Testimonials
What our customers say about Team Password Manager

All the parameters in config.php

Current Team Password Manager version: 7.73.146

The config.php file is the main configuration file of Team Password Manager. In this page you can find a description of all the parameters you can use in this file.

Available parameters: Database Parameters | UPLOADS_FOLDER | REVERSE_PROXY | CUSTOM_SIGNIN_CSS | ZEROCLIPBOARD | COPY_TO_CLIPBOARD | PROJECT_NAME_SINGULAR / PROJECT_NAME_PLURAL / SUBPROJECT_NAME_SINGULAR / SUBPROJECT_NAME_PLURAL | SECONDS_BETWEEN_EMAILS | NUM_2FA_WINDOWS | NUM_ITEMS_LISTS | TPM_BASE_URL | ADDITIONAL_LOG / ADDITIONAL_LOG_FILE | ALLOW_EXPORT / ALLOW_IMPORT | ALLOW_PERSONAL_PASSWORDS | TPM_LDAP_TIMEOUT | Proxy Settings (Version Checker) | TPM_DATE_FORMAT / TPM_TIME_FORMAT

Database Parameters

These parameters are used for accessing the MySQL database used by Team Password Manager:

  • ENCRYPT_DB_CONFIG: if 1, the database parameters are encrypted. If 0 or not existent, they're in plain text.
  • CONFIG_HOSTNAME: the host where the MySLQ server is located. Can be either a host name or an IP address.
  • CONFIG_PORT: the MySQL Server port if the server is not using the default (3306). This parameter is optional.
  • CONFIG_USERNAME: the user that accesses the database server. This user should have all privileges on the Team Password Manager database (defined in CONFIG_DATABASE).
  • CONFIG_PASSWORD: the password for CONFIG_USERNAME.
  • CONFIG_DATABASE: the database for Team Password Manager. You must manually create it before installing Team Password Manager.

To get the encrypted values for the database parameters, go to "Settings" in the main menu and choose "Encrypt DB Config".

Example (not encrypted):

define('CONFIG_HOSTNAME', '192.168.0.10');
define('CONFIG_USERNAME', 'tpm_user');	 
define('CONFIG_PASSWORD', '1}Gb6!Tj5#Rw');
define('CONFIG_DATABASE', 'tpm_db');

Example (encrypted):

define('ENCRYPT_DB_CONFIG', 1);
define('CONFIG_HOSTNAME', 'THIS_IS_AN_EXAMPLE_O/KnyFaF6Zl5iVvqhg1yMXYloOCavtKcGy7iijPwExBn8xKiWucI7GgLNGjpV7/0g==');
define('CONFIG_USERNAME', 'THIS_IS_AN_EXAMPLE_Qv8NESjnwSJqu1GonGBOPyEu/OYewxlAk6mAVI8qzvG41AtPxkIkFnzXP58YaIhUA==');
define('CONFIG_PASSWORD', 'THIS_IS_AN_EXAMPLE_YLGLnFRaJwVKf5z/r3nvFEFdY1fnPwBNVJ7qfD1wxWOiGz6HjFO6NIwrJjLAYTf0g==');
define('CONFIG_DATABASE', 'THIS_IS_AN_EXAMPLE_6NBWOZVxxfr2rCxIvAUsyce7NOHGT4zdxc9tpiZY0Z5/tpQBTdHIeBPZhJ8KG3P9w==');

Related documents: Doc: how to install and How to encrypt database parameters in config.php.

Available since version: ENCRYPT_DB_CONFIG: 2.25.45, CONFIG_PORT: 3.32.60, the others in all versions


UPLOADS_FOLDER

This parameter allows you to specify a folder where the uploaded files are located. It's optional, and if it's not defined Team Password Manager will upload files into a folder called 'uploads' at the same level of index.php.

You can set it in two ways (define with or without trailing slash):

  1. With an absolute path. Example: /var/www/domain/uploads/
  2. With a relative path (relative to index.php). Example: ./uploads/

Note that this folder must be accessible and writable by the web server.

Example:

define('UPLOADS_FOLDER' , '../uploads/'); // Defines the uploads folder one level above index.php

Related document: Admin stuff: the uploads folder.

