From 1276631f71b65aaf1467accfaa955dafe490825e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 25 Oct 2018 14:10:29 +0100
Subject: [PATCH] New style config

---
 src/freedombone-app-zap | 57 +++++++++++++++++++++++++++--------------
 1 file changed, 38 insertions(+), 19 deletions(-)

diff --git a/src/freedombone-app-zap b/src/freedombone-app-zap
index 78a32a5c8..227f0453e 100755
--- a/src/freedombone-app-zap
+++ b/src/freedombone-app-zap
@@ -457,6 +457,8 @@ function install_zap {
     function_check initialise_database
     initialise_database zap "$ZAP_PATH/install/schema_mysql.sql"
 
+    ZAP_LOCATION_HASH="$(create_password 30)$(create_password 30)$(create_password 30)"
+
     # create the config file
     { echo '<?php';
       echo "\$db_host = 'localhost';";
@@ -465,25 +467,42 @@ function install_zap {
       echo "\$db_pass = '${MARIADB_PASSWORD}';";
       echo "\$db_data = 'zap';";
       echo "\$db_type = '0';";
-      echo "\$default_timezone = 'Europe/London';"; } > "$ZAP_PATH/.htconfig.php"
-    if [[ "$ONION_ONLY" == 'no' ]]; then
-        echo "\$a->config['system']['baseurl'] = 'https://${ZAP_DOMAIN_NAME}';" >> "$ZAP_PATH/.htconfig.php"
-    else
-        echo "\$a->config['system']['baseurl'] = 'http://${ZAP_ONION_HOSTNAME}';" >> "$ZAP_PATH/.htconfig.php"
-    fi
-    echo "\$a->config['system']['sitename'] = \"Zap\";" >> "$ZAP_PATH/.htconfig.php"
-    ZAP_LOCATION_HASH="$(create_password 30)$(create_password 30)$(create_password 30)"
-    { echo "\$a->config['system']['location_hash'] = '${ZAP_LOCATION_HASH}';";
-      echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;";
-      echo "\$a->config['system']['register_text'] = '';";
-      echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';";
-      echo "\$a->config['system']['verify_email'] = 1;";
-      echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;";
-      echo "\$a->config['system']['sellpage'] = '';";
-      echo "\$a->config['system']['max_import_size'] = 200000;";
-      echo "\$a->config['system']['php_path'] = '/usr/bin/php';";
-      echo "\$a->config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;";
-      echo "\$a->config['system']['theme'] = 'redbasic';"; } >> "$ZAP_PATH/.htconfig.php"
+      echo "\$default_timezone = 'Europe/London';";
+      echo '';
+      echo "App::\$config['system']['timezone'] = 'Europe/London';";
+      echo "App::\$config['system']['baseurl'] = 'https://${ZAP_DOMAIN_NAME}';";
+      echo "App::\$config['system']['sitename'] = \"Zap\";";
+      echo "App::\$config['system']['location_hash'] = '${ZAP_LOCATION_HASH}';";
+      echo '';
+      echo '// These lines set additional security headers to be sent with all responses';
+      echo '// You may wish to set transport_security_header to 0 if your server already sends';
+      echo '// this header. content_security_policy may need to be disabled if you wish to';
+      echo '// run the piwik analytics plugin or include other offsite resources on a page';
+      echo '';
+      echo "App::\$config['system']['transport_security_header'] = 1;";
+      echo "App::\$config['system']['content_security_policy'] = 1;";
+      echo "App::\$config['system']['ssl_cookie_protection'] = 1;";
+      echo '';
+      echo "App::\$config['system']['register_policy'] = REGISTER_OPEN;";
+      echo "App::\$config['system']['register_text'] = '';";
+      # Note: leave this empty so that the first user is the administrator
+      echo "App::\$config['system']['admin_email'] = '';";
+      echo "App::\$config['system']['php_path'] = '/usr/bin/php';";
+      echo '';
+      echo '// Configure how we communicate with directory servers.';
+      echo "// DIRECTORY_MODE_NORMAL     = directory client, we will find a directory (all of your member's queries will be directed elsewhere)";
+      echo '// DIRECTORY_MODE_SECONDARY  = caching directory or mirror (keeps in sync with realm primary [adds significant cron execution time])';
+      echo '// DIRECTORY_MODE_PRIMARY    = main directory server (you do not want this unless you are operating your own realm. one per realm.)';
+      echo '// DIRECTORY_MODE_STANDALONE = "off the grid" or private directory services (only local site members in directory)';
+      echo '';
+      echo "App::\$config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;";
+      echo '';
+      echo "// Uncomment the following 4 lines to turn on PHP error logging.";
+      echo "//error_reporting(E_ERROR | E_WARNING | E_PARSE );";
+      echo "//ini_set('error_log','php.out');";
+      echo "//ini_set('log_errors','1');";
+      echo "//ini_set('display_errors', '0');"; } > "$ZAP_PATH/.htconfig.php"
+
     chown www-data:www-data "$ZAP_PATH/.htconfig.php"
     chmod 755 "$ZAP_PATH/.htconfig.php"
 
-- 
GitLab