Page last modified 12:11, 11 Mar 2013 by makriria
System settings is the central place for customizing environmental variables. System settings control a wide range of system characteristics such as: active features, method of user registration, method of mail dispatching, security characteristics, and many more. They also control a visual settings as well as themes.
The general settings tab offers access to various settings that affect the site's operation
Security settings offer amble settings for securing the eFront system. These settings include the ability to define the allowed and disallowed file extensions, the minimum password length, the inactivity time to logout users, the minimum password length and more.
- Allowed IPs: A comma separated white list of allowed IPs that can access the system. All other IPs are not allowed to the system. Wildcards are accepted, for example 10.10.10.*. Make sure that you don't lock out your own IP with this operation!
- Disallowed IPs: A comma separated black list of IPs that are not allowed to access the system. Black lists take precedence over white lists
- Allowed file extensions: A comma-separated white list of file extensions that are allowed to be uploaded. All other file extensions are disallowed
- Disallowed file extensions: A comma-separated black list of file extensions that are not allowed to be uploaded. All other file extensions are permitted. The black list takes precedence over the white list
- Minimum password length: Set this to a different value if you want to relax/tense the password length setting
- Log out user after (minutes): The time in minutes after which inactive users are logged out. Note: A user is considered inactive only if he/she has closed his/her browser or navigated away from the efront page. This is also the maximum fault for user time reports: In case a user navigates away from the LMS, his/her online LMS time may be reported up to X minutes more than the actual, where X is the value for this setting.
- Updater period (ms): The period, in ms, that a user's browser "pings" the server to revive his/her session. Depending on the site traffic, you might want to lower this value to offload the server. However, it should always be less than the autologout time. Keep in mind that a user may be automatically logged out from the system, depending on the session.gc_maxlifetime php setting. Another reason could be if you are storing session data in /tmp (default) and some process is periodically cleaning its contents
- Remove <script> tags from POST: If you don't trust your users to exploit your system for XSS attacks, you should prevent them from posting content with <script> tags. This however will also prevent building content that contains these tags
- Password reminder: Uncheck if you don't want users to be able to reset their passwords
- Encrypt URL: This option will convert all internal eFront URLs to an encoded form. This way, users will not be able to derive sensitive information, such as user login names or emails by looking at the address bar location, nor will they be able to alter the URL trying to override system restrictions or settings
These are internationalization settings that should be set according to the current locale:
- Default language: This is the default language of the system. New users will be created having this language as default.
Note: Changing this setting does not affect existing users
- Support only one (the default) Language: If set, then users do not have the option to specify their preferred language
- Date format: Enter the format with which you want dates to appear in the system
- Time zone: Specify the system's default timezone. This setting can be overridden for each user and does not affect existing users. System dates will be offset to match the users' preferences
- Currency: Enter the currency you want to be used for the e-commerce parts of the site.
- Show currency symbol: Specify whether the selected currency's symbol should display before or after prices, for example $1 or 1$
- Decimal point: Enter the decimal point you want to be used in the system
- Thousands separator: Enter the thousands separator you want to be used in the system
- Encode non-latin file names to: When a user uploads a file that its name contains non-latin characters, then it should be somehow encoded before being imported to the system. Since eFront is a pure UTF-8 system, all file names are encoded to UTF-8 before being stored. However, if you are using a windows server, then UTF-8 is not supported by its file system, and a different encoding should be selected. In this case, UTF7-IMAP is recommended (and default for windows server installation)
Through this tab you are able to define the mail server settings that will be used to send e-mails.
- System email: The email that is used as the "from" address in all system outgoing emails
- SMTP server: The email server to use, can be "localhost" or any smtp server address
- SMTP user: The user of the account needed to connect to the SMTP server.
- SMTP password: The password of the user that authenticates to the SMTP server
- Server SMTP port: The port that the SMTP server listens to.
