diff --git a/conf/config.proto b/conf/config.proto
new file mode 100644
index 00000000..280c1e8d
--- /dev/null
+++ b/conf/config.proto
@@ -0,0 +1,29 @@
+[database]
+dsn_prefix = mysql
+host = localhost
+socket = /var/run/mysqld/mysqld.sock
+name = AUR
+user = aur
+password = aur
+
+[paths]
+storage = /srv/aur/unsupported/
+
+[options]
+username_min_len = 3
+username_max_len = 16
+passwd_min_len = 4
+default_lang = en
+sql_debug = 0
+max_sessions_per_user = 8
+login_timeout = 7200
+persistent_cookie_timeout = 2592000
+max_filesize_uncompressed = 8388608
+disable_http_login = 1
+aur_location = http://localhost
+package_url = /packages/
+use_virtual_urls = 1
+max_rpc_results = 5000
+aur_request_ml = aur-requests@archlinux.org
+request_idle_time = 1209600
+auto_orphan_age = 15552000
diff --git a/scripts/aurblup/aurblup-wrapper b/scripts/aurblup/aurblup-wrapper
index b056030d..c7b20afe 100755
--- a/scripts/aurblup/aurblup-wrapper
+++ b/scripts/aurblup/aurblup-wrapper
@@ -8,10 +8,14 @@ if (empty($dir)) {
 }
 
 set_include_path(get_include_path() . PATH_SEPARATOR . "$dir/lib");
-include("config.inc.php");
+include("confparser.inc.php");
+
+$user = config_get('database', 'user');
+$password = config_get('database', 'password');
+$name = config_get('database', 'name');
 
 exec($dir . "/../scripts/aurblup/aurblup " .
 	"-S /var/run/mysqld/mysqld.sock " .
-	"-u " . escapeshellarg(AUR_db_user) . " " .
-	"-p " . escapeshellarg(AUR_db_pass) . " " .
-	"-D " . escapeshellarg(AUR_db_name));
+	"-u " . escapeshellarg($user) . " " .
+	"-p " . escapeshellarg($password) . " " .
+	"-D " . escapeshellarg($name));
diff --git a/scripts/cleanup b/scripts/cleanup
index 1fe63a27..0ccbe7df 100755
--- a/scripts/cleanup
+++ b/scripts/cleanup
@@ -16,24 +16,25 @@ if (empty($dir)) {
 }
 
 set_include_path(get_include_path() . PATH_SEPARATOR . "$dir/lib");
-include("config.inc.php");
+include("confparser.inc.php");
 include("aur.inc.php");
 include("pkgfuncs.inc.php");
 
 $count = 0;
 
-$buckets = scandir(INCOMING_DIR);
+$incoming_dir = config_get('paths', 'storage');
+$buckets = scandir($incoming_dir);
 foreach ($buckets as $bucket) {
-	$bucketpath = INCOMING_DIR . $bucket;
+	$bucketpath = $incoming_dir . $bucket;
 	if ($bucket == '.' || $bucket == '..' || !is_dir($bucketpath)) {
 		continue;
 	}
-	$files = scandir(INCOMING_DIR . $bucket);
+	$files = scandir($incoming_dir . $bucket);
 	foreach ($files as $pkgname) {
 		if ($pkgname == '.' || $pkgname == '..') {
 			continue;
 		}
-		$fullpath = INCOMING_DIR . $bucket . "/" . $pkgname;
+		$fullpath = $incoming_dir . $bucket . "/" . $pkgname;
 		if (!pkg_from_name($pkgname) && is_dir($fullpath)) {
 			echo 'Removing ' . $fullpath . "\n";
 			rm_tree($fullpath);
diff --git a/upgrading/3.5.0.txt b/upgrading/3.5.0.txt
index 1990c47a..e8af4af8 100644
--- a/upgrading/3.5.0.txt
+++ b/upgrading/3.5.0.txt
@@ -17,3 +17,7 @@ ALTER TABLE PackageVotes ADD COLUMN VoteTS BIGINT NULL DEFAULT NULL;
 ----
 INSERT INTO PackageCategories (Category) VALUES ('wayland');
 ----
+
+4. The configuration file format has been changed. Make sure you convert
+web/lib/config.inc.php to the new format (see conf/config.proto for an example
+configuration) and put the resulting file in conf/config.
diff --git a/web/html/login.php b/web/html/login.php
index e458fec0..dba3af53 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -5,7 +5,8 @@ include_once("aur.inc.php");
 set_lang();
 check_sid();
 
-if (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
+$disable_http_login = config_get_bool('options', 'disable_http_login');
+if (!$disable_http_login || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
 	$login = try_login();
 	$login_error = $login['error'];
 }
@@ -19,7 +20,7 @@ html_header('AUR ' . __("Login"));
 		<?= __("Logged-in as: %s", '<strong>' . username_from_sid($_COOKIE["AURSID"]) . '</strong>'); ?>
 		<a href="<?= get_uri('/logout/'); ?>">[<?= __("Logout"); ?>]</a>
 	</p>
-	<?php elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])): ?>
+	<?php elseif (!$disable_http_login || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])): ?>
 	<form method="post" action="<?= get_uri('/login') ?>">
 		<fieldset>
 			<legend><?= __('Enter login credentials') ?></legend>
@@ -28,7 +29,7 @@ html_header('AUR ' . __("Login"));
 			<?php endif; ?>
 			<p>
 				<label for="id_username"><?= __('Username') . ':'; ?></label>
-				<input id="id_username" type="text" name="user" size="30" maxlength="<?= USERNAME_MAX_LEN; ?>" value="<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?>" />
+				<input id="id_username" type="text" name="user" size="30" maxlength="<?= config_get_int('options', 'username_max_len'); ?>" value="<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?>" />
 			</p>
 			<p>
 				<label for="id_password"><?= __('Password') . ':'; ?></label>
@@ -47,7 +48,7 @@ html_header('AUR ' . __("Login"));
 	<?php else: ?>
 	<p>
 		<?php printf(__("HTTP login is disabled. Please %sswitch to HTTPs%s if you want to login."),
-			'<a href="' . $AUR_LOCATION . get_uri('/login') . '">', '</a>'); ?>
+			'<a href="' . aur_location() . get_uri('/login') . '">', '</a>'); ?>
 	</p>
 	<?php endif; ?>
 </div>
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index 8cecd673..be9220ec 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -1,7 +1,6 @@
 <?php
 
 set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
-include_once("config.inc.php");
 
 require_once('Archive/Tar.php');
 
