php-file-manager/config.php at main · LifeIsHex/php-file-manager · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
<?php
/*
 * Copyright (C) 2026 Mahdi Hezaveh, MIT License.
 *
 * Author: Mahdi Hezaveh <mahdi.hezaveh@icloud.com> | Username: hezaveh
 * Filename: config.php
 *
 * Last Modified: Thu, 5 Mar 2026 - 11:19:09 MST (-0700)
 *
 * For the full copyright and license information, please view the LICENSE file that was distributed with this source code.
 */

declare(strict_types=1);

/**
 * File Manager Configuration
 * PHP 8.3+ Required
 */

return [
    // Authentication
    'auth' => [
        'require_login' => true, // Set false to bypass login (useful for external app integration)
        'default_user' => 'system', // Username used when require_login is false
        'users' => [
            // Format: 'username' => password_hash('password', PASSWORD_ARGON2ID)
            // Default: admin/admin@123
            'admin' => '$argon2id$v=19$m=65536,t=4,p=1$eUJ3MnNBeU1YTjhmZzhqQQ$SAU4PDqTM/S+WQJkW4iPD3vCDVgjld9wXmS2GgSaD/4',
        ],
        'session_name' => 'fm_session',
        'remember_me' => true, // Enable "Remember Me" checkbox on login
        'remember_duration' => 1800, // Remember Me cookie duration (30 minutes in seconds)
    ],

    // File Manager Settings
    'fm' => [
        // Dynamic folder mode: when true, folder ID comes from URL (e.g., /file-manager/120)
        // The actual path becomes: base_path + folder_id
        'dynamic_folder' => false,

        // Base path for dynamic folder mode (folder ID is appended to this)
        // Example: '/var/www/html/uploads/tasks' + '/120' = '/var/www/html/uploads/tasks/120'
        'base_path' => '/var/www/html/uploads',

        // Parameter name for folder ID (supports both path segment and query param)
        // URL: /file-manager/120 OR /file-manager?folder=120
        'folder_param' => 'folder',

        // Default folder when no ID provided (null = show error, '' = use base_path as-is)
        'default_folder' => null,

        // Root path for static mode (when dynamic_folder = false)
        // This is the original behavior - point directly to a folder
        'root_path' => __DIR__,

        'root_url' => '', // Base URL for assets (optional, for CDN/external hosting)

        // Assets path: URL path where package assets are accessible
        // Default '' = assets are in same directory as entry point (standalone mode)
        // CI4 example: '/filemanager' if you copied assets to public/filemanager/
        // Laravel example: '/vendor/filemanager/assets'
        'assets_path' => '',

        // Base URL: The URL path for file manager actions and redirects
        // Default 'index.php' = standalone mode
        // CI4 example: '/file-manager' or '/file-manager/123' for dynamic folder
        // This is used for form actions and redirect URLs
        'base_url' => 'index.php',
        'title' => 'File Manager', // Application title shown in browser and header
        'language' => 'en', // Language code for HTML lang attribute
        'show_hidden' => true, // Show hidden files (files starting with .)
        'datetime_format' => 'Y-m-d H:i:s', // PHP date format for file timestamps
        'show_footer' => true, // Set false to hide the footer (useful for embedded/iframe use)

        // ─── Column Visibility ────────────────────────────────────────────────────
        // Controls which columns are DISPLAYED in the file table. This is purely
        // cosmetic — hiding a column does not restrict access to any operation.
        //
        // ⚠️  If you want to RESTRICT what users can DO (e.g. disallow chmod),
        //     use the 'permissions' section below — NOT this section.
        //
        // Note: 'permissions' column can be hidden here without breaking the
        //       "Change Permissions" modal; that modal always reads the value
        //       regardless of column visibility. To hide the chmod button entirely,
        //       remove 'permissions' from the role's allowed actions below.
        'columns' => [
            'size' => true,   // File/folder size
            'owner' => true,   // File owner (Unix user)
            'modified' => true,   // Last modified date/time
            'permissions' => true,  // Unix permission string (e.g. rwxr-xr-x)
        ],
    ],

    // Trash / Recycle Bin
    'trash' => [
        'enabled' => true,      // Show "Move to Trash" option in delete modal
        'folder_name' => '.trash',  // Trash folder name, created at the file manager root
    ],

    // Upload Settings
    'upload' => [
        'max_file_size' => 50 * 1024 * 1024, // 50MB in bytes
        'allowed_extensions' => ['*'], // ['jpg', 'png', 'pdf'] or ['*'] for all
        'chunk_size' => 1024 * 1024, // Chunk size for Dropzone.js chunked uploads (1MB)
    ],

    // Security
    'security' => [
        'csrf_protection' => true, // Enable CSRF token validation (disable for API integrations)
        'max_login_attempts' => 3, // Maximum failed login attempts before cooldown
        'login_cooldown' => 300, // Lockout duration in seconds (5 minutes)
    ],

    // ─── Role-Based Access Control ────────────────────────────────────────────
    // Controls what operations each role is ALLOWED TO PERFORM.
    // This is independent of column visibility above.
    //
    // Available actions: upload, download, delete, rename, new_folder, copy,
    //                    move, view, view_pdf, extract, zip, permissions
    //
    // Use '*' to grant access to all actions (admin).
    //
    // ⚠️  To hide the "Change Permissions" button for a role, simply omit
    //     'permissions' from that role's list. Do NOT use columns.permissions
    //     for this — that only hides the display column.
    'permissions' => [
        'default_role' => 'admin', // Role applied when no specific role is set
        'roles' => [
            // 'admin' has access to all actions (wildcard)
            'admin' => ['*'],
            // 'editor' can do everything except change file permissions
            'editor' => ['upload', 'download', 'delete', 'rename', 'new_folder', 'copy', 'move', 'view', 'view_pdf', 'extract', 'zip'],
            // 'viewer' can only view and download files
            'viewer' => ['view', 'view_pdf', 'download'],
        ],
    ],

    // System
    'system' => [
        'timezone' => 'UTC',
        'error_reporting' => E_ALL,
        'display_errors' => false,
        'log_errors' => true,
        'charset' => 'UTF-8',
    ],

    // Excluded items (won't be shown in file manager)
    'exclude_items' => [
        '.git',
        '.gitignore',
        '.htaccess',
        'config.php',
        'vendor',
        'node_modules',
    ],
];