- SMTP timeout: Seconds to wait until the SMTP server responds
- SMTP authentication: Check if your SMTP server requires authentication
Below you can see an example about setting up a gmail account. Note however that the right options depend on your e-mail server.
Note: Using a gmail account, SMTP user address will be displayed as sender in recipients inbox regardless of the "system email" address.
Through the Configuration tab you are able to define some basic php settings for your system.
- Memory limit: This sets the maximum amount of memory in bytes that the system is allowed to allocate. -1 value is not allowed for performance reasons. In case you get an error trying to use this value, just leave this field blank.
- Maximum execution time:This sets the maximum time in seconds a script is allowed to run before it is terminated by the parser. This helps prevent poorly written scripts from tying up the server. The default setting is 30. The maximum execution time is not affected by system calls, stream operations etc.
- GZ handler: Check this option to send data compressed to the web browser. Do not unset this unless you are experiencing trouble, as it may have detrimental effect on the site's speed
- Compress test results in database
- Maximum file size: If you cannot upload large files you should alter the upload limits.The upload size is limited by settings in the php.ini file. You can find the current php.ini file in effect if you log in as an admin and go to maintenance -> PHP info. Look for "Loaded Configuration File".
There are 3 settings that affect this:
The first two should be set to be the minimum file size you intend to upload. So, if you intend to upload files of 4MB, these should be set at least 4M. The 3rd is recommended to be 128M, but in any case it should not be less than the other two.
After making these changes to the php.ini file, you should restart your web server in order for the changes to take effect. After doing so, you can control the maximum upload size from admin -> system settings -> PHP, but you can't set it higher than the values specified in the php.ini file (only lower).
- Debug mode: If you enable debug mode, then a small debugging panel with speed and query information will display on every page, for every user
The User activation/registration function is used by the administrator to define the way in which the users will be able to register into the system and how their activation will take place.
- External signup: Uncheck if you don't want users to be able to register themselves (hides the "create account" link in the index page)
- Default user type: The user type which new users are created as
- "Keep me logged in" option: Once selected, the system remembers the user and keeps him logged in, until he logs-out.
- Automatic user activation: When checked, users are able to login to the platform as soon as they create their account. Otherwise, the administrator must activate their account
- User activation by email: Enable this if you want new users to have to click on a confirmation email sent out to their email address, in order to user the system
- Supervisor email activation (enterprise edition): Click this if you want new users to be activated by their supervisor
- Enable license note: If you enable the license note, then all new users will be presented with a note that they must accept in order to use the system.
- Reset license note: Clicking on this link will reset the "read" status of all users. You can use this if the site's license note has changes and you want all users to re-comply to the new terms
- License note: The license not text
- Allow independent lessons: If you leave this unchecked, then there cannot be lessons outside courses in the system
- Show group key option: Uncheck this if you want to prevent users from using a group key to be directly assign to groups
- Mapped accounts: If you disable mapped accounts, then users will not be able to map their accounts to a different one, for fast switching
- Username format: Using this field you can change the username format i.e. the way users' login names will appear in the platform. You can use the following variables: #name# for the first name, #surname# for the last name, #login# for the login, #type# for the user type and #n# for the first name's initial letter. So, for example, for the default format, #surname# #n#. (#login#), the user "John Doe" with username "jdoe" will appear as "Doe J. (jdoe)"
- Maximum usage space in private messages: You can define the maximum user allowed usage space size in MB.
- Lesson time reports: You can switch to active time if you want the system to monitor and report only times that the user actually goes through the content. Switch to total time if you want the system to report the total time a user spends on a lesson, regardless which page he/she is on.
Warning: Switching to active time reporting will overwrite any active times that have been recorded so far with the corresponding total times.
The administrator can define whether or not to allow multiple logins. Allowing multiple logins enables concurrent logins with certain exceptions (i.e. groups or types of users). Otherwise, if no multiple logins are set, then when a user logs in with a username that is already logged in, the older session will be disconnected.
