The config.php file is the main configuration file of Team Password Manager. In this page you can find a description of all the parameters you can use in this file.
Available parameters:
Database Parameters
UPLOADS_FOLDER
UPLOADS_EXTENSIONS
REVERSE_PROXY
CUSTOM_SIGNIN_CSS
ZEROCLIPBOARD
COPY_TO_CLIPBOARD
CLEAR_CLIPBOARD
PROJECT_NAME_SINGULAR / PROJECT_NAME_PLURAL / SUBPROJECT_NAME_SINGULAR / SUBPROJECT_NAME_PLURAL
SECONDS_BETWEEN_EMAILS
NUM_2FA_WINDOWS
NUM_ITEMS_LISTS
TPM_BASE_URL
ADDITIONAL_LOG / ADDITIONAL_LOG_FILE
SHOW_NUM_PWDS_TREE
ALLOW_EXPORT / ALLOW_IMPORT
ALLOW_PERSONAL_PASSWORDS
TPM_LDAP_TIMEOUT
Proxy Settings (Version Checker)
TPM_DATE_FORMAT / TPM_TIME_FORMAT
TPM_URI_PROTOCOL
SEND_UNLOCKING_NOTIFICATIONS_API
PM_IT_CAN_CREATE_PRJS_ROOT
LDAP_SYNC_PAGED_SEARCHES
LDAP_SYNC_PAGE_SIZE
MAINTENANCE_MODE
MAINTENANCE_MESSAGE
Custom titles and messages for 403 and 404 errors
LOGIN_REMEMBER_DAYS
Custom Menu Items
Database Parameters
These parameters are used for accessing the MySQL database used by Team Password Manager:
- ENCRYPT_DB_CONFIG: if 1, the database parameters are encrypted. If 0 or not existent, they're in plain text.
- CONFIG_HOSTNAME: the host where the MySLQ server is located. Can be either a host name or an IP address.
- CONFIG_PORT: the MySQL Server port if the server is not using the default (3306). This parameter is optional.
- CONFIG_USERNAME: the user that accesses the database server. This user should have all privileges on the Team Password Manager database (defined in CONFIG_DATABASE).
- CONFIG_PASSWORD: the password for CONFIG_USERNAME.
- CONFIG_DATABASE: the database for Team Password Manager. You must manually create it before installing Team Password Manager.
To get the encrypted values for the database parameters, go to "Settings" in the main menu and choose "Encrypt DB Config".
Example (not encrypted):
define('CONFIG_HOSTNAME', '192.168.0.10'); define('CONFIG_USERNAME', 'tpm_user'); define('CONFIG_PASSWORD', '1}Gb6!Tj5#Rw'); define('CONFIG_DATABASE', 'tpm_db');
Example (encrypted):
define('ENCRYPT_DB_CONFIG', 1); define('CONFIG_HOSTNAME', 'THIS_IS_AN_EXAMPLE_O/KnyFaF6Zl5iVvqhg1yMXYloOCavtKcGy7iijPwExBn8xKiWucI7GgLNGjpV7/0g=='); define('CONFIG_USERNAME', 'THIS_IS_AN_EXAMPLE_Qv8NESjnwSJqu1GonGBOPyEu/OYewxlAk6mAVI8qzvG41AtPxkIkFnzXP58YaIhUA=='); define('CONFIG_PASSWORD', 'THIS_IS_AN_EXAMPLE_YLGLnFRaJwVKf5z/r3nvFEFdY1fnPwBNVJ7qfD1wxWOiGz6HjFO6NIwrJjLAYTf0g=='); define('CONFIG_DATABASE', 'THIS_IS_AN_EXAMPLE_6NBWOZVxxfr2rCxIvAUsyce7NOHGT4zdxc9tpiZY0Z5/tpQBTdHIeBPZhJ8KG3P9w==');
Related documents: Doc: how to install and How to encrypt database parameters in config.php.