@@ -64,11 +63,12 @@ if ($uid):
 		}
 
 		# Check uncompressed file size (ZIP bomb protection)
-		if (!$error && $MAX_FILESIZE_UNCOMPRESSED) {
+		$max_filesize_uncompressed = config_get_int('options', 'max_filesize_uncompressed');
+		if (!$error && $max_filesize_uncompressed) {
 			fseek($fh, -4, SEEK_END);
 			list(, $filesize_uncompressed) = unpack('V', fread($fh, 4));
 
-			if ($filesize_uncompressed > $MAX_FILESIZE_UNCOMPRESSED) {
+			if ($filesize_uncompressed > $max_filesize_uncompressed) {
 				$error = __("Error - uncompressed file size too large.");
 			}
 		}
@@ -273,7 +273,7 @@ if ($uid):
 		}
 
 		if (isset($pkgbase_name)) {
-			$incoming_pkgdir = INCOMING_DIR . substr($pkgbase_name, 0, 2) . "/" . $pkgbase_name;
+			$incoming_pkgdir = config_get('paths', 'storage') . substr($pkgbase_name, 0, 2) . "/" . $pkgbase_name;
 		}
 
 		/* Upload PKGBUILD and tarball. */
diff --git a/web/lib/DB.class.php b/web/lib/DB.class.php
index 09759892..b538e0d3 100644
--- a/web/lib/DB.class.php
+++ b/web/lib/DB.class.php
@@ -1,5 +1,7 @@
 <?php
 
+include_once("confparser.inc.php");
+
 class DB {
 
 	/**
@@ -15,8 +17,19 @@ class DB {
 	public static function connect() {
 		if (self::$dbh === null) {
 			try {
-				self::$dbh = new PDO(AUR_db_DSN_prefix . ":" . AUR_db_host
-					. ";dbname=" . AUR_db_name, AUR_db_user, AUR_db_pass);
+				$dsn_prefix = config_get('database', 'dsn_prefix');
+				$host = config_get('database', 'host');
+				$socket = config_get('database', 'socket');
+				$name = config_get('database', 'name');
+				$user = config_get('database', 'user');
+				$password = config_get('database', 'password');
+
+				$dsn = $dsn_prefix .
+				       ':host=' . $host .
+				       ';unix_socket=' . $socket .
+				       ';dbname=' . $name;
+
+				self::$dbh = new PDO($dsn, $user, $password);
 				self::$dbh->exec("SET NAMES 'utf8' COLLATE 'utf8_general_ci';");
 			} catch (PDOException $e) {
 				die('Error - Could not connect to AUR database');
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 2272010d..1d38fe11 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -89,7 +89,7 @@ function display_account_form($A,$U="",$T="",$S="",
  */
 function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
 			$P="",$C="",$R="",$L="",$I="",$K="",$J="",$UID=0) {
-	global $SUPPORTED_LANGS, $AUR_LOCATION;
+	global $SUPPORTED_LANGS;
 
 	$error = '';
 
@@ -118,9 +118,11 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
 	}
 
 	if (!$error && !valid_username($U)) {
+		$length_min = config_get_int('options', 'username_min_len');
+		$length_max = config_get_int('options', 'username_max_len');
+
 		$error = __("The username is invalid.") . "<ul>\n"
-			."<li>" . __("It must be between %s and %s characters long",
-			USERNAME_MIN_LEN,  USERNAME_MAX_LEN )
+			. "<li>" . __("It must be between %s and %s characters long", $length_min, $length_max)
 			. "</li>"
 			. "<li>" . __("Start and end with a letter or number") . "</li>"
 			. "<li>" . __("Can contain only one period, underscore or hyphen.")
@@ -130,8 +132,11 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
 	if (!$error && $P && $C && ($P != $C)) {
 		$error = __("Password fields do not match.");
 	}
-	if (!$error && $P != '' && !good_passwd($P))
-		$error = __("Your password must be at least %s characters.",PASSWD_MIN_LEN);
+	if (!$error && $P != '' && !good_passwd($P)) {
+		$length_min = config_get_int('options', 'passwd_min_len');
+		$error = __("Your password must be at least %s characters.",
+			$length_min);
+	}
 
 	if (!$error && !valid_email($E)) {
 		$error = __("The email address is invalid.");
@@ -244,7 +249,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
 			'not work try copying and ' .
 			'pasting it into your ' .
 			'browser.',
-			$AUR_LOCATION);
+			aur_location());
 		send_resetkey($email, $subject, $body);
 
 		print __("A password reset key has been sent to your e-mail address.");
@@ -406,14 +411,9 @@ function search_results_page($O=0,$SB="",$U="",$T="",
 /**
  * Attempt to login and generate a session
  *
- * @global int $MAX_SESSIONS_PER_USER Maximum sessions a single user may have open
- * @global int $PERSISTENT_COOKIE_TIMEOUT Time until cookie expires
- *
  * @return array Session ID for user, error message if applicable
  */
 function try_login() {
-	global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT;
-
 	$login_error = "";
 	$new_sid = "";
 	$userID = null;
@@ -456,16 +456,17 @@ function try_login() {
 