Available since version: 2.9.18


REVERSE_PROXY

This parameter is used to properly identify the visitor's IP address in case your installation of Team Password Manager is behind a reverse proxy.

You can set it in two ways:

  1. List the proxy IP addresses (comma-delimited). This way these proxies will be whitelisted and the HTTP_X_FORWARDED_FOR header can be trusted. Example: 1.2.3.4,5.6.7.8
  2. Use "dynamic" if the proxy uses a dynamic IP address. This setting is insecure because the HTTP_X_FORWARDED_FOR header can be spoofed.

Example:

define('REVERSE_PROXY' , '192.168.0.4');

Related document: Doc: reverse proxy configuration.

Available since version: 2.7.11


CUSTOM_SIGNIN_CSS

Tells the software to use a custom CSS file for the "Sign In" screen (and also "Password reset" and "Two-factor authentication" screens).

The file specification is relative to index.php. You can place the file anywhere you want but you should be able to load it with a browser. We recommend you create a folder at the same level of index.php and place it there. See the example below.

There's a sample CSS file in css/custom_signin.css with the default values used by the application.

A custom CSS file will only be in effect with a normal (or trial) license. The FREE version will not use it.

Example:

define('CUSTOM_SIGNIN_CSS' , 'branding/red.css');

Available since version: 2.25.45


ZEROCLIPBOARD

This parameter shows an alternative version of the "Copy to Clipboard" default button. The ZEROCLIPBOARD version has a button with the text "Copy to Clipboard" instead of an icon and is accessible. Read more about it in this blog post.

Use this way:

define('ZEROCLIPBOARD', TRUE);

Available since version: 3.32.60
Available until version: 6.56.118 (in later versions use the COPY_TO_CLIPBOARD parameter with value "zeroclipboard")


COPY_TO_CLIPBOARD

Allows you to choose which technology is used in the "copy to clipboard" function in passwords, or allows you to disable this function.

It can have the following values:

  • javascript (default if the parameter is not used): will use javascript and HTML5 clipboard events. Only works with Chrome and Firefox at this time.
  • flash: previous default value. Little Flash button.
  • zeroclipboard: previous ZEROCLIPBOARD parameter. Also uses Flash.
  • disabled: disables copy to clipboard functionality.

Example:

define('COPY_TO_CLIPBOARD', 'flash');

Available since version: 6.63.136


PROJECT_NAME_SINGULAR / PROJECT_NAME_PLURAL / SUBPROJECT_NAME_SINGULAR / SUBPROJECT_NAME_PLURAL

Use these parameters to replace 'project/projects' with another word in all of the screens (doesn't work with the API).

Example: category/categories:

define('PROJECT_NAME_SINGULAR', 'category');
define('PROJECT_NAME_PLURAL', 'categories');

In v6.x and up you can use the following parameters to replace 'subproject/subprojects' with another word in all of the screens (doesn't work with the API):

Example: subcategory/subcategories:

define('SUBPROJECT_NAME_SINGULAR', 'subcategory');
define('SUBPROJECT_NAME_PLURAL', 'subcategories');

Note: caps are automatically set, so just define them in lowercase.


Available since version: 4.41.83, subprojects since 6.56.118


SECONDS_BETWEEN_EMAILS

Sets the pause between messages in seconds for processes where email is sent in bulk, like genexp (see the Password expiration document). Defaults to 20 if not used.

Example: 5 seconds:

define('SECONDS_BETWEEN_EMAILS', 5);

Available since version: 4.41.83


NUM_2FA_WINDOWS

Sets the number of 30 second windows of margin when verifying two-factor authentication. Defaults to 2 (1 minute) if not used. Allowed values: 0 (strict: the same window in smartphone and server) - 10. Only integer values are allowed.

Example: 30 seconds:

define('NUM_2FA_WINDOWS', 1);

Related document: Two-factor authentication.

Available since version: 4.47.94


NUM_ITEMS_LISTS

Sets the number of items in lists (including some API reponses that return lists). Must be greater than 4 and smaller than 1001. Note that if this number is very high, lists might take long to load. Defaults to 20 if not used.