Web server authentication
The settings below can be used to automatically handle user registration and authentication using some HTTP server variables
- Web server authentication: Check this to enable web server based authentication
- Web server registration: Check this to enable web server based registration
- Error page displayed when the username is missing or empty: Specify which page should be presented to the user in case he/she visits the system, with the "username" variable not being populated
- Error page displayed when the user could not be created: Specify which page should be presented to the user in case he/she visits the system and the automatic registration fails
- Variable that contains the username: The web server variable that holds the user name
- Include file that handles user creation: The file that will handle the user registration
How it works: Supposedly you had a different mechanism to authenticate/register users to your system and you wanted to bypass efront's settings. You could populate the a server variable (REMOTE_USER by default) with the user name and enable web server authentication below. In order to do this, you should follow these steps:
- Login as admin and enable web server authentication. The username server variable must hold your current username, otherwise you can't continue
- From now on, any user that visits the site without an equivalent username value in the web server (set through the "Variable that contains the username" option), will be presented with the "Server error" page.
- If you don't check the "Web server registration", then no automatic registration will take place, only authentication. This means that any user that is valid in the web server space, but does not have an eFront account, will be presented with an "Authentication error" page
- If you check the "Web server registration" checkbox as well, then valid users that don't have an eFront account, will trigger inclusion of the file specified in "Include file that handles user creation" field. There is a sample file in the distribution, libraries/includes/webserver_registration.php, which you can use as a guideline
- The "Server error" and "Authentication error" pages are customizable. If you want to use completely your own, you can upload them to the "external" folder of the default theme.
This tab allows the administrator to customize the appearance of the eFront installation.
- Show footer: Whether to display a message on the site's footer. This setting may be overriden by the current theme's settings, see How_to_build_a_theme How_to_build_a_theme
- Edit footer: Enter any custom text that you want to appear inside the footer. This message replaces the default message
- Site name: Enter the site name, as it will appear on the pages header and elsewhere
- Site motto: A subtitle that will appear along with site name
- Show name and motto also on header: Uncheck this if you don't want the site name and motto to appear on the header. This is usually the case when the logo already contains this information
- Collapse catalog: Whether the courses list should appear collapsed. If you select "No", then all lessons and courses appear expanded. If you select "Only for lessons", then only the courses appear expanded, but their contents are hidden. If you select "yes", then everything below the root categories are collapsed
- Show empty blocks: Whether empty blocks should appear on the index page
- Show lesson/courses catalog: Whether the courses catalog should appear. Selecting "yes" will make the catalog appear in both the index page and the initial page a user sees after logging in. Selecting "Yes, but only after user logs in" does not display the catalog on the index page, to unauthenticated users. Selecting "No" always hides the catalog, thus preventing users from enrolling to courses/lessons themselves
- Redirect user after login to: User this option to specify which page a user is redirected to right after logging in. If you select "User's catalog", then the user will see a list of the courses/lessons he/she is enrolled in. If you select "User's dashboard", then the user will be redirected to his/her dashboard. In addition, if there are modules with "landing page" facilities installed in the system, they will appear in the list as well
- Redirect after logout to: Enter a URL where you want users to be redirected after they logout, instead of the system's index.php page
- Load videojs: Videojs is a library that allows you to load html5 videos. By enabling this option the necessary header code of the library is loaded (in <head>). You can insert in your content pages the html code that loads your video as described here (in <body> section)
Use this tab if you want to set the system's logo, which is the image that appears in the header.
- File Name: Click to select an image file from your system
- Logo width: Specify a width for your image, if you want it resized. This option is available only if php_gd extension is installed.
- Logo height: Specify a height for your image, if you want it resized. This option is available only if php_gd extension is installed.
- Normalize dimensions: Check to have the system automatically adjust your image so that the original proportions are kept. This option is available only if php_gd extension is installed.
- Use logo: Use this dropbox to select between the default logo, site logo and theme logo.
