From 795e019d0de3731fab71c98ab0487e84d6f7e952 Mon Sep 17 00:00:00 2001
From: Joey <chaeldarrs@gmail.com>
Date: Sun, 26 Jan 2014 09:25:46 -0500
Subject: [PATCH] cleaned up config options a bit

---
 public/include/config/global.inc.dist.php | 13 ++++++++++---
 public/index.php                          |  4 +++-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php
index d59d3ca5..63bee3a6 100644
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@@ -3,15 +3,22 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 /**
  * Forces extra security options when enabled
+ * 
+ * You must have Memcache enabled and configured & Memcache anti-dos configured to use this.
+ * 
+ *   Check -> Memcache configuration
+ *   Check -> Memcache anti resource-dos
+ *   
+ *   Runs a FILTER_VALIDATE_*TYPE on every parameter of bind_param
+ *   Verifies server vs. bound protocol/host/port set below
+ *   Enables memcache rate limiting of requests
+ *   Verifies client when creating/resuming from a session
  */
 $config['strict'] = true;
 $config['strict__enforce_ssl'] = false;
 $config['strict__bind_protocol'] = 'http';
 $config['strict__bind_host'] = 'localhost';
 $config['strict__bind_port'] = 80;
-// CHANGE THIS KEY
-define('strict__FIP_key', '45934debe4965c10c424254a2c8170df');
-// If you use this, you'll also have to change a key in public/index.php ... you'll see.
 
 /**
  * Do not edit this unless you have confirmed that your config has been updated!
diff --git a/public/index.php b/public/index.php
index f602a732..b06c87b5 100644
--- a/public/index.php
+++ b/public/index.php
@@ -19,9 +19,11 @@ limitations under the License.
 
 // Set a decently long SECURITY key with special chars etc
 define('SECURITY', '*)WT#&YHfd');
-// Disable the sechash check if you're sure, still checks if SECURITY defined as before
+// Whether or not to check SECHASH for validity, still checks if SECURITY defined as before if disabled
 define('SECHASH_CHECK', true);
 
+// Nothing below here to configure, move along...
+
 // change SECHASH every second, we allow up to 3 sec back for slow servers
 if (SECHASH_CHECK) {
   function fip($tr=0) { return md5(SECURITY.(time()-$tr).SECURITY); }