Available since version: ENCRYPT_DB_CONFIG: 2.25.45, CONFIG_PORT: 3.32.60, the others in all versions
UPLOADS_FOLDER
This parameter allows you to specify a folder where the uploaded files are located. It's optional, and if it's not defined Team Password Manager will upload files into a folder called 'uploads' at the same level of index.php.
You can set it in two ways (define with or without trailing slash):
- With an absolute path. Example: /var/www/domain/uploads/
- With a relative path (relative to index.php). Example: ./uploads/
Note that this folder must be accessible and writable by the web server.
Example:
define('UPLOADS_FOLDER' , '../uploads/'); // Defines the uploads folder one level above index.php
Related document: Admin stuff: the uploads folder.
Available since version: 2.9.18
UPLOADS_EXTENSIONS
This parameter allows you to limit the uploaded files to the extensions you specify. It's optional, and the default is none (empty string), so all the extensions are allowed. This setting also affects the API since v. 12.146.268.
To define the allowed extensions, separate them by comma.
Example:
define('UPLOADS_EXTENSIONS', 'jpg, zip'); // Only jpg and zip files are allowed to be uploaded
Related document: Admin stuff: allowed extensions.
Available since version: 12.143.260
REVERSE_PROXY
This parameter is used to properly identify the visitor's IP address in case your installation of Team Password Manager is behind a reverse proxy.
You can set it in two ways:
- List the proxy IP addresses (comma-delimited). This way these proxies will be whitelisted and the HTTP_X_FORWARDED_FOR header can be trusted. Example: 1.2.3.4,5.6.7.8
- Use "dynamic" if the proxy uses a dynamic IP address. This setting is insecure because the HTTP_X_FORWARDED_FOR header can be spoofed.
Example:
define('REVERSE_PROXY' , '192.168.0.4');
Related document: Doc: reverse proxy configuration.
Available since version: 2.7.11
CUSTOM_SIGNIN_CSS
Tells the software to use a custom CSS file for the "Sign In" screen (and also "Password reset" and "Two-factor authentication" screens).
The file specification is relative to index.php. You can place the file anywhere you want but you should be able to load it with a browser. We recommend you create a folder at the same level of index.php and place it there. See the example below.
There's a sample CSS file in css/custom_signin.css with the default values used by the application.
Example:
define('CUSTOM_SIGNIN_CSS' , 'branding/red.css');
See also: Custom titles and messages for 403 and 404 errors the Custom branding document.
Available since version: 2.25.45
ZEROCLIPBOARD
This parameter shows an alternative version of the "Copy to Clipboard" default button. The ZEROCLIPBOARD version has a button with the text "Copy to Clipboard" instead of an icon and is accessible. Read more about it in this blog post.
Use this way:
define('ZEROCLIPBOARD', TRUE);
Available since version: 3.32.60
Available until version: 6.56.118 (in later versions use the COPY_TO_CLIPBOARD parameter with value "zeroclipboard")
COPY_TO_CLIPBOARD
Allows you to choose which technology is used in the "copy to clipboard" function in passwords, or allows you to disable this function.
It can have the following values:
Since version 7.103.208:
- javascript (default if the parameter is not used): will use javascript works with all the major browsers.
- disabled: disables copy to clipboard functionality.
Note that previous values like "flash" or "zeroclipboard" will be automatically converted to "javascript".
Before version 7.103.208:
- javascript (default if the parameter is not used): will use javascript and HTML5 clipboard events. Only works with Chrome and Firefox at this time.
- flash: previous default value. Little Flash button.
- zeroclipboard: previous ZEROCLIPBOARD parameter. Also uses Flash.
- disabled: disables copy to clipboard functionality.
Example:
define('COPY_TO_CLIPBOARD', 'disabled');
Available since version: 6.63.136
Changed in version: 7.103.208
CLEAR_CLIPBOARD
Allows you to show (or not) the "Clear Clipboard" button in the top bar when a "Copy to clipboard" button is pressed. Values can be TRUE (default) or FALSE.
