NAME

dot_lwrc - Editing the run control file for LibWeb

DESCRIPTION

You want to edit this file, make it web inaccessible and chmod 600 it. This file contains security sensitive data for your site.

Security, encryption and digest variables

These variables are used for preparing (i.e. when a user logs in), checking (i.e. session-wise) and nullifying (i.e. when a user logs out) authentication cookies.

CLASSIC_EXPIRES

The default is 'Thu, 01-Jan-1970 00:00:01 GMT'. This is used to nullify authentication cookie when a user logs out. Any cookie set with this date will be canceled from the client's browser immediately. Do not edit this unless there is a compelling reason to do so.
RAND_RANGE

The range from which to generate a pseudo-random number. For example, if the range is 999999999, several places in LibWeb that makes use of pseudo-random number will use an integer that is randomly generated between 0 and 999999999. The purpose is to have different web site with LibWeb installed to have different and less predictable behavior in several aspects. Currently only used for generating the dummy authentication cookie (as of LibWeb-0.02). It is also used in the sample login script (lm.cgi) to make things look complicated.
MAC_KEY

HMAC is used for message integrity checks between two parties (in the case for LibWeb, the two parties referred here are your web site and a client web browser), and works in combination with some other Digest algorithm, usually MD5 or SHA-1. The HMAC mechanism is described in RFC 2104. MAC_KEY is the private key. Further explanation is better left to the expert,
```
  http://www.w3.org/Security/Faq/wwwsf7.html#Q66
```
See also Digest::HMAC which is used by LibWeb::Digest and LibWeb::Session for preparing and checking authentication cookies. The proper size for this key is not well documented.
CIPHER_KEY

You must provide an encryption/decryption key, which can be any series of characters of any length. Internally, the actual key used is derived from the MD5 hash of the key you provide. Read the man page for Crypt::CBC for details. Blowfish is capable of strong encryption and can use key sizes up to 56 bytes (a 448 bit key). You're encouraged to take advantage of the full key size to ensure the strongest encryption possible from that module (Crypt::Blowfish).
DIGEST_KEY

This key is appended to the data from which a digest is to be generated. The purpose is to have different web site with LibWeb installed to have different and less predictable behavior in several aspects of the authentication cookie.
CIPHER_ALGORITHM

The cipher algorithm must be 'Crypt::Blowfish', 'Crypt::DES' or 'Crypt::IDEA' as of LibWeb-0.01.
DIGEST_ALGORITHM

The digest algorithm must be either 'Digest::SHA1' or 'Digest::MD5' as of LibWeb-0.01.
CIPHER_FORMAT

It can be either 'BINARY' or 'HEX'. You should use 'HEX' for the authentication cookie.
DIGEST_FORMAT

It can be 'HEX', 'BINARY' or 'B64'. You should use 'B64' for the authentication cookie.

Debug/fatal message mailing & logging variables

DEBUG

If you want stack traces to be printed to the viewing browser whenever a LibWeb's fatal method is called, assign 1 to it and 0 otherwise. You turn this on/off depending on whether you are debugging your application.
FATAL_LOG (new in LibWeb-0.02)

Absolute path to a log file which records all LibWeb's fatal calls. Assign undef to this variable to disable logging. You may want to turn this on if you have turned IS_MAIL_DEBUG_TO_ADMIN off.
IS_MAIL_DEBUG_TO_ADMIN

If you want stack traces to be sent to ADMIN_EMAIL whenever a LibWeb's fatal method is called, assign 1 to it and 0 otherwise. You may want to turn that off while you are debugging your application.
SMTP (new in LibWeb-0.02)

If you have installed Mail::Sendmail (this is a mandatory pre-requisite for NT servers in order for LibWeb to work properly), LibWeb will first try to use this module to send mails before using the primitive UNIX sendmail (see MAIL_PROGRAM below). SMTP is an ARRAY reference to a list of smtp servers, so if your main server is down, LibWeb tries the next one. If one of your servers uses a special port, add it to the server name with a colon in front, to override the default port (like in smtp.your.server:2525). Defaults are localhost. Leave this unedited and LibWeb will probably do the right thing for you, especially if your server is UNIX alike.
MAIL_PROGRAM

For example, '/usr/sbin/sendmail -t -oi'. Leave this unedited if your server is NT.
ADMIN_EMAIL

E-mail address of your site's administrator.

Users administration variables

IS_NOTIFY_ADMIN_WHEN_ADDED_NEW_USER

Do you want an e-mail to be sent to your site's administrator when a user signs up as a member at our site? Put 1 for yes; 0 otherwise.
IS_ALLOW_MULTI_REGISTRATION

Can one use the same e-mail address to sign up as different users? Put 1 for yes; 0 otherwise.
MAX_LOGIN_ATTEMPT_ALLOWED

How many times do you allow incorrect password to be entered for an existing account? Note that after that maximum is reached (LibWeb basically increments NUM_LOGIN_ATTEMPT in the database for that account), anyone will be completely blocked out from logging in using that particular account even he/she enters the correct password. This number must be smaller than LOGIN_INDICATOR. As of 0.01, you have to reset it to 0 manually in your database after you have received the alert e-mail sent by LibWeb. Note that NUM_LOGIN_ATTEMPT is a column of the USER_LOG_TABLE table in the database.
LOGIN_INDICATOR

NUM_LOGIN_ATTEMPT is set to this value when a user successfully logs into her/his account. Note that when NUM_LOGIN_ATTEMPT is 0, it means that a user is not logged in, if it is any number from 1 to MAX_LOGIN_ATTEMPT_ALLOWED, it means that there is/are unsuccessful attempts, and if this number is equal to LOGIN_INDICATOR, it means that that user has successfully logged in.
LOGIN_DURATION_ALLOWED

There is an encrypted time-stamp on each authentication cookie sent to browsers. Whenever a protected page is requested by an authenticated browser, LibWeb will retrieve the cookie, decrypt the time-stamp and compare it to the current time. If the time difference is bigger than LOGIN_DURATION_ALLOWED (in seconds), LibWeb will automatically logs the user out by nullifying the authentication cookie on remote browser.