Example: 50 items:

define('NUM_ITEMS_LISTS', 50);

Available since version: 4.47.94


TPM_BASE_URL

Forces a base url. If it's not set OR '', Team Password Manager automatically detects it. You can define it with or without a trailing slash.

Example: set the url for Team Password Manager to http://mytpm.mydomain.com/:

define('TPM_BASE_URL', 'http://mytpm.mydomain.com/');

Related document: Reverse proxy configuration.

Available since version: 4.47.94


ADDITIONAL_LOG / ADDITIONAL_LOG_FILE

Team Password Manager logs every action in its database. In addition to this, you can also send the log to the system logger (syslog) or to a file. Note that this is done in real time.

Sending the log to syslog

define('ADDITIONAL_LOG', 'syslog');

When sending the log to syslog the facility used is user and the program name TeamPasswordManager.

In Ubuntu systems the syslog is found at /var/log/syslog. On Windows systems, syslog is emulated using the Event Log.

Sending the log to a file

define('ADDITIONAL_LOG', 'file');
define('ADDITIONAL_LOG_FILE', 'path to the log file');

Example:

define('ADDITIONAL_LOG', 'file');
define('ADDITIONAL_LOG_FILE', '/var/www/tpm.log');

Note that the web server has to be able to write that file, so you must give appropriate permissions to its folder.


Available since version: 4.50.100


ALLOW_EXPORT / ALLOW_IMPORT

These two parameters enable or disable exporting and/or importing of passwords. Use with values TRUE/FALSE. If not used they both default to TRUE (allow export and import). Note that these options do not affect the export/import of personal passwords, which are always enabled.

define('ALLOW_EXPORT', FALSE);
define('ALLOW_IMPORT', FALSE);

Available since version: 6.56.118


ALLOW_PERSONAL_PASSWORDS

Enables or disables personal passwords for all the users. Use with values TRUE/FALSE. If not used it defaults to TRUE (allow personal passwords).

define('ALLOW_PERSONAL_PASSWORDS', FALSE);

Available since version: 6.63.136


TPM_LDAP_TIMEOUT

Sets a timeout in seconds for the LDAP authentication operation. If not used the system default will be used, which is normally quite large. Must be greater than 0.

Example:

define('TPM_LDAP_TIMEOUT', 2);

Related document: LDAP Authentication

Available since version: 6.68.138


Proxy Settings (Version Checker)

If your installation of Team Password Manager accesses the Internet through a Proxy, you may set the following parameters in config.php so that the version checker works properly:

  • VCHECK_PROXY_HOST (required): the host of the proxy (IP or name).
  • VCHECK_PROXY_PORT (required): the port the proxy is using.
  • VCHECK_PROXY_LOGIN (optional): the username if the proxy uses authentication.
  • VCHECK_PROXY_PWD (optional): the password if the proxy uses authentication.

Example:

define('VCHECK_PROXY_HOST', '127.0.0.1');
define('VCHECK_PROXY_PORT', '8888');
define('VCHECK_PROXY_LOGIN', 'myuser');
define('VCHECK_PROXY_PWD', 'mypassword');

The values of these parameters your Team Password Manager system is using are visible in Settings | Version Checker.

Related document: Version checker

Available since version: 6.68.138


TPM_DATE_FORMAT / TPM_TIME_FORMAT

Allows you to change the default date and time format used to present dates and time in Team Password Manager. There are 2 parameters for this: TPM_DATE_FORMAT and TPM_TIME_FORMAT, and they're used this way:

define('TPM_DATE_FORMAT', 'format string');

define('TPM_TIME_FORMAT', 'format string');

Where "format string" is a string containing format characters for PHP's date() function, which you can see in this page: http://php.net/manual/en/function.date.php.

Example format strings:

  • Y.m.d will output dates in this format: 2016.12.31
  • H:i:s will output time in this format: 23:59:59

The default formats for date and time (if these parameters are not used) are:

  • M j, Y will output dates in this format: Dec 31, 2016
  • H:i will output time in this format: 23:59

Some notes:

  • These parameter are only used when showing dates, not when entering them.
  • They don't affect the API, where date format is Y-m-d and time format is H:i:s.

Available since version: 7.72.144


Questions or Problems? Please contact our support department