Example:
define('CLEAR_CLIPBOARD', FALSE);
Available since version: 11.141.247
PROJECT_NAME_SINGULAR / PROJECT_NAME_PLURAL / SUBPROJECT_NAME_SINGULAR / SUBPROJECT_NAME_PLURAL
Use these parameters to replace 'project/projects' with another word in all of the screens (doesn't work with the API).
Example: category/categories:
define('PROJECT_NAME_SINGULAR', 'category'); define('PROJECT_NAME_PLURAL', 'categories');
In v6.x and up you can use the following parameters to replace 'subproject/subprojects' with another word in all of the screens (doesn't work with the API):
Example: subcategory/subcategories:
define('SUBPROJECT_NAME_SINGULAR', 'subcategory'); define('SUBPROJECT_NAME_PLURAL', 'subcategories');
Note: caps are automatically set, so just define them in lowercase.
Available since version: 4.41.83, subprojects since 6.56.118
SECONDS_BETWEEN_EMAILS
Sets the pause between messages in seconds for processes where email is sent in bulk, like genexp (see the Password expiration document). Defaults to 20 if not used.
Example: 5 seconds:
define('SECONDS_BETWEEN_EMAILS', 5);
Available since version: 4.41.83
NUM_2FA_WINDOWS
Sets the number of 30 second windows of margin when verifying two-factor authentication. Defaults to 2 (1 minute) if not used. Allowed values: 0 (strict: the same window in smartphone and server) - 10. Only integer values are allowed.
Example: 30 seconds:
define('NUM_2FA_WINDOWS', 1);
Related document: Two-factor authentication.
Available since version: 4.47.94
NUM_ITEMS_LISTS
Sets the number of items in lists (including some API reponses that return lists). Must be greater than 4 and smaller than 1001. Note that if this number is very high, lists might take long to load. Defaults to 20 if not used.
Example: 50 items:
define('NUM_ITEMS_LISTS', 50);
Available since version: 4.47.94
TPM_BASE_URL
Forces a base url. If it's not set OR '', Team Password Manager automatically detects it. You can define it with or without a trailing slash.
Example: set the url for Team Password Manager to http://mytpm.mydomain.com/:
define('TPM_BASE_URL', 'http://mytpm.mydomain.com/');
Related document: Reverse proxy configuration.
Available since version: 4.47.94
ADDITIONAL_LOG / ADDITIONAL_LOG_FILE
Team Password Manager logs every action in its database. In addition to this, you can also send the log to the system logger (syslog) or to a file. Note that this is done in real time.
Sending the log to syslog
define('ADDITIONAL_LOG', 'syslog');
When sending the log to syslog the facility used is user and the program name TeamPasswordManager.
In Ubuntu systems the syslog is found at /var/log/syslog. On Windows systems, syslog is emulated using the Event Log.
Sending the log to a file
define('ADDITIONAL_LOG', 'file'); define('ADDITIONAL_LOG_FILE', 'path to the log file');
Example:
define('ADDITIONAL_LOG', 'file'); define('ADDITIONAL_LOG_FILE', '/var/www/tpm.log');
Note that the web server has to be able to write that file, so you must give appropriate permissions to its folder.
Available since version: 4.50.100
SHOW_NUM_PWDS_TREE
Shows (or not) the number of passwords for each project and subprojects in the projects tree. Values can be TRUE or FALSE (default). FALSE will not calculate the number of passwords, so the tree will load faster.
define('SHOW_NUM_PWDS_TREE', FALSE);
Available since version: 6.56.118
Before version 7.120.220, the default was TRUE. From 7.120.220 the default is FALSE.