 	/* Generate a session ID and store it. */
 	while (!$logged_in && $num_tries < 5) {
-		if ($MAX_SESSIONS_PER_USER) {
+		$session_limit = config_get_int('options', 'max_sessions_per_user');
+		if ($session_limit) {
 			/*
 			 * Delete all user sessions except the
-			 * last ($MAX_SESSIONS_PER_USER - 1).
+			 * last ($session_limit - 1).
 			 */
 			$q = "DELETE s.* FROM Sessions s ";
 			$q.= "LEFT JOIN (SELECT SessionID FROM Sessions ";
 			$q.= "WHERE UsersId = " . $userID . " ";
 			$q.= "ORDER BY LastUpdateTS DESC ";
-			$q.= "LIMIT " . ($MAX_SESSIONS_PER_USER - 1) . ") q ";
+			$q.= "LIMIT " . ($session_limit - 1) . ") q ";
 			$q.= "ON s.SessionID = q.SessionID ";
 			$q.= "WHERE s.UsersId = " . $userID . " ";
 			$q.= "AND q.SessionID IS NULL;";
@@ -499,7 +500,8 @@ function try_login() {
 	/* Set the SID cookie. */
 	if (isset($_POST['remember_me']) && $_POST['remember_me'] == "on") {
 		/* Set cookies for 30 days. */
-		$cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT;
+		$timeout = config_get_int('options', 'persistent_cookie_timeout');
+		$cookie_time = time() + $timeout;
 
 		/* Set session for 30 days. */
 		$q = "UPDATE Sessions SET LastUpdateTS = $cookie_time ";
@@ -531,18 +533,20 @@ function is_ipbanned() {
 /**
  * Validate a username against a collection of rules
  *
- * The username must be longer or equal to USERNAME_MIN_LEN. It must be shorter
- * or equal to USERNAME_MAX_LEN. It must start and end with either a letter or
- * a number. It can contain one period, hypen, or underscore. Returns boolean
- * of whether name is valid.
+ * The username must be longer or equal to the configured minimum length. It
+ * must be shorter or equal to the configured maximum length. It must start and
+ * end with either a letter or a number. It can contain one period, hypen, or
+ * underscore. Returns boolean of whether name is valid.
  *
  * @param string $user Username to validate
  *
  * @return bool True if username meets criteria, otherwise false
  */
 function valid_username($user) {
-	if (strlen($user) < USERNAME_MIN_LEN ||
-	    strlen($user) > USERNAME_MAX_LEN) {
+	$length_min = config_get_int('options', 'username_min_len');
+	$length_max = config_get_int('options', 'username_max_len');
+
+	if (strlen($user) < $length_min || strlen($user) > $length_max) {
 		return false;
 	} else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/Di", $user)) {
 		return false;
@@ -645,8 +649,6 @@ function create_resetkey($resetkey, $uid) {
  * @return void
  */
 function send_resetkey($email, $subject, $body) {
-	global $AUR_LOCATION;
-
 	$uid = uid_from_email($email);
 	if ($uid == null) {
 		return;
@@ -658,9 +660,8 @@ function send_resetkey($email, $subject, $body) {
 
 	/* Send e-mail with confirmation link. */
 	$body = wordwrap($body, 70);
-	$body .=  "\n\n".
-		  "{$AUR_LOCATION}/" . get_uri('/passreset/') . "?".
-		  "resetkey={$resetkey}";
+	$body .=  "\n\n". aur_location() . "/" .  get_uri('/passreset/') .
+		  "?resetkey={$resetkey}";
 	$headers = "MIME-Version: 1.0\r\n" .
 		   "Content-type: text/plain; charset=UTF-8\r\n" .
 		   "Reply-to: noreply@aur.archlinux.org\r\n" .
@@ -708,10 +709,8 @@ function password_reset($hash, $salt, $resetkey, $email) {
  * @return bool True if longer than minimum length, otherwise false
  */
 function good_passwd($passwd) {
-	if ( strlen($passwd) >= PASSWD_MIN_LEN ) {
-		return true;
-	}
-	return false;
+	$length_min = config_get_int('options', 'passwd_min_len');
+	return (strlen($passwd) >= $length_min);
 }
 
 /**
@@ -903,16 +902,13 @@ function delete_user_sessions($uid) {
 /**
  * Remove sessions from the database that have exceed the timeout
  *
- * @global int $LOGIN_TIMEOUT Time until session expires
- *
  * @return void
  */
 function clear_expired_sessions() {
-	global $LOGIN_TIMEOUT;
-
 	$dbh = DB::connect();
 
-	$q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - $LOGIN_TIMEOUT)";
+	$timeout = config_get_int('options', 'login_timeout');
+	$q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - " . $timeout . ")";
 	$dbh->query($q);
 
 	return;
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 81cbf694..c4a1705a 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -10,12 +10,12 @@ date_default_timezone_set('UTC');
 include_once('translator.inc.php');
 set_lang();
 
-include_once("config.inc.php");
 include_once("DB.class.php");
 include_once("routing.inc.php");
 include_once("version.inc.php");
 include_once("acctfuncs.inc.php");
 include_once("cachefuncs.inc.php");
+include_once("confparser.inc.php");
 include_once("credentials.inc.php");
 
 /**
@@ -26,16 +26,15 @@ include_once("credentials.inc.php");
  * session timeout if it is still valid.
  *
  * @global array $_COOKIE User cookie values
- * @global string $LOGIN_TIMEOUT Time until session times out
  *
  * @return void
  */
 function check_sid() {
 	global $_COOKIE;
-	global $LOGIN_TIMEOUT;
 
 	if (isset($_COOKIE["AURSID"])) {
 		$failed = 0;
+		$timeout = config_get_int('options', 'login_timeout');
 		# the visitor is logged in, try and update the session
 		#
 		$dbh = DB::connect();
@@ -50,7 +49,7 @@ function check_sid() {
 			$failed = 1;
 		} else {
 			$last_update = $row[0];
-			if ($last_update + $LOGIN_TIMEOUT <= $row[1]) {
+			if ($last_update + $timeout <= $row[1]) {
 				$failed = 2;
 			}
 		}
@@ -73,11 +72,11 @@ function check_sid() {
 			# and update the idle timestamp
 
 			# Only update the timestamp if it is less than the
-			# current time plus $LOGIN_TIMEOUT.
+			# current time plus $timeout.
 			#
 			# This keeps 'remembered' sessions from being
 			# overwritten.
-			if ($last_update < time() + $LOGIN_TIMEOUT) {
+			if ($last_update < time() + $timeout) {
 				$q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() ";
 				$q.= "WHERE SessionID = " . $dbh->quote($_COOKIE["AURSID"]);
 				$dbh->exec($q);
@@ -274,8 +273,6 @@ function uid_from_sid($sid="") {
  * @return void
  */
 function html_header($title="", $details=array()) {
-	global $AUR_LOCATION;
-	global $DISABLE_HTTP_LOGIN;
 	global $LANG;
 	global $SUPPORTED_LANGS;
 