Use this tab if you want to set the system's favicon, which is the small icon that appears next to the site's address in the browser's address bar.
- File name: Pick a file from your computer to use as favicon
- Use default favicon: Check if you want to reset the current favicon to the default one
This is a collection of tools that are either 3rd party or can be used to communicate with 3rd party applications
- Enable XML API: If checked, then the system's XML api is enabled. You can read more about eFront's XML API at 
- Editor type: Select which editor version you want to use. The newer is recommended, unless you are experiencing difficulties
- Zip handling method: Select which way you want eFront to handle zip files. There are 2 options: 'PHP' uses PHP's own zip handling functions, while 'System' uses the underlying operating system's functionality (not available on Windows servers). The former is generally considered more compatible but the latter is usually faster
You can use math libraries if you want to write mathematical equations. See [ http://www.forkosh.com/mimetex.html] for more information
- Enable mathematic type content: Check this to enable math equation typing
- Display math types as images: Enable this if your users can't see the equations
- Math server location: Specify the location of the Math server.
phpLiveDocx is a platform used to transform certificate documents in a pdf format. It is released under the following license: http://www.phplivedocx.org/articles/phplivedocx-license/ . You have to sign up for an account there and paste your credentials. It is used to export the eFront certificates in pdf format.
- Phplivedocx server: The address of the livedocx service you want to use. On rare cases this may need to change to an older version
- User name: Your phplivedocx account user name
- Password: Your phplivedocx account password
A LDAP server is a user management system very popular among large organizations. eFront can use a LDAP server for creating and authenticating users. When LDAP support is enabled in eFront, then a user that has a LDAP account can use it to access eFront following the procedure below:
- The user visits eFront for the first time and uses his/her credentials to login.
- The user is then redirected to a special page where he/she is asked to fill-in and verify his/her information, which was retrieved by the LDAP server. What information is retrieved can be customized from the LDAP properties in administrator's system settings (see below)
- After clicking on submit, an account for this user is created. The password is never saved in efront
- Next time the user visits efront and uses his/her credentials, he/she is authenticated with the LDAP server
In order to use LDAP, PHP's LDAP extension must be loaded. If you are on a windows environment, please extract the file "php_ldap.dll" from the full php zip archive and place inside the "ext/" folder of your php installation (for example, c:\php\ext). Afterwards, edit the file php.ini, locate the extensions section (there will be plenty of lines like
extension=php_xxx.dll) and place the line
extension=php_ldap.dll. Restart the apache server afterwards. (see also Installing PHP windows extensions)
If you are on a Linux environment, then use your distro's installation program (for example aptitude or yum) to install php5-ldap extension
You can configure LDAP settings from administrator account -> system settings -> External -> LDAP. Below the most important settings are explained:
- Activate LDAP support: Use this to activate/deactivate LDAP access
- Support only LDAP registration: Use this to disable the ability for users to signup if they don't have a valid LDAP account
- LDAP server: The server to connect to, usually in the form ldap://ldap.example.net, or ldaps://ldap.example.net for secure connections
- LDAP server port: Usually 389 or 636 for secure connections
- LDAP bind dn: The username that eFront will use to connect to the ldap server
- LDAP base dn: The base dn is where all searches and users are located. All operations are performed on this dn and below
- LDAP protocol version: It's usually 2 or 3, with the latter being preferable and more common
Attribute mappings: eFront uses the default openLDAP attributes to map user's information to its own internal representation. If you are using a different LDAP server (for example, Active directory), you might want to change this mapping. In this case, the most important attribute is the Login name attribute which for Active Directory should be set to sAMAccountName
Important note #1: The base dn connection password is stored in the database in plain text. It is strongly recommended that you use a special account with limited read-only privileges to retrieve information from the LDAP server
Important note #2: Certain version of AD are case-sensitive, so make sure that "sAMAccountName" is not "samaccountname" in your installation
In the image below you can see a working LDAP configuration that connects to an openLDAP server
Here you can set various display and functionality options for eFront
Use this list to disable or enable site-wide the respective functionality. It overrides any other user,lesson or course level settings.