SQL database variables

IS_DB_ENABLED (new in LibWeb-0.02)

If you do not use the database API of LibWeb, assign 0 to this variable to prevent LibWeb from generating all sorts of database error message. Assign 1 to it otherwise.
DB_SOURCE

For example, if your database is MySQL, you have installed DBI and the specific driver and the database's name is puffy, then you can assign 'DBI:mysql:puffy' to this value. Read the man page for DBI for details.
DB_LOGIN

Login name for your database.
DB_PASS

Password for your database.
DB_OPTIONS

For example, you can assign {RaiseError => 1, AutoCommit => 1} to this variable. Read the man page for DBI for details.
USER_PROFILE_TABLE

The table name for users' profiles. Default is 'USER_PROFILE'.
USER_PROFILE_TABLE_UID

The column name for user ID in the USER_PROFILE_TABLE. Default is 'UID'.
USER_PROFILE_TABLE_NAME

The column name for users' screen names in the USER_PROFILE_TABLE. Default is 'NAME'.
USER_PROFILE_TABLE_PASS

The column name for users' passwords in the USER_PROFILE_TABLE. Default is 'PASS'.
USER_PROFILE_TABLE_EMAIL

The column name for users' e-mail addresses in the USER_PROFILE_TABLE. Default is 'EMAIL'.
USER_LOG_TABLE

The table name for the table that is responsible for logging users' sign-in time, status, IP and host name. Default is 'USER_LOG'.
USER_LOG_TABLE_UID

The column name for users' ID in the USER_LOG_TABLE. Default is 'UID'.
USER_LOG_TABLE_IP

The column name for users' IPs in USER_LOG_TABLE. Default is 'IP'.
USER_LOG_TABLE_HOST

The column name for users' host name in the USER_LOG_TABLE. Default is 'HOST'.
USER_LOG_TABLE_LAST_LOGIN

The column name for the last login date and time in the USER_LOG_TABLE. Default is 'LAST_LOGIN'.
USER_LOG_TABLE_NUM_LOGIN_ATTEMPT

The column name for the number of login attempt in the USER_LOG_TABLE. Default is 'NUM_LOGIN_ATTEMPT'.

Site's colors and image files' location

SITE_1ST_COLOR

In RGB, for example '#0099CC' (light blue).
SITE_2ND_COLOR

In RGB, for example '#006699' (blue).
SITE_3RD_COLOR

In RGB, for example '#003366' (deep blue).
SITE_4TH_COLOR

In RGB, for example '#FF9900' (orange).
SITE_BG_COLOR

In RGB, for example '#FFFFFF' (white).
SITE_TXT_COLOR

In RGB, for example '#000000' (black).
SITE_LIQUID_COLOR1

In RGB, for example '#E6E6E6' (lighter grey).
SITE_LIQUID_COLOR2

In RGB, for example '#C9C9C9' (light grey).
SITE_LIQUID_COLOR3

In RGB, for example '#9C9C9C' (grey).
SITE_LIQUID_COLOR4

In RGB, for example '#6E6E6E' (dark grey).
SITE_LIQUID_COLOR5

In RGB, for example '#000000' (black).

Note: Liquid colors are used for shading. For example, even rows of any table listing may be shaded. Some theme constructs use liquid colors as well (e.g. LibWeb::Themes::Default::enlighted_titled_table()). Make sure SITE_TXT_COLOR can be read clearly together with liquid colors (at least for SITE_LIQUID_COLOR1,2 and 3).
PIX_URL

The relative URL of image files. For example, '/img/' (note the trailing slash).
SITE_LOGO

The URL of your site's logo. For example, '/img/logo.png'. This is the image that goes well with your SITE_BG_COLOR. This is necessary because most browsers do not render png images with transparent background. You can ignore this fact if you use gif or jpg.

Miscellaneous site's variables

DOC_ROOT

Do not edit unless there is a compelling reason to do so.
URL_ROOT

Do not edit unless there is a compelling reason to do so.
LIB_ROOT

Deprecated as of LibWeb-0.02.
COPYRIGHT

Deprecated as of LibWeb-0.02.
PRIVACY_POLICY

What is the relative URL of your site's privacy policy?
TOS

What is the relative URL of your site's Terms of Service?
CSS

What is the relative URL of your site's style sheet? A sample is included with the distribution.
SITE_NAME

Your site's name.
SITE_DESCRIPTION

A short description for your site. This will appear in every HTML page.
SITE_KEYWORDS

Keywords for your site. This will appear in every HTML page.
SITE_YEAR

When is your site established?

Site's common applications' URL

LM_IN

Relative URL of your site's login script, e.g. '/cgi-bin/lm.cgi'. This is the page to which LibWeb directs the Web browser in the case where the browser attempts to view a protected page without authentication a priori.
LM_OUT

Relative URL to your site's logout script, e.g. '/cgi-bin/lm.cgi?.a=logout'.

To install LibWeb::CGI, copy and paste the appropriate command in to your terminal.

cpanm

cpanm LibWeb::CGI

CPAN shell

perl -MCPAN -e shell
install LibWeb::CGI

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)