@@ -588,3 +585,16 @@ function array_pkgbuild_merge($pkgbase_info, $section_info) {
 function bound($n, $min, $max) {
 	return min(max($n, $min), $max);
 }
+
+/**
+ * Return the URL of the AUR root
+ *
+ * @return string The URL of the AUR root
+ */
+function aur_location() {
+	$location = config_get('options', 'aur_location');
+	if (substr($location, -1) != '/') {
+		$location .= '/';
+	}
+	return $location;
+}
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index b31143e7..025adaf9 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -192,7 +192,8 @@ class AurJSON {
 	}
 
 	private function process_query($type, $where_condition) {
-		global $MAX_RPC_RESULTS;
+		$max_results = config_get_int('options', 'max_rpc_results');
+		$package_url = config_get('options', 'package_url');
 
 		if ($this->version == 1) {
 			$fields = implode(',', self::$fields_v1);
@@ -207,7 +208,7 @@ class AurJSON {
 				"ON Licenses.ID = PackageLicenses.LicenseID " .
 				"WHERE ${where_condition} " .
 				"GROUP BY Packages.ID " .
-				"LIMIT $MAX_RPC_RESULTS";
+				"LIMIT $max_results";
 		} elseif ($this->version >= 2) {
 			$fields = implode(',', self::$fields_v2);
 			$query = "SELECT {$fields} " .
@@ -216,7 +217,7 @@ class AurJSON {
 				"LEFT JOIN Users " .
 				"ON PackageBases.MaintainerUID = Users.ID " .
 				"WHERE ${where_condition} " .
-				"LIMIT $MAX_RPC_RESULTS";
+				"LIMIT $max_results";
 		}
 		$result = $this->dbh->query($query);
 
@@ -226,7 +227,7 @@ class AurJSON {
 			while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
 				$resultcount++;
 				$pkgbase_name = $row['PackageBase'];
-				$row['URLPath'] = URL_DIR . substr($pkgbase_name, 0, 2) . "/" . $pkgbase_name . "/" . $pkgbase_name . ".tar.gz";
+				$row['URLPath'] = $package_url . substr($pkgbase_name, 0, 2) . "/" . $pkgbase_name . "/" . $pkgbase_name . ".tar.gz";
 
 				/*
 				 * Unfortunately, mysql_fetch_assoc() returns
@@ -254,7 +255,7 @@ class AurJSON {
 				}
 			}
 
-			if ($resultcount === $MAX_RPC_RESULTS) {
+			if ($resultcount === $max_results) {
 				return $this->json_error('Too many package results.');
 			}
 
@@ -303,8 +304,6 @@ class AurJSON {
 	 * @return mixed Returns an array of package matches.
 	 */
 	private function search($keyword_string) {
-		global $MAX_RPC_RESULTS;
-
 		if (strlen($keyword_string) < 2) {
 			return $this->json_error('Query arg too small');
 		}
diff --git a/web/lib/config.inc.php.proto b/web/lib/config.inc.php.proto
deleted file mode 100644
index 62421ece..00000000
--- a/web/lib/config.inc.php.proto
+++ /dev/null
@@ -1,72 +0,0 @@
-<?php
-
-# NOTE: modify these variables if your MySQL setup is different
-
-define( "AUR_db_DSN_prefix", "mysql" );
-define( "AUR_db_host", "unix_socket=/var/run/mysqld/mysqld.sock" );
-define( "AUR_db_name", "AUR" );
-define( "AUR_db_user", "aur" );
-define( "AUR_db_pass", "aur" );
-
-# Configuration of directories where things live
-define( "INCOMING_DIR", "/srv/aur/unsupported/" );
-define( "URL_DIR", "/packages/" );
-
-define( "USERNAME_MIN_LEN", 3 );
-define( "USERNAME_MAX_LEN", 16 );
-define( "PASSWD_MIN_LEN", 4 );
-
-# Default language for displayed messages in the web interface.
-define("DEFAULT_LANG", "en");
-
-# Enable debug sql output. This sends each query to error_log. Useful for
-# development. Should not be enabled in production. Default to 0 (off).
-define("SQL_DEBUG", 0);
-
-# Set cache type. Either "APC", "MEMCACHE", or "NONE". Defaults to NONE.
-#define("CACHE_TYPE", "APC");
-#define("CACHE_TYPE", "MEMCACHE");
-
-# If using memcache cache_type, list servers. You can separate multiple servers
-# with a comma, ex: '127.0.0.1:11211,127.0.0.1:11212'. If undefined, defaults
-# to '127.0.0.1:11211'.
-#define("MEMCACHE_SERVERS", '127.0.0.1:11211');
-
-# Session limit per user
-$MAX_SESSIONS_PER_USER = 8;
-
-# Idle seconds before timeout
-$LOGIN_TIMEOUT = 7200;
-
-# Session timeout when using "Remember me" cookies
-$PERSISTENT_COOKIE_TIMEOUT = 60 * 60 * 24 * 30;
-
-# Uncompressed file size limit for submitted tarballs (ZIP bomb protection) -
-# please ensure "upload_max_filesize" is additionally set to no more than 3M,
-# otherwise this check might be easy to bypass (FS#22991 for details)
-$MAX_FILESIZE_UNCOMPRESSED = 1024 * 1024 * 8;
-
-# Allow HTTPs logins only
-$DISABLE_HTTP_LOGIN = true;
-
-# Web URL used in email links and absolute redirects, no trailing slash
-$AUR_LOCATION = "http://localhost";
-
-# Use virtual URLs -- to enable this feature, you also need to tell your web
-# server to redirect all requests to "/index.php/$uri".
-$USE_VIRTUAL_URLS = true;
-
-# Maximum number of package results to return through an RPC connection.
-# Avoid setting this too high and having a PHP too much memory error.
-$MAX_RPC_RESULTS = 5000;
-
-# Mailing list to send package request notifications to.
-$AUR_REQUEST_ML = "aur-requests@archlinux.org";
-
-# Time to wait until a package request is due.
-$REQUEST_IDLE_TIME = 60 * 60 * 24 * 14;
-
-# When an orphan request is filed for a package that has been flagged
-# out-of-date for the following number of seconds, it is disowned
-# automatically.
-$AUTO_ORPHAN_AGE = 60 * 60 * 24 * 180;
diff --git a/web/lib/confparser.inc.php b/web/lib/confparser.inc.php
new file mode 100644
index 00000000..41ee581a
--- /dev/null
+++ b/web/lib/confparser.inc.php
@@ -0,0 +1,20 @@
+<?php
+
+function config_get($section, $key) {
+	global $AUR_CONFIG;
+
+	if (!isset($AUR_CONFIG)) {
+		$AUR_CONFIG = parse_ini_file("../../conf/config", true);
+	}
+
+	return $AUR_CONFIG[$section][$key];
+}
+
+function config_get_int($section, $key) {
+	return intval(config_get($section, $key));
+}
+
+function config_get_bool($section, $key) {
+	$val = strtolower(config_get($section, $key));
+	return ($val == 'yes' || $val == 'true' || $val == '1');
+}
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
index 0c428f2f..6c70ede1 100644
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@@ -1,5 +1,4 @@
 <?php
-include_once("config.inc.php");
 