ALLOW_EXPORT / ALLOW_IMPORT
These two parameters enable or disable exporting and/or importing of passwords. Use with values TRUE/FALSE. If not used they both default to TRUE (allow export and import). Note that these options do not affect the export/import of personal passwords, which are always enabled.
define('ALLOW_EXPORT', FALSE); define('ALLOW_IMPORT', FALSE);
Available since version: 6.56.118
ALLOW_PERSONAL_PASSWORDS
Enables or disables personal passwords for all the users. Use with values TRUE/FALSE. If not used it defaults to TRUE (allow personal passwords).
define('ALLOW_PERSONAL_PASSWORDS', FALSE);
Available since version: 6.63.136
TPM_LDAP_TIMEOUT
Sets a timeout in seconds for the LDAP authentication operation. If not used the system default will be used, which is normally quite large. Must be greater than 0.
Example:
define('TPM_LDAP_TIMEOUT', 2);
Related document: LDAP Authentication
Available since version: 6.68.138
Proxy Settings (Version Checker)
If your installation of Team Password Manager accesses the Internet through a Proxy, you may set the following parameters in config.php so that the version checker works properly:
- VCHECK_PROXY_HOST (required): the host of the proxy (IP or name).
- VCHECK_PROXY_PORT (required): the port the proxy is using.
- VCHECK_PROXY_LOGIN (optional): the username if the proxy uses authentication.
- VCHECK_PROXY_PWD (optional): the password if the proxy uses authentication.
Example:
define('VCHECK_PROXY_HOST', '127.0.0.1'); define('VCHECK_PROXY_PORT', '8888'); define('VCHECK_PROXY_LOGIN', 'myuser'); define('VCHECK_PROXY_PWD', 'mypassword');
The values of these parameters your Team Password Manager system is using are visible in Settings | Version Checker.
Related document: Version checker
Available since version: 6.68.138
TPM_DATE_FORMAT / TPM_TIME_FORMAT
Allows you to change the default date and time format used to present dates and time in Team Password Manager. There are 2 parameters for this: TPM_DATE_FORMAT
and TPM_TIME_FORMAT
, and they're used this way:
define('TPM_DATE_FORMAT', 'format string');
define('TPM_TIME_FORMAT', 'format string');
Where "format string" is a string containing format characters for PHP's date() function, which you can see in this page: http://php.net/manual/en/function.date.php.
Example format strings:
Y.m.d
will output dates in this format: 2016.12.31H:i:s
will output time in this format: 23:59:59
The default formats for date and time (if these parameters are not used) are:
M j, Y
will output dates in this format: Dec 31, 2016H:i
will output time in this format: 23:59
Some notes:
- These parameter are only used when showing dates, not when entering them.
- They don't affect the API, where date format is
Y-m-d
and time format isH:i:s
.
Available since version: 7.72.144
TPM_URI_PROTOCOL
Server global used to get the URI string. Possible values: AUTO (default if not defined), PATH_INFO, QUERY_STRING, REQUEST_URI, ORIG_PATH_INFO.
See these installation instructions notes to see what value to use.
Example: define('TPM_URI_PROTOCOL', 'AUTO');
Available since version: 7.78.161
SEND_UNLOCKING_NOTIFICATIONS_API
It allows or not to send notifications to managers when a password is unlocked using the API. Possible values: TRUE (default), FALSE.
See also the password locking document for more information.
Example: define('SEND_UNLOCKING_NOTIFICATIONS_API', FALSE);
Available since version: 7.82.196
PM_IT_CAN_CREATE_PRJS_ROOT
Default value for "Can Create Projects in Root" for *NEW* Project Manager / IT users, or when changing roles from Admin/Read only/normal to Project Manager or IT. Possible values: TRUE (default), FALSE.
Example: define('PM_IT_CAN_CREATE_PRJS_ROOT', FALSE);
Available since version: 7.93.204
LDAP_SYNC_PAGED_SEARCHES
Use LDAP paged searches in LDAP sync or not. LDAP paged searches are used to override any server size limits (e.g. 1000 elements in Active Directory). Possible values: TRUE (default), FALSE.
