginAttempts #
Accepts integer

Maximum number of invalid login attempts before maxedLoginAttemptsLockOutSleep seconds must be waited.

'maxLoginAttempts' => 8,
maxedLoginAttemptsLockOutSeconds #
Accepts integer

After the maxLoginAttempts this many seconds must pass until another login can be attempted again.

'maxedLoginAttemptsLockOutSeconds' => 60,
minPasswordLength #
Accepts integer

Minimum length passwords must be.

'minPasswordLength' => 6,
minUserNameLength #
Accepts integer

Minimum length user names and display names must be.

'minUserNameLength' => 6,
paginate #
Accepts string

the string used to provide paginated URIs, must contain a ? placeholder where the page number will be.

'paginate' => '/p-?',
allowURITrailingSlashes #
Acceptstrue or false

Can URI paths have trailing slashes and still match an entry or template?

For example if set to true:

  • /about-us == /about-us/

If false:

  • /about-us != /about-us/
'allowURITrailingSlashes' => false,
directoryIndexFile #
Accepts string

The template to match when the root of a directory is requested.

For example:

/state/ == enact/template/state/index.html

'directoryIndexFile' => 'root.html',
privateTemplatePrefix #
Accepts string

A prefix specifying that a template is not allowed to be served publicly as a direct match to a route/URI.

'privateTemplatePrefix' => '.',
errorTemplateDirectory #
Accepts string

Where HTTP Error code responses are stored, such as 404, or 500.

'errorTemplateDirectory' => '_siteErrors/',
entryDateFormat #
Accepts string
Defaultdddd, mmm dd, yyyy

The default format to display dates in on Entry pages.

Find the formatting rules here:

'entryDateFormat' => 'mmm dd - yyyy',
entryTimeFormat #
Accepts string
Defaulth:i A

The default format to display times in on Entry pages.

Find the formatting rules here:

'entryTimeFormat' => 'hA',
timeSelectionInterval #
Accepts integer

The interval between times when selecting time values.

'timeSelectionInterval' => 30,
momentDateFormat #
Accepts string
Defaultddd MM/DD/YY h:mm A

The format to display dates in admin feeds.

Format rules for moment.js can be found here:

'momentDateFormat' => 'MM/DD/YY hA',
redirectDefaultExpiration #
Acceptsnull or string

The default expiration for redirects.

'redirectDefaultExpiration' => (new DateTime('+3 month'))->format('Y-m-d H:i:s'),
publicDraftPreview #
Acceptstrue or false

Should draft previews be made publicly available? Meaning you don't have to have a enact user session going to see them? This is for sharing changes you have done with the outside world, before you actually publish them.

'publicDraftPreview' => false,
useXSendFile #
Acceptstrue or false

Should Enact use XSendFile to serve resources that aren't available in the public folder?

'useXSendFile' => true
feedPerPage #
Accepts integer

The number of results that will be returned per page in admin control panels.

'feedPerPage' => 50,
timezone #
Accepts string

The system timezone, must be a valid PHP timezone, see

'timezone' => 'America/Chicago',
defaultTemplateExtensions #
Accepts string or array

When a template is called and doesn't exist, the defined extension(s) will be applied to the template name and searched for.

'defaultTemplateExtensions' => '.html',
forceSecureRequests #
Acceptstrue or false

Whether to force all requests to be HTTPS, will redirect any non HTTPS requests with a 301 to the HTTPS page. You must have a valid SSL certificate installed and setup on your server to use HTTPS.   

'forceSecureRequests' => true,
siteDomain #
Accepts string or null

The domain of the site, if not set the domain will be determined via the $_SERVER['SERVER_NAME'] directive. However, if the constant ENACT_SITE_DOMAIN is defined it will take precedence over either. Do not specify http, the proper protocol will be determined based on the current request. Remember you can force all requests to redirect to https with forceSecureRequests.

'siteDomain' => '',
includePoweredByHeader #
Acceptstrue or false

Include powered by Enact header.

'includePoweredByHeader' => false,
defaultCPLanguage #
Accepts string

The default control panel language to use.

'defaultCPLanguage' => 'es',
userLoginSlug #
Accepts string

The slug users login at, should never begin with a slash.

'userLoginSlug' => 'access',
userLogoutSlug #
Accepts string

The slug users logout at, should never begin with a slash.

'userLogoutSlug' => 'destroy',
afterLoginRedirectSlug #
Accepts string

The slug to send users to once they have logged in, should never begin with a slash.

'afterLoginRedirectSlug' => 'entry/',
afterLogoutRedirectSlug #
Accepts string
Default login

The slug to send users to once they have logged out, begin the slug with a slash if you want to send users to a non admin control panel slug, such as your custom login page slug.

'afterLogoutRedirectSlug' => '/login',
resetPasswordSlug #
Accepts string
Default reset-password

The slug that is emailed to users when they request a password reset email. Begin it with a slash to indicate that your using a custom password reset page that doesn't exist within the admin control panel.

'resetPasswordSlug' => '/pw-reset',
accountActivationSlug #
Accepts string
Default activate

The slug that is emailed to users when an account is created for them and the admin sends an account activation email. Begin it with a slash to indicate that your using a custom account activation page that doesn't exist within the admin control panel.

'accountActivationSlug' => '/account-activation'
forceSendToEmail #
Accepts null or string

Force all emails to be sent to specific email address. Can be a string for a single email eg: or an array of emails eg: ['',''].

'forceSendToEmail' => '',
assetExtensionWhiteList #
Acceptsnull or array

Only allow assets with the specified extensions to be uploaded to Enact.

'assetExtensionWhiteList' => ['jpg','jpeg','png'],
assetExtensionBlackList #
Acceptsnull or array

Don't allow assets with the specified extensions to be uploaded to Enact.

'assetExtensionBlackList' => ['pdf'],
cacheDuration #
Accepts integer
Default600 (10 minutes)

Default seconds to cache data for when using the cache tag.

'cacheDuration' => 3600,
resourceCacheDuration #
Accepts integer
Default2592000 (30 days, dervied by 60 * 60 * 24 * 30)

Default seconds to cache resources (ie javascript, css, images, documents etc) for.

'resourceCacheDuration' => 5184000
maintenanceMode #
Accepts boolean

Whether your site is down for temporary maintenance. If true no application logic will be processed, a HTTP 503 response code will be sent along with the message provided by maintenanceMessage.

'maintenanceMode' => true,
maintenanceMessage #
Accepts string
Default<h1>This site is currently under going maintenance.</h1><p>It will be back up shortly.</p>

The message to be displayed when your site is in maintenance mode.

'maintenanceMessage' => 'Sorry for the inconvenience, but were performing some necessary maintenance on the site and will be back up shortly', 
CSRFEnabled #
Accepts boolean

Whether Cross Site Request Forgery (CSRF) tokens are enabled and required to perform POST, PUT, and DELETE requests.

'CSRFEnabled' => false,
CSRFTokenName #
Accepts string

The name of the CSRF token as used by cookies, and hidden inputs.

'CSRFTokenName' => 'my_csrf_token_name',