 define("CRED_ACCOUNT_CHANGE_TYPE", 1);
 define("CRED_ACCOUNT_EDIT", 2);
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index e1e4c1a6..322ea603 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -1,5 +1,5 @@
 <?php
-include_once("config.inc.php");
+
 include_once("pkgreqfuncs.inc.php");
 
 /**
@@ -88,7 +88,6 @@ function pkgbase_comments($base_id, $limit, $include_deleted) {
 /**
  * Add a comment to a package page and send out appropriate notifications
  *
- * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
  * @param string $base_id The package base ID to add the comment on
  * @param string $uid The user ID of the individual who left the comment
  * @param string $comment The comment left on a package page
@@ -96,8 +95,6 @@ function pkgbase_comments($base_id, $limit, $include_deleted) {
  * @return void
  */
 function pkgbase_add_comment($base_id, $uid, $comment) {
-	global $AUR_LOCATION;
-
 	$dbh = DB::connect();
 
 	$q = "INSERT INTO PackageComments ";
@@ -135,7 +132,7 @@ function pkgbase_add_comment($base_id, $uid, $comment) {
 		 * user who posted the comment was in.
 		 */
 		$body =
-		'from ' . $AUR_LOCATION . get_pkgbase_uri($row['Name']) . "\n"
+		'from ' . aur_location() . get_pkgbase_uri($row['Name']) . "\n"
 		. username_from_sid($_COOKIE['AURSID']) . " wrote:\n\n"
 		. $comment
 		. "\n\n---\nIf you no longer wish to receive notifications about this package, please go the the above package page and click the UnNotify button.";
@@ -221,8 +218,6 @@ function pkgbase_get_details($base_id) {
 /**
  * Display the package base details page
  *
- * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
- * @global bool $USE_VIRTUAL_URLS True if using URL rewriting, otherwise false
  * @param string $id The package base ID to get details page for
  * @param array $row Package base details retrieved by pkgbase_get_details()
  * @param string $SID The session ID of the visitor
@@ -230,9 +225,6 @@ function pkgbase_get_details($base_id) {
  * @return void
  */
 function pkgbase_display_details($base_id, $row, $SID="") {
-	global $AUR_LOCATION;
-	global $USE_VIRTUAL_URLS;
-
 	$dbh = DB::connect();
 
 	if (isset($row['error'])) {
@@ -353,14 +345,11 @@ function pkgbase_maintainer_uid($base_id) {
 /**
  * Flag package(s) as out-of-date
  *
- * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
  * @param array $base_ids Array of package base IDs to flag/unflag
  *
  * @return array Tuple of success/failure indicator and error message
  */
 function pkgbase_flag($base_ids) {
-	global $AUR_LOCATION;
-
 	if (!has_credential(CRED_PKGBASE_FLAG)) {
 		return array(false, __("You must be logged in before you can flag packages."));
 	}
@@ -392,7 +381,7 @@ function pkgbase_flag($base_ids) {
 		$result = $dbh->query($q);
 		if ($result) {
 			while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
-				$body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . " [1]. You may view your package at:\n" . $AUR_LOCATION . get_pkgbase_uri($row['Name']) . "\n\n[1] - " . $AUR_LOCATION . get_user_uri($f_name);
+				$body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . " [1]. You may view your package at:\n" . aur_location() . get_pkgbase_uri($row['Name']) . "\n\n[1] - " . aur_location() . get_user_uri($f_name);
 				$body = wordwrap($body, 70);
 				$headers = "MIME-Version: 1.0\r\n" .
 					   "Content-type: text/plain; charset=UTF-8\r\n" .
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index cf8c2f9d..948e2ae9 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -1,5 +1,5 @@
 <?php
-include_once("config.inc.php");
+
 include_once("pkgbasefuncs.inc.php");
 
 /**
@@ -462,8 +462,6 @@ function pkg_get_details($id=0) {
 /**
  * Display the package details page
  *
- * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
- * @global bool $USE_VIRTUAL_URLS True if using URL rewriting, otherwise false
  * @param string $id The package ID to get details page for
  * @param array $row Package details retrieved by pkg_get_details()
  * @param string $SID The session ID of the visitor
@@ -471,9 +469,6 @@ function pkg_get_details($id=0) {
  * @return void
  */
 function pkg_display_details($id=0, $row, $SID="") {
-	global $AUR_LOCATION;
-	global $USE_VIRTUAL_URLS;
-
 	$dbh = DB::connect();
 
 	if (isset($row['error'])) {
diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php
index 1b54a6af..e2854776 100644
--- a/web/lib/pkgreqfuncs.inc.php
+++ b/web/lib/pkgreqfuncs.inc.php
@@ -1,5 +1,6 @@
 <?php
-include_once("config.inc.php");
+
+include_once("confparser.inc.php");
 include_once("pkgbasefuncs.inc.php");
 