Example: define('LDAP_SYNC_PAGED_SEARCHES', FALSE);
Available since version: 7.93.204
LDAP_SYNC_PAGE_SIZE
Number of entries retrieved for each page, if LDAP_SYNC_PAGED_SEARCHES
is TRUE
. Possible values: numeric value, greater than 0. Defaults to 1000.
Example: define('LDAP_SYNC_PAGE_SIZE', 1000);
Available since version: 7.93.204
MAINTENANCE_MODE
Enables or disables Maintenance Mode. When enabled, users can't sign. If they're already signed in they can't work with the software. See the Maintenance Mode document for more information. Possible values: FALSE (default): disable, TRUE: enable.
Example: define('MAINTENANCE_MODE', TRUE);
Available since version: 7.103.208
MAINTENANCE_MESSAGE
Message shown on the screen if Maintenance Mode is enabled and the software is accessed. Defaults to "This installation is in Maintenance Mode. Please contact your administrator.". See the Maintenance Mode document for more information.
Example: define('MAINTENANCE_MESSAGE', 'This installation is in Maintenance Mode. Please contact your administrator.');
Available since version: 7.103.208
Custom titles and messages for 403 and 404 errors
403 (Forbidden) and 404 (Not Found) error screens can be customized with these parameters. The default is shown here, just change it to the text you want:
• For 403 (Forbidden):
Title: define('CUSTOM_403_TITLE', '403 Forbidden');
Message: define('CUSTOM_403_MESSAGE', 'You do not have permission to access this resource on this server.');
• For 404 (Not Found):
Title: define('CUSTOM_404_TITLE', '404 Not Found');
Message: define('CUSTOM_404_MESSAGE', 'The requested URL was not found on this server.');
See also: CUSTOM_SIGNIN_CSS and the Custom branding document.
Available since version: 9.125.225
LOGIN_REMEMBER_DAYS
Disables the "Remember me" feature or sets the number of days the credentials are remembered (30 by default).
To disable "Remember me":
define('LOGIN_REMEMBER_DAYS', 0);
To change the number of days the credentials are remembered:
define('LOGIN_REMEMBER_DAYS', XX);
Where XX
is a number between 1 and 90, which defaults to 30.
See also the Remember me document.
Available since version: 12.146.268
Custom Menu Items
The following parameters allow the creation of up to 5 custom menu items in the top menu:
CUSTOM_MENU_X_TEXT
: the text that will be shown in the menu. The shorter the better.CUSTOM_MENU_X_LINK
: the link that will open when the menu item is clicked. It must be anhttps
orhttp
URL.CUSTOM_MENU_X_ICON
: the icon that will be shown before the text in the menu. It's optional. Its size should be between 16 x 16 pixels and 20 x 20 pixels. The following style is applied to it so that the menu doesn't become higher than the normal size:max-height:20px
. The icon should be an image file and it's referenced from theindex.php
file.
Where X
is a number between 1 and 5.
For example:
define('CUSTOM_MENU_1_TEXT', 'Support'); define('CUSTOM_MENU_1_LINK', 'https://teampasswordmanager.com/support/'); define('CUSTOM_MENU_1_ICON', 'branding/support_rep.png'); // branding is a folder at the same level as index.php
See the Custom branding document for more information.
Available since version: 12.146.268
Document changelog
Feb 15, 2024: | Deleted from the explanation of Maintenance mode: "It must be enabled to upgrade the software". |
Jul 12, 2023: | New: LOGIN_REMEMBER_DAYS and custom menu items. UPLOADS_EXTENSIONS also affects the API since v. 12.146.268. |
May 30, 2023: | UPLOADS_EXTENSIONS |
May 3, 2021: | Custom titles and messages for 403 and 404 errors |
Dec 16, 2020: | SHOW_NUM_PWDS_TREE defaults to FALSE since version 7.120.220 |