This section is not available in the community edition
This allows the administrator to define which social options will be available to the users of the system. The administrator can also enable the Facebook integration, by providing the Facebook API key and the Facebook Application Secret. The facebook connection can be activated by clicking on the corresponding checkbox. Facebook data acquisition and external login through Facebook, can be activated via their Facebook account. For detailed information, visit the social section of the wiki
- Event's logging: Leave unchecked if you don't want system events to be logged.
- System timelines: When enabled, users can see the system timeline
- Lesson timelines: When enabled, users can see timelines for the lessons they are enrolled in
- People: When enabled, users can see a list and interact with other users sharing the same lessons
- Comments/Wall: When enabled, users can post messages to their wall or comments to other users' messages
- User status: When enabled, users are able to set a status on their public profile.
- Facebook data acquisition: Use this to enable data retrieval from the users' facebook account (avatar and status changes)
- External login through Facebook: Use this if you want users to be able to login using their facebook account
- Connection with Facebook: Enable connection with facebook
- Facebook API key: The API key for connecting to facebook
- Facebook Application Secret: The API secret for connecting to facebook
Note: This section is only available in the enterprise edition
These are organization-specific options
- Show organization chart to users: If enabled, then employees can view the organization chart from their account's "organization" section
- Show full organization chart to users: If not selected the users will be able to see only this part of the organization tree that concerns them. Only the branches to which the users belong and their sub-branches will be shown to them.
- Show training record to users: If enabled, then the training record is also available to employees (see Training record )
- Show unassigned users to supervisors: If set, then then employees list in supervisor view will include users that are not assigned to any branch and supervisors may assign them to their own branch if they want to.
- Allow users to delete supervisor shared files: Whenchecked, employees are allowed to delete any files that their supervisors have shared with them. Supervisors of the platform can upload files in the users' profile. The users can see these files in their personal information tab, and if this option is set, they can delete them.
- Propagate branch courses to branch users: Allows the administrator to define if the branch's courses will be automatically assigned to the users assigned to the branch.
- Users may sign in from the default URL: When selected it allows the users to sign in to the platform using the default (main) url. Otherwise, users can only login using their branch's url.
|File||Size||Date||Attached by|| |
|24.35 kB||15:35, 31 May 2012||elpapath|
| ||email settings.png|
|30.54 kB||16:19, 10 Dec 2010||elpapath|
| ||enterprise options.png|
|20.02 kB||09:47, 9 Apr 2012||elpapath|
| ||external tools.png|
|23.26 kB||16:52, 10 Dec 2010||elpapath|
|21.68 kB||16:41, 10 Dec 2010||elpapath|
|24.88 kB||13:15, 28 Mar 2012||elpapath|
| ||locale settings.png|
|32.45 kB||16:19, 10 Dec 2010||elpapath|
|21.85 kB||14:59, 19 Apr 2011||elpapath|
| ||math settings.png|
|27.48 kB||16:52, 10 Dec 2010||elpapath|
| ||multiple logins.png|
|31.33 kB||16:36, 10 Dec 2010||elpapath|
| ||php livedocx.png|
|27.54 kB||16:52, 10 Dec 2010||elpapath|
| ||security settings.png|
|28.85 kB||16:33, 13 Mar 2012||elpapath|
| ||social options.png|
|28.53 kB||16:57, 10 Dec 2010||elpapath|
| ||system options.png|
|22.3 kB||11:57, 9 Apr 2012||elpapath|
| ||system settings configuration.png|
|24.31 kB||14:46, 19 Apr 2011||elpapath|
| ||user registration.png|
|19.49 kB||15:33, 11 Oct 2011||elpapath|
| ||web server authentication.png|
|32.38 kB||16:36, 10 Dec 2010||elpapath|