 /**
@@ -76,9 +77,6 @@ function pkgreq_get_creator_email($id) {
 /**
  * File a deletion/orphan request against a package base
  *
- * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
- * @global string $AUR_REQUEST_ML The request notification mailing list
- * @global int $AUTO_ORPHAN_AGE The time to wait until auto-closing a request
  * @param string $ids The package base IDs to file the request against
  * @param string $type The type of the request
  * @param string $merge_into The target of a merge operation
@@ -87,10 +85,6 @@ function pkgreq_get_creator_email($id) {
  * @return array Tuple of success/failure indicator and error message
  */
 function pkgreq_file($ids, $type, $merge_into, $comments) {
-	global $AUR_LOCATION;
-	global $AUR_REQUEST_ML;
-	global $AUTO_ORPHAN_AGE;
-
 	if (!has_credential(CRED_PKGREQ_FILE)) {
 		return array(false, __("You must be logged in to file package requests."));
 	}
@@ -166,15 +160,15 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
 			$username . " [1] filed a request to merge " .
 			$row['Name'] . " [2] into " . $merge_into .
 			" [3]:\n\n" .  $comments . "\n\n" .
-			"[1] " . $AUR_LOCATION . get_user_uri($username) . "\n" .
-			"[2] " . $AUR_LOCATION . get_pkgbase_uri($row['Name']) . "\n" .
-			"[3] " . $AUR_LOCATION . get_pkgbase_uri($merge_into) . "\n";
+			"[1] " . aur_location() . get_user_uri($username) . "\n" .
+			"[2] " . aur_location() . get_pkgbase_uri($row['Name']) . "\n" .
+			"[3] " . aur_location() . get_pkgbase_uri($merge_into) . "\n";
 	} else {
 		$body =
 			$username . " [1] filed a " . $type . " request for " .
 			$row['Name'] . " [2]:\n\n" . $comments . "\n\n" .
-			"[1] " . $AUR_LOCATION . get_user_uri($username) . "\n" .
-			"[2] " . $AUR_LOCATION . get_pkgbase_uri($row['Name']) . "\n";
+			"[1] " . aur_location() . get_user_uri($username) . "\n" .
+			"[2] " . aur_location() . get_pkgbase_uri($row['Name']) . "\n";
 	}
 	$body = wordwrap($body, 70);
 	$cc = array_unique($cc);
@@ -185,14 +179,15 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
 	$headers .= "From: notify@aur.archlinux.org\r\n" .
 		    "Message-ID: $thread_id\r\n" .
 		    "X-Mailer: AUR";
-	@mail($AUR_REQUEST_ML, "[PRQ#" . $request_id . "] " . ucfirst($type) .
-			       " Request for " .  $row['Name'], $body,
-			       $headers);
+	$ml = config_get('options', 'aur_request_ml');
+	@mail($ml, "[PRQ#" . $request_id . "] " . ucfirst($type) .
+		   " Request for " .  $row['Name'], $body, $headers);
 
+	$auto_orphan_age = config_get('options', 'auto_orphan_age');
 	$details = pkgbase_get_details($base_id);
 	if ($type == 'orphan' && $details['OutOfDateTS'] > 0 &&
-	    time() - $details['OutOfDateTS'] >= $AUTO_ORPHAN_AGE &&
-	    $AUTO_ORPHAN_AGE > 0) {
+	    time() - $details['OutOfDateTS'] >= $auto_orphan_age &&
+	    $auto_orphan_age > 0) {
 		/*
 		 * Close package request. NOTE: This needs to happen *before*
 		 * the actual disown operation. Otherwise, the former
@@ -214,8 +209,6 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
 /**
  * Close a deletion/orphan request
  *
- * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
- * @global string $AUR_REQUEST_ML The request notification mailing list
  * @param int $id The package request to close
  * @param string $reason Whether the request was accepted or rejected
  * @param string $comments Comments to be added to the notification email
@@ -224,9 +217,6 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
  * @return array Tuple of success/failure indicator and error message
  */
 function pkgreq_close($id, $reason, $comments, $auto_close=false) {
-	global $AUR_LOCATION;
-	global $AUR_REQUEST_ML;
-
 	switch ($reason) {
 	case 'accepted':
 		$status = 2;
@@ -288,7 +278,7 @@ function pkgreq_close($id, $reason, $comments, $auto_close=false) {
 	}
 	if (!$auto_close) {
 		$body .= "\n";
-		$body .= "[1] " . $AUR_LOCATION .  get_user_uri($username);
+		$body .= "[1] " . aur_location() .  get_user_uri($username);
 		$body .= "\n";
 	}
 	$body = wordwrap($body, 70);
@@ -301,7 +291,8 @@ function pkgreq_close($id, $reason, $comments, $auto_close=false) {
 		    "In-Reply-To: $thread_id\r\n" .
 		    "References: $thread_id\r\n" .
 		    "X-Mailer: AUR";
-	@mail($AUR_REQUEST_ML, "[PRQ#" . $id . "] Request " . ucfirst($reason),
+	$ml = config_get('options', 'aur_request_ml');
+	@mail($ml, "[PRQ#" . $id . "] Request " . ucfirst($reason),
 	      $body, $headers);
 
 	return array(true, __("Request closed successfully."));
diff --git a/web/lib/routing.inc.php b/web/lib/routing.inc.php
index 2fa3e1f7..95853041 100644
--- a/web/lib/routing.inc.php
+++ b/web/lib/routing.inc.php
@@ -1,5 +1,7 @@
 <?php
 
+include_once("confparser.inc.php");
+
 $ROUTES = array(
 	'' => 'home.php',
 	'/index.php' => 'home.php',
@@ -24,6 +26,10 @@ $PKGBASE_PATH = '/pkgbase';
 $PKGREQ_PATH = '/requests';
 $USER_PATH = '/account';
 
+function use_virtual_urls() {
+	return config_get_bool('options', 'use_virtual_urls');
+}
+
 function get_route($path) {
 	global $ROUTES;
 
@@ -36,10 +42,9 @@ function get_route($path) {
 }
 
 function get_uri($path) {
-	global $USE_VIRTUAL_URLS;
 	global $ROUTES;
 
-	if ($USE_VIRTUAL_URLS) {
+	if (use_virtual_urls()) {
 		return $path;
 	} else {
 		return get_route($path);
@@ -62,10 +67,9 @@ function get_pkgreq_route() {
 }
 
 function get_pkg_uri($pkgname) {
-	global $USE_VIRTUAL_URLS;
 	global $PKG_PATH;
 
-	if ($USE_VIRTUAL_URLS) {
+	if (use_virtual_urls()) {
 		return $PKG_PATH . '/' . urlencode($pkgname) . '/';
 	} else {
 		return '/' . get_route($PKG_PATH) . '?N=' . urlencode($pkgname);
@@ -73,10 +77,9 @@ function get_pkg_uri($pkgname) {
 }
 
 function get_pkgbase_uri($pkgbase_name) {
-	global $USE_VIRTUAL_URLS;
 	global $PKGBASE_PATH;
 
-	if ($USE_VIRTUAL_URLS) {
+	if (use_virtual_urls()) {
 		return $PKGBASE_PATH . '/' . urlencode($pkgbase_name) . '/';
 	} else {
 		return '/' . get_route($PKGBASE_PATH) . '?N=' . urlencode($pkgbase_name);
@@ -89,10 +92,9 @@ function get_user_route() {
 }
 
 function get_user_uri($username) {
-	global $USE_VIRTUAL_URLS;
 	global $USER_PATH;
 
-	if ($USE_VIRTUAL_URLS) {
+	if (use_virtual_urls()) {
 		return $USER_PATH . '/' . urlencode($username) . '/';
 	} else {
 		return '/' . get_route($USER_PATH) . '?U=' . urlencode($username);
diff --git a/web/lib/translator.inc.php b/web/lib/translator.inc.php
index 448c41b0..b50ef4ba 100644
--- a/web/lib/translator.inc.php
+++ b/web/lib/translator.inc.php
@@ -11,7 +11,7 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR
 #	print __("%s has %s apples.", "Bill", "5");
 #	print __("This is a %smajor%s problem!", "<strong>", "</strong>");
 
-include_once('config.inc.php');
+include_once("confparser.inc.php");
 include_once('DB.class.php');
 include_once('gettext.php');
 include_once('streams.php');
@@ -82,7 +82,6 @@ function _n($msgid1, $msgid2, $n) {
 function set_lang() {
 	global $LANG;
 	global $SUPPORTED_LANGS;
-	global $PERSISTENT_COOKIE_TIMEOUT;
 	global $streamer, $l10n;
 
 	$update_cookie = 0;
@@ -116,11 +115,12 @@ function set_lang() {
 
 	# Set $LANG to default if nothing is valid.
 	if (!array_key_exists($LANG, $SUPPORTED_LANGS)) {
-		$LANG = DEFAULT_LANG;
+		$LANG = config_get('options', 'default_lang');
 	}
 
 	if ($update_cookie) {
-		$cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT;
+		$timeout = intval(config_get('options', 'persistent_cookie_timeout'));
+		$cookie_time = time() + $timeout;
 		setcookie("AURLANG", $LANG, $cookie_time, "/");
 	}
 
diff --git a/web/template/actions_form.php b/web/template/actions_form.php
index 389297bf..f18c01c4 100644
--- a/web/template/actions_form.php
+++ b/web/template/actions_form.php
@@ -1,4 +1,4 @@
-<?php if (!$USE_VIRTUAL_URLS): ?>
+<?php if (!use_virtual_urls()): ?>
 <div class="box">
 	<form action="<?= htmlspecialchars(get_pkg_uri($row['Name']), ENT_QUOTES); ?>" method="post">
 		<fieldset>
diff --git a/web/template/header.php b/web/template/header.php
index d10b1623..dd1d4800 100644
--- a/web/template/header.php
+++ b/web/template/header.php
@@ -69,7 +69,7 @@
 						<li><a href="<?= get_uri('/logout/'); ?>"><?= __("Logout"); ?></a></li>
 					<?php else: ?>
 						<li><a href="<?= get_uri('/register/'); ?>"><?= __("Register"); ?></a></li>
-						<?php if ($DISABLE_HTTP_LOGIN && empty($_SERVER['HTTPS'])): ?>
+						<?php if (config_get_bool('options', 'disable_http_login') && empty($_SERVER['HTTPS'])): ?>
 						<li><a href="<?= $AUR_LOCATION . get_uri('/login/'); ?>"><?= __("Login"); ?></a></li>
 						<?php else: ?>
 						<li><a href="<?= get_uri('/login/'); ?>"><?= __("Login"); ?></a></li>
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
index d09b3d86..faec0dc2 100644
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@@ -21,7 +21,8 @@ $updated_time = ($row["ModifiedTS"] == 0) ? $msg : gmdate("Y-m-d H:i", intval($r
 $submitted_time = ($row["SubmittedTS"] == 0) ? $msg : gmdate("Y-m-d H:i", intval($row["SubmittedTS"]));
 $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("Y-m-d", intval($row["OutOfDateTS"]));
 
-$urlpath = URL_DIR . substr($row['BaseName'], 0, 2) . "/" . $row['BaseName'];
+$package_url = config_get('options', 'package_url');
+$urlpath = $package_url . substr($row['BaseName'], 0, 2) . "/" . $row['BaseName'];
 
 $lics = pkg_licenses($row["ID"]);
 $grps = pkg_groups($row["ID"]);
@@ -82,7 +83,7 @@ $sources = pkg_sources($row["ID"]);
 				<li><a href="<?= $urlpath . '/' . $row['BaseName'] ?>.tar.gz"><?= __('Download tarball') ?></a></li>
 				<li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li>
 				<li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li>
-				<?php if ($USE_VIRTUAL_URLS && $uid): ?>
+				<?php if (use_virtual_urls() && $uid): ?>
 				<?php if ($row["OutOfDateTS"] === NULL): ?>
 				<li>
 					<form action="<?= get_pkgbase_uri($row['BaseName']) . 'flag/'; ?>" method="post">
@@ -281,7 +282,7 @@ if (has_credential(CRED_PKGBASE_CHANGE_CATEGORY, array($row["MaintainerUID"]))):
 <?php
 if ($row["SubmitterUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($submitter) ?>"><?= html_format_username($submitter) ?></a></td>
 		<?php else: ?>
@@ -299,7 +300,7 @@ if ($row["SubmitterUID"]):
 <?php
 if ($row["MaintainerUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($maintainer) ?>"><?= html_format_username($maintainer) ?></a></td>
 		<?php else: ?>
@@ -317,7 +318,7 @@ if ($row["MaintainerUID"]):
 <?php
 if ($row["PackagerUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($packager) ?>"><?= html_format_username($packager) ?></a></td>
 		<?php else: ?>
@@ -333,7 +334,7 @@ if ($row["PackagerUID"]):
 		<tr>
 			<th><?= __('Votes') . ': ' ?></th>
 <?php if (has_credential(CRED_PKGBASE_LIST_VOTERS)): ?>
-<?php if ($USE_VIRTUAL_URLS): ?>
+<?php if (use_virtual_urls()): ?>
 			<td><a href="<?= get_pkgbase_uri($row['BaseName']); ?>voters/"><?= $votes ?></a></td>
 <?php else: ?>
 			<td><a href="<?= get_uri('/voters/'); ?>?N=<?= htmlspecialchars($row['BaseName'], ENT_QUOTES) ?>"><?= $votes ?></a></td>
diff --git a/web/template/pkgbase_details.php b/web/template/pkgbase_details.php
index fb11e60c..406408b7 100644
--- a/web/template/pkgbase_details.php
+++ b/web/template/pkgbase_details.php
@@ -19,7 +19,8 @@ $updated_time = ($row["ModifiedTS"] == 0) ? $msg : gmdate("Y-m-d H:i", intval($r
 $submitted_time = ($row["SubmittedTS"] == 0) ? $msg : gmdate("Y-m-d H:i", intval($row["SubmittedTS"]));
 $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("Y-m-d", intval($row["OutOfDateTS"]));
 
-$urlpath = URL_DIR . substr($row['Name'], 0, 2) . "/" . $row['Name'];
+$package_url = config_get('options', 'package_url');
+$urlpath = $package_url . substr($row['Name'], 0, 2) . "/" . $row['Name'];
 
 $pkgs = pkgbase_get_pkgnames($base_id);
 ?>
@@ -33,7 +34,7 @@ $pkgs = pkgbase_get_pkgnames($base_id);
 				<li><a href="<?= $urlpath . '/' . $row['Name'] ?>.tar.gz"><?= __('Download tarball') ?></a></li>
 				<li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li>
 				<li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li>
-				<?php if ($USE_VIRTUAL_URLS && $uid): ?>
+				<?php if (use_virtual_urls() && $uid): ?>
 				<?php if ($row["OutOfDateTS"] === NULL): ?>
 				<li>
 					<form action="<?= get_pkgbase_uri($row['Name']) . 'flag/'; ?>" method="post">
@@ -140,7 +141,7 @@ if (has_credential(CRED_PKGBASE_CHANGE_CATEGORY, array($row["MaintainerUID"]))):
 <?php
 if ($row["SubmitterUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($submitter) ?>"><?= html_format_username($submitter) ?></a></td>
 		<?php else: ?>
@@ -158,7 +159,7 @@ if ($row["SubmitterUID"]):
 <?php
 if ($row["MaintainerUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($maintainer) ?>"><?= html_format_username($maintainer) ?></a></td>
 		<?php else: ?>
@@ -176,7 +177,7 @@ if ($row["MaintainerUID"]):
 <?php
 if ($row["PackagerUID"]):
 	if ($SID):
-		if (!$USE_VIRTUAL_URLS):
+		if (!use_virtual_urls()):
 ?>
 			<td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($packager) ?>"><?= html_format_username($packager) ?></a></td>
 		<?php else: ?>
@@ -192,7 +193,7 @@ if ($row["PackagerUID"]):
 		<tr>
 			<th><?= __('Votes') . ': ' ?></th>
 <?php if (has_credential(CRED_PKGBASE_LIST_VOTERS)): ?>
-<?php if ($USE_VIRTUAL_URLS): ?>
+<?php if (use_virtual_urls()): ?>
 			<td><a href="<?= get_pkgbase_uri($row['Name']); ?>voters/"><?= $votes ?></a></td>
 <?php else: ?>
 			<td><a href="<?= get_uri('/voters/'); ?>?N=<?= htmlspecialchars($row['Name'], ENT_QUOTES) ?>"><?= $votes ?></a></td>
diff --git a/web/template/pkgreq_results.php b/web/template/pkgreq_results.php
index 3d50c820..24ee877a 100644
--- a/web/template/pkgreq_results.php
+++ b/web/template/pkgreq_results.php
@@ -34,9 +34,10 @@
 
 		<?php while (list($indx, $row) = each($results)): ?>
 		<?php
-		$due = ($row['Open'] && time() - intval($row['RequestTS']) > $REQUEST_IDLE_TIME);
+		$idle_time = config_get_int('options', 'request_idle_time');
+		$due = ($row['Open'] && time() - intval($row['RequestTS']) > $idle_time);
 		if (!$due) {
-			$time_left = $REQUEST_IDLE_TIME - (time() - intval($row['RequestTS']));
+			$time_left = $idle_time - (time() - intval($row['RequestTS']));
 			if ($time_left > 48 * 3600) {
 				$time_left_fmt = __("~%d days left", round($time_left / (24 * 3600)));
 			} elseif ($time_left > 3600) {
diff --git a/web/template/tu_last_votes_list.php b/web/template/tu_last_votes_list.php
index e897a6a1..0b0ee48b 100644
--- a/web/template/tu_last_votes_list.php
+++ b/web/template/tu_last_votes_list.php
@@ -21,7 +21,7 @@
 			?>
 			<tr class="<?= $c ?>">
 				<td>
-					<?php if (!$USE_VIRTUAL_URLS): ?>
+					<?php if (!use_virtual_urls()): ?>
 					<a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['UserID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($username) ?>"><?= html_format_username($username) ?></a></td>
 					<?php else: ?>
 					<a href="<?= get_uri('/account/') . html_format_username($username) ?>" title="<?= __('View account information for %s', html_format_username($username)) ?>"><?= html_format_username($